RA Wizard failing
by Andrew Commons
I am getting a fatal server error running the RA Wizard at the Internal
Database step when I click Next.
The last few lines in the log that seem associated with that page are:
Fri Jan 29 22:02:22 CST 2010 - RA wizard: in handler
Fri Jan 29 22:02:22 CST 2010 - RA wizard:
uri='/ra/admin/console/config/wizard'
Fri Jan 29 22:02:22 CST 2010 - RA wizard: http parameter name='p' value='5'
Fri Jan 29 22:02:22 CST 2010 - RA wizard: http parameter name='op'
value='next'
Fri Jan 29 22:02:22 CST 2010 - RA wizard: before argparsing
Fri Jan 29 22:02:22 CST 2010 - RA wizard: setting up test objects
Fri Jan 29 22:02:22 CST 2010 - RA wizard: found 2 certtags
These lines are repeated if I use the Back Arrow to return to the page.
Clicking Next again does not add anything to the log after that.
The system is Fedora 11. The pki-ra install was performed with the "Test
Updates" repositories enabled since this was required to get the CA up and
running.
The pkicreate command used to setup the RA was:
pkicreate -pki_instance_root=/var/lib -pki_instance_name=pki-ra
-subsystem_type=ra -secure_port=12889 -non_clientauth_secure_port=12890
-unsecure_port=12888 -user=pkiuser -group=pkiuser -redirect conf=/etc/pki-ra
-redirect logs=/var/log/pki-ra -verbose
Which is the RA example out of the pkicreate help. The command used to setup
the CA was the example command as well. The CA Config Wizard was fine and
the CA seems to be functioning.
Any suggestions?
Cheers,
Andrew
14 years, 2 months
Re: [Pki-users] Fedora Package
by Andrew Commons
James Wright wrote:
> I have been looking in to this and it look like some dependences are being
installed from the repo updates which use version 1.3
A number of Dogtag packages showed up in the standard Fedora set of packages
that you can manipulate with the Add/Remove Software interface. I initially
thought these _were_ the complete Dogtag application and installed the lot.
It was only after some considerable period rummaging around trying to get it
to work that I realised it was not the complete application and removed the
whole lot. I subsequently followed the manual installation method which
added the pki repo to the global list bringing all the other packages into
the GUI giving a mix of 1.2 and 1.3 packages.
Perhaps this is at the root of all this?
Cheers,
Andrew
14 years, 3 months
Re: [Pki-users] Fedora Package
by Andrew Commons
Same problem with clean F11 install and pulling from the 1.2 repo. Any
workarounds available?
Cheers,
Andrew
14 years, 3 months
Problem with 389-ds install
by Rafał Kamiński
Hi,
Few months ago - in november I installed pki-ca, pki-ra and 389-ds. All
worked fine. Now I install new server and when I install 389-ds I can't
do setup-ds-admin.pl. I have that problem:
-bash-4.0# setup-ds-admin.pl
Can't locate Util.pm in @INC (@INC contains: /usr/lib/dirsrv/perl
/usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi
/usr/local/lib/perl5/site_perl/5.10.0
/usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl
/usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0
/usr/lib/perl5/site_perl .) at /usr/lib/dirsrv/perl/AdminUtil.pm line 41.
BEGIN failed--compilation aborted at /usr/lib/dirsrv/perl/AdminUtil.pm
line 41.
Compilation failed in require at /usr/sbin/setup-ds-admin.pl line 30.
BEGIN failed--compilation aborted at /usr/sbin/setup-ds-admin.pl line 30.
I know - that is pm (perl lib) problem. But somebody know why that
problem is now and in the past wasn't. I install all from tutorial on
dogtag.
Br for response.
Rafal Kaminski
14 years, 3 months
Re: [Pki-users] Fedora Package
by James Wright
Hi
I have been looking in to this and it look like some dependences are being installed from the repo updates which use version 1.3
From: James Wright
Sent: 18 January 2010 09:20
To: 'Matthew Harmsen'; pki-users(a)redhat.com
Subject: RE: [Pki-users] Fedora Package
Hi
I am experiencing the problem installing from a fresh install of Fedora 11 and following the procedure at the Dogtag website no SVN involved.
