Re: [Pki-users] TKS Not Starting Correctly
by Dan Whitmire
On 02/08/2012 11:00 AM, pki-users-request(a)redhat.com wrote:
> Send Pki-users mailing list submissions to
> pki-users(a)redhat.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://www.redhat.com/mailman/listinfo/pki-users
> or, via email, send a message with subject or body 'help' to
> pki-users-request(a)redhat.com
>
> You can reach the person managing the list at
> pki-users-owner(a)redhat.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Pki-users digest..."
>
>
> Today's Topics:
>
> 1. TKS Not Starting Correctly (Dan Whitmire)
> 2. Re: TKS Not Starting Correctly (E Deon Lackey)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 07 Feb 2012 19:51:43 -0600
> From: Dan Whitmire<dan.whitmire(a)sonshineaccess.com>
> To: pki-users(a)redhat.com
> Subject: [Pki-users] TKS Not Starting Correctly
> Message-ID:<4F31D52F.1040405(a)sonshineaccess.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> I'd really appreciate it is anyone can help with a problem I'm having
> with the TKS Subsystem. I have CA, RA, TKS, and TPS installed.
> However, when starting the pki-tksd service I get the message that is
> started [ok] but when I try to complete the configuration after install,
> I get:
>
> # service pki-tksd status
> pki-tks-SonshineAccess dead but subsys locked [WARNING]
>
>
> Log files:
> # tail /var/log/pki-tks-SonshineAccess/selftests.log
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> Initializing self test plugins:
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading all self test plugin logger parameters
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading all self test plugin instances
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading all self test plugin instance parameters
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading self test plugins in on-demand order
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading self test plugins in startup order
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem: Self
> test plugins have been successfully loaded!
> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] SelfTestSubsystem:
> Running self test plugins specified to be executed at startup:
> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] TKSKnownSessionKey:
> TKS self test called TKSKnownSessionKey FAILED!
> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] SelfTestSubsystem: The
> CRITICAL self test plugin called
> selftests.container.instance.TKSKnownSessionKey running at startup FAILED
>
> # tail /var/log/pki-tks-SonshineAccess/system
> 9458.main - [02/Feb/2012:21:46:46 CST] [13] [3] authz instance
> DirAclAuthz initialization failed and skipped, error=Property
> internaldb.ldapconn.port missing value
> # tail /var/log/pki-tks-SonshineAccess/debug
> [07/Feb/2012:19:23:54][main]: TKSKnownSessionKey self test FAILED
> [07/Feb/2012:19:23:54][main]: SignedAuditEventFactory: create()
> message=[AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure]
> self tests execution (see selftests.log for details)
>
> [07/Feb/2012:19:23:54][main]: CMSEngine.shutdown()
> [07/Feb/2012:19:23:55][main]: LogFile:In log shutdown
> [07/Feb/2012:19:23:55][main]: SignedAuditEventFactory: create()
> message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success]
> audit function shutdown
>
> [07/Feb/2012:19:23:55][main]: LogFile:In log shutdown
> [07/Feb/2012:19:23:55][main]: SignedAuditEventFactory: create()
> message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success]
> audit function shutdown
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 07 Feb 2012 20:22:48 -0600
> From: E Deon Lackey<dlackey(a)redhat.com>
> To: pki-users(a)redhat.com
> Subject:
> Message-ID:<4F31DC78.7060408(a)redhat.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Hey, Dan.
>
> It failed at the SessionKey test, so I *think* you need to create a
> shared secret for the TKS and TPS to use.
>
> When you configure the TKS (go through the wizard), then the last step
> is #13, here:
> http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Dep...
>
> That creates a shared secret key. Without it, the TKS fails to start.
>
> Once the TKS is set up, you can set up the TPS, which are steps 17/18 here:
> http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Dep...
>
> I think. If it doesn't work, then someone with more knowledge can help
> you out. :)
> Deon
>
>
> On 2/7/2012 7:51 PM, Dan Whitmire wrote:
>> I'd really appreciate it is anyone can help with a problem I'm having
>> with the TKS Subsystem. I have CA, RA, TKS, and TPS installed.
>> However, when starting the pki-tksd service I get the message that is
>> started [ok] but when I try to complete the configuration after
>> install, I get:
>>
>> # service pki-tksd status
>> pki-tks-SonshineAccess dead but subsys locked [WARNING]
>>
>>
>> Log files:
>> # tail /var/log/pki-tks-SonshineAccess/selftests.log
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> Initializing self test plugins:
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> loading all self test plugin logger parameters
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> loading all self test plugin instances
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> loading all self test plugin instance parameters
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> loading self test plugins in on-demand order
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> loading self test plugins in startup order
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> Self test plugins have been successfully loaded!
>> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] SelfTestSubsystem:
>> Running self test plugins specified to be executed at startup:
>> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] TKSKnownSessionKey:
>> TKS self test called TKSKnownSessionKey FAILED!
>> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] SelfTestSubsystem:
>> The CRITICAL self test plugin called
>> selftests.container.instance.TKSKnownSessionKey running at startup FAILED
>>
>> # tail /var/log/pki-tks-SonshineAccess/system
>> 9458.main - [02/Feb/2012:21:46:46 CST] [13] [3] authz instance
>> DirAclAuthz initialization failed and skipped, error=Property
>> internaldb.ldapconn.port missing value
>> # tail /var/log/pki-tks-SonshineAccess/debug
>> [07/Feb/2012:19:23:54][main]: TKSKnownSessionKey self test FAILED
>> [07/Feb/2012:19:23:54][main]: SignedAuditEventFactory: create()
>> message=[AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure]
>> self tests execution (see selftests.log for details)
>>
>> [07/Feb/2012:19:23:54][main]: CMSEngine.shutdown()
>> [07/Feb/2012:19:23:55][main]: LogFile:In log shutdown
>> [07/Feb/2012:19:23:55][main]: SignedAuditEventFactory: create()
>> message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success]
>> audit function shutdown
>>
>> [07/Feb/2012:19:23:55][main]: LogFile:In log shutdown
>> [07/Feb/2012:19:23:55][main]: SignedAuditEventFactory: create()
>> message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success]
>> audit function shutdown
>>
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
> I entered the command found in the documentation
>
> # tkstool -T -d /var/lib/pki-tks-SonshineAccess/alias -n sharedSecret
>
> Enter Password or Pin for "NSS Certificate DB":
>
>
>
> I enter a password and it continues to ask "Enter Password or Pin for
> "NSS Certificate DB":" Is there something I'm ding wrong when I setup
> my system? Everything looks the same as the document. I don't recall
> having this problem when I set this up on Fedora 13. I'm using Fedora 15.
>
>
>
>
> ------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
>
> End of Pki-users Digest, Vol 47, Issue 2
> ****************************************
12 years, 10 months
Re: [Pki-users] Pki-users Digest, Vol 47, Issue 2
by Dan Whitmire
On 02/08/2012 11:00 AM, pki-users-request(a)redhat.com wrote:
> Send Pki-users mailing list submissions to
> pki-users(a)redhat.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://www.redhat.com/mailman/listinfo/pki-users
> or, via email, send a message with subject or body 'help' to
> pki-users-request(a)redhat.com
>
> You can reach the person managing the list at
> pki-users-owner(a)redhat.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Pki-users digest..."
>
>
> Today's Topics:
>
> 1. TKS Not Starting Correctly (Dan Whitmire)
> 2. Re: TKS Not Starting Correctly (E Deon Lackey)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 07 Feb 2012 19:51:43 -0600
> From: Dan Whitmire<dan.whitmire(a)sonshineaccess.com>
> To: pki-users(a)redhat.com
> Subject: [Pki-users] TKS Not Starting Correctly
> Message-ID:<4F31D52F.1040405(a)sonshineaccess.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> I'd really appreciate it is anyone can help with a problem I'm having
> with the TKS Subsystem. I have CA, RA, TKS, and TPS installed.
> However, when starting the pki-tksd service I get the message that is
> started [ok] but when I try to complete the configuration after install,
> I get:
>
> # service pki-tksd status
> pki-tks-SonshineAccess dead but subsys locked [WARNING]
>
>
> Log files:
> # tail /var/log/pki-tks-SonshineAccess/selftests.log
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> Initializing self test plugins:
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading all self test plugin logger parameters
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading all self test plugin instances
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading all self test plugin instance parameters
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading self test plugins in on-demand order
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading self test plugins in startup order
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem: Self
> test plugins have been successfully loaded!
> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] SelfTestSubsystem:
> Running self test plugins specified to be executed at startup:
> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] TKSKnownSessionKey:
> TKS self test called TKSKnownSessionKey FAILED!
> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] SelfTestSubsystem: The
> CRITICAL self test plugin called
> selftests.container.instance.TKSKnownSessionKey running at startup FAILED
>
> # tail /var/log/pki-tks-SonshineAccess/system
> 9458.main - [02/Feb/2012:21:46:46 CST] [13] [3] authz instance
> DirAclAuthz initialization failed and skipped, error=Property
> internaldb.ldapconn.port missing value
> # tail /var/log/pki-tks-SonshineAccess/debug
> [07/Feb/2012:19:23:54][main]: TKSKnownSessionKey self test FAILED
> [07/Feb/2012:19:23:54][main]: SignedAuditEventFactory: create()
> message=[AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure]
> self tests execution (see selftests.log for details)
>
> [07/Feb/2012:19:23:54][main]: CMSEngine.shutdown()
> [07/Feb/2012:19:23:55][main]: LogFile:In log shutdown
> [07/Feb/2012:19:23:55][main]: SignedAuditEventFactory: create()
> message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success]
> audit function shutdown
>
> [07/Feb/2012:19:23:55][main]: LogFile:In log shutdown
> [07/Feb/2012:19:23:55][main]: SignedAuditEventFactory: create()
> message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success]
> audit function shutdown
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 07 Feb 2012 20:22:48 -0600
> From: E Deon Lackey<dlackey(a)redhat.com>
> To: pki-users(a)redhat.com
> Subject: Re: [Pki-users] TKS Not Starting Correctly
> Message-ID:<4F31DC78.7060408(a)redhat.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Hey, Dan.
>
> It failed at the SessionKey test, so I *think* you need to create a
> shared secret for the TKS and TPS to use.
>
> When you configure the TKS (go through the wizard), then the last step
> is #13, here:
> http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Dep...
>
> That creates a shared secret key. Without it, the TKS fails to start.
>
> Once the TKS is set up, you can set up the TPS, which are steps 17/18 here:
> http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Dep...
>
> I think. If it doesn't work, then someone with more knowledge can help
> you out. :)
> Deon
>
>
> On 2/7/2012 7:51 PM, Dan Whitmire wrote:
>> I'd really appreciate it is anyone can help with a problem I'm having
>> with the TKS Subsystem. I have CA, RA, TKS, and TPS installed.
>> However, when starting the pki-tksd service I get the message that is
>> started [ok] but when I try to complete the configuration after
>> install, I get:
>>
>> # service pki-tksd status
>> pki-tks-SonshineAccess dead but subsys locked [WARNING]
>>
>>
>> Log files:
>> # tail /var/log/pki-tks-SonshineAccess/selftests.log
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> Initializing self test plugins:
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> loading all self test plugin logger parameters
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> loading all self test plugin instances
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> loading all self test plugin instance parameters
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> loading self test plugins in on-demand order
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> loading self test plugins in startup order
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> Self test plugins have been successfully loaded!
>> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] SelfTestSubsystem:
>> Running self test plugins specified to be executed at startup:
>> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] TKSKnownSessionKey:
>> TKS self test called TKSKnownSessionKey FAILED!
>> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] SelfTestSubsystem:
>> The CRITICAL self test plugin called
>> selftests.container.instance.TKSKnownSessionKey running at startup FAILED
>>
>> # tail /var/log/pki-tks-SonshineAccess/system
>> 9458.main - [02/Feb/2012:21:46:46 CST] [13] [3] authz instance
>> DirAclAuthz initialization failed and skipped, error=Property
>> internaldb.ldapconn.port missing value
>> # tail /var/log/pki-tks-SonshineAccess/debug
>> [07/Feb/2012:19:23:54][main]: TKSKnownSessionKey self test FAILED
>> [07/Feb/2012:19:23:54][main]: SignedAuditEventFactory: create()
>> message=[AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure]
>> self tests execution (see selftests.log for details)
>>
>> [07/Feb/2012:19:23:54][main]: CMSEngine.shutdown()
>> [07/Feb/2012:19:23:55][main]: LogFile:In log shutdown
>> [07/Feb/2012:19:23:55][main]: SignedAuditEventFactory: create()
>> message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success]
>> audit function shutdown
>>
>> [07/Feb/2012:19:23:55][main]: LogFile:In log shutdown
>> [07/Feb/2012:19:23:55][main]: SignedAuditEventFactory: create()
>> message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success]
>> audit function shutdown
>>
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>
>
> ------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
>
> End of Pki-users Digest, Vol 47, Issue 2
> ****************************************
I entered the command found in the documentation
# tkstool -T -d /var/lib/pki-tks-SonshineAccess/alias -n sharedSecret
Enter Password or Pin for "NSS Certificate DB":
I enter a password and it continues to ask "Enter Password or Pin for
"NSS Certificate DB":" Is there something I'm ding wrong when I setup
my system? Everything looks the same as the document. I don't recall
having this problem when I set this up on Fedora 13. I'm using Fedora 15.
12 years, 10 months
TKS Not Starting Correctly
by Dan Whitmire