The package installed is pki-ca noarch 1.2.0-4.fc11
Thanks
James
From: pki-users-bounces(a)redhat.com [mailto:pki-users-bounces@redhat.com] On Behalf Of Matthew Harmsen
Sent: 15 January 2010 22:35
To: pki-users(a)redhat.com
Subject: Re: [Pki-users] Fedora Package
Mathieu Peresse wrote:
Please disregard previous message and consider this one :)
---------------------------------------------------------------------------------------------
Hi all,
I'm new to dogtag, and I tried to install the PKI on a Fedora 11 system (fresh install).
However, I encountered the following problems when installing pki-ca (yum install pki-ca):
- yum POSTINSTALL script invoking pkicreate complained about a file not being found: /usr/share/java/ca.jar.
It turned out that the file was located in /usr/share/java/pki-ca/ca/ca.jar
-> Had to ln -s them together...
- pkicreate invoking "pki-cad" but the file is not present in the system nor in the RPM archive (it is on the SVN though).
-> Had to copy from SVN to system.
- pki-cad sourcing file /var/lib/pki/ca/conf/tomcat5.conf complains about "pkiarch" "pkiname" and "pkiflavor" not being present (this check has been removed from the SVN too...).
-> Had to remove references to this files...
Do you guys plan to release more consistent packages in the near future, or am I missing something in the install process ?
Also, the documentation to build from the SVN tree seems to be obsolete, is there any documentation on the new build system ?
Thanks a lot,
Mathieu.
Mathieu,
It sounds as if you may have installed Dogtag 1.2 (the most recent packages on the Dogtag site), and then perhaps checked out subversion, and attempted to replace specific packages (perhaps using pki-setup 1.3 with pki-ca 1.2)?
The errors that you are seeing are a result of ongoing development on the Dogtag Subversion TIP (currently referred to as 1.3) to comply with Fedora packaging requirements:
* 1.2 - /usr/share/java/pki-ca/ca/ca.jar; 1.3 - /usr/share/java/ca.jar
* 1.3 - removed most of the pki "helper" scripts (e. g. - 'pkiarch', 'pkiname', and 'pkiflavor', etc.)
* 1.2 - individual instances had their own instance named start/stop scripts (owned by the instance itself); 1.3 - provides a single master script (e. g. - pki-cad) which controls starting/stopping ALL instances of that subsystem type and is owned by the associated top-level PKI subsystem (this is currently being implemented for ALL Dogtag subsystems)
* by default, 1.2 automatically creates a default instance upon installation of the top-level package (e. g. - pki-ca); 1.3 requires creation of an instance utilizing the pkicreate tool (which is part of the pki-setup package) --- we continue to provide code which allows removal of legacy 1.2 instances, but creation of 1.3 instances all utilize the associated 1.3 implementation
It is our hope that the 1.3 release will be accepted into a future version of Fedora, at which time these changes will be documented on the Dogtag Wiki.
As there are numerous ways of building and installing (individually, collectively, yum repos, SRPMS, etc.), to make certain that there isn't any problem, I might suggest when performing a yum install of 1.2, to use the associated 1.2.0 SRPMS for the related source code.
If utilizing Subversion from the TIP, be certain to update ALL packages, as the 1.3 release will differ substantially from the 1.2 release. As always, we attempt to keep the TIP buildable and installable, although we do apologize for any confusion.
Thanks,
-- Matt
On Thu, Jan 14, 2010 at 5:08 PM, Mathieu Peresse <mathieu.peresse(a)gmail.com> wrote:
Hi all,
I'm new to dogtag, and I tried to install the PKI on a Fedora 11 system (fresh install).
However, I encountered the following problems when installing pki-ca (yum install pki-ca):
- Yum POSTINSTALL script invoking pkicreate complained about a file not being found: /usr/share/java/ca.jar.
It turned out that the file was loc
--
à bientôt,
Mathieu Peresse
::Contact::
+33 6 86 40 69 10
mathieu.peresse(a)gmail.com
--
à bientôt,
Mathieu Peresse
::Contact::
+33 6 86 40 69 10
mathieu.peresse(a)gmail.com
_____
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
--------------------------------------------------------------------
This message and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.
Any views or opinions presented in this message are solely those of the author and do not necessarily represent those of SMA Financial Ltd.
Access to this message by anyone else is unauthorised. If you are not the intended recipient or the person responsible for delivering to the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful.
If you have received this message in error please notify SMA Financial Ltd or contact the sender.
Finally, the recipient should check this message and any attachments for the presence of viruses. SMA Financial Ltd accepts no liability for any damage caused by any virus transmitted by this message.
http://www.sma.co.uk/email-disclaimer
14 years, 3 months
Re: [Pki-users] Fedora Package
by James Wright
Hi
I am experiencing the problem installing from a fresh install of Fedora 11 and following the procedure at the Dogtag website no SVN involved.
The package installed is pki-ca noarch 1.2.0-4.fc11
Thanks
James
From: pki-users-bounces(a)redhat.com [mailto:pki-users-bounces@redhat.com] On Behalf Of Matthew Harmsen
Sent: 15 January 2010 22:35
To: pki-users(a)redhat.com
Subject: Re: [Pki-users] Fedora Package
Mathieu Peresse wrote:
Please disregard previous message and consider this one :)
---------------------------------------------------------------------------------------------
Hi all,
I'm new to dogtag, and I tried to install the PKI on a Fedora 11 system (fresh install).
However, I encountered the following problems when installing pki-ca (yum install pki-ca):
- yum POSTINSTALL script invoking pkicreate complained about a file not being found: /usr/share/java/ca.jar.
It turned out that the file was located in /usr/share/java/pki-ca/ca/ca.jar
-> Had to ln -s them together...
- pkicreate invoking "pki-cad" but the file is not present in the system nor in the RPM archive (it is on the SVN though).
-> Had to copy from SVN to system.
- pki-cad sourcing file /var/lib/pki/ca/conf/tomcat5.conf complains about "pkiarch" "pkiname" and "pkiflavor" not being present (this check has been removed from the SVN too...).
-> Had to remove references to this files...
Do you guys plan to release more consistent packages in the near future, or am I missing something in the install process ?
Also, the documentation to build from the SVN tree seems to be obsolete, is there any documentation on the new build system ?
Thanks a lot,
Mathieu.
Mathieu,
It sounds as if you may have installed Dogtag 1.2 (the most recent packages on the Dogtag site), and then perhaps checked out subversion, and attempted to replace specific packages (perhaps using pki-setup 1.3 with pki-ca 1.2)?
The errors that you are seeing are a result of ongoing development on the Dogtag Subversion TIP (currently referred to as 1.3) to comply with Fedora packaging requirements:
* 1.2 - /usr/share/java/pki-ca/ca/ca.jar; 1.3 - /usr/share/java/ca.jar
* 1.3 - removed most of the pki "helper" scripts (e. g. - 'pkiarch', 'pkiname', and 'pkiflavor', etc.)
* 1.2 - individual instances had their own instance named start/stop scripts (owned by the instance itself); 1.3 - provides a single master script (e. g. - pki-cad) which controls starting/stopping ALL instances of that subsystem type and is owned by the associated top-level PKI subsystem (this is currently being implemented for ALL Dogtag subsystems)
* by default, 1.2 automatically creates a default instance upon installation of the top-level package (e. g. - pki-ca); 1.3 requires creation of an instance utilizing the pkicreate tool (which is part of the pki-setup package) --- we continue to provide code which allows removal of legacy 1.2 instances, but creation of 1.3 instances all utilize the associated 1.3 implementation
It is our hope that the 1.3 release will be accepted into a future version of Fedora, at which time these changes will be documented on the Dogtag Wiki.
As there are numerous ways of building and installing (individually, collectively, yum repos, SRPMS, etc.), to make certain that there isn't any problem, I might suggest when performing a yum install of 1.2, to use the associated 1.2.0 SRPMS for the related source code.
If utilizing Subversion from the TIP, be certain to update ALL packages, as the 1.3 release will differ substantially from the 1.2 release. As always, we attempt to keep the TIP buildable and installable, although we do apologize for any confusion.
Thanks,
-- Matt
On Thu, Jan 14, 2010 at 5:08 PM, Mathieu Peresse <mathieu.peresse(a)gmail.com> wrote:
Hi all,
I'm new to dogtag, and I tried to install the PKI on a Fedora 11 system (fresh install).
However, I encountered the following problems when installing pki-ca (yum install pki-ca):
- Yum POSTINSTALL script invoking pkicreate complained about a file not being found: /usr/share/java/ca.jar.
It turned out that the file was loc
--
à bientôt,
Mathieu Peresse
::Contact::
+33 6 86 40 69 10
mathieu.peresse(a)gmail.com
--
à bientôt,
Mathieu Peresse
::Contact::
+33 6 86 40 69 10
mathieu.peresse(a)gmail.com
_____
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
--------------------------------------------------------------------
This message and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.
Any views or opinions presented in this message are solely those of the author and do not necessarily represent those of SMA Financial Ltd.
Access to this message by anyone else is unauthorised. If you are not the intended recipient or the person responsible for delivering to the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful.
If you have received this message in error please notify SMA Financial Ltd or contact the sender.
Finally, the recipient should check this message and any attachments for the presence of viruses. SMA Financial Ltd accepts no liability for any damage caused by any virus transmitted by this message.
http://www.sma.co.uk/email-disclaimer
14 years, 3 months
Fedora Package
by Mathieu Peresse
Hi all,
I'm new to dogtag, and I tried to install the PKI on a Fedora 11 system
(fresh install).
However, I encountered the following problems when installing pki-ca (yum
install pki-ca):
- Yum POSTINSTALL script invoking pkicreate complained about a file not
being found: /usr/share/java/ca.jar.
It turned out that the file was loc
--
à bientôt,
Mathieu Peresse
::Contact::
+33 6 86 40 69 10
mathieu.peresse(a)gmail.com
14 years, 3 months
Missing files in Fedora 11
by James Wright
Hi
I seem to be having the same problem as another user https://www.redhat.com/archives/pki-users/2010-January/msg00005.html in that the file ca.jar and pki-cad are missing.
I know I can work round the problem using the SVN but is there a reason for the missing files, do I have to install another package before pki-ca.
Thanks
James
--------------------------------------------------------------------
This message and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.
Any views or opinions presented in this message are solely those of the author and do not necessarily represent those of SMA Financial Ltd.
Access to this message by anyone else is unauthorised. If you are not the intended recipient or the person responsible for delivering to the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful.
If you have received this message in error please notify SMA Financial Ltd or contact the sender.
Finally, the recipient should check this message and any attachments for the presence of viruses. SMA Financial Ltd accepts no liability for any damage caused by any virus transmitted by this message.
http://www.sma.co.uk/email-disclaimer
14 years, 3 months
Re: [Pki-users] CA validity period
by James Wright
Thanks for the fast response I try it tomorrow
James
----- Original Message -----
From: Marc Sauton <msauton(a)redhat.com>
To: James Wright
Cc: pki-users(a)redhat.com <pki-users(a)redhat.com>
Sent: Thu Jan 14 17:53:49 2010
Subject: Re: [Pki-users] CA validity period
On 01/14/2010 09:36 AM, James Wright wrote:
>
> Hi
>
> This may be a couple of stupid questions but here goes:
>
> 1. How do I set the validity period for the first self signed CA
> certificate to be more than the default 2 years?
>
http://www.redhat.com/docs/manuals/cert-system/8.0/admin/Admin_Guide.pdf
for validity constraints
and for a CA profile:
/var/lib/pki-<instance_id>/profiles/ca/caCACert.cfg
near
policyset.caCertSet.2.constraint.class_id=validityConstraintImpl
>
> 2. when the CA certificate expires will I need to renew all my end
> user certificates or just renew my CA certificate?
>
always renew a CA cert in advance, otherwise trust chain can no longer
be verified.
renewal can only happen on a valid cert, before expiration, otherwise
this is a re-issuance.
>
> Thanks
>
> James
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
--------------------------------------------------------------------
This message and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.
Any views or opinions presented in this message are solely those of the author and do not necessarily represent those of SMA Financial Ltd.
Access to this message by anyone else is unauthorised. If you are not the intended recipient or the person responsible for delivering to the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful.
If you have received this message in error please notify SMA Financial Ltd or contact the sender.
Finally, the recipient should check this message and any attachments for the presence of viruses. SMA Financial Ltd accepts no liability for any damage caused by any virus transmitted by this message.
http://www.sma.co.uk/email-disclaimer
14 years, 3 months
CA validity period
by James Wright
Hi
This may be a couple of stupid questions but here goes:
1. How do I set the validity period for the first self signed CA
certificate to be more than the default 2 years?
2. when the CA certificate expires will I need to renew all my end user
certificates or just renew my CA certificate?
Thanks
James
--------------------------------------------------------------------
This message and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.
Any views or opinions presented in this message are solely those of the author and do not necessarily represent those of SMA Financial Ltd.
Access to this message by anyone else is unauthorised. If you are not the intended recipient or the person responsible for delivering to the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful.
If you have received this message in error please notify SMA Financial Ltd or contact the sender.
Finally, the recipient should check this message and any attachments for the presence of viruses. SMA Financial Ltd accepts no liability for any damage caused by any virus transmitted by this message.
http://www.sma.co.uk/email-disclaimer
14 years, 3 months
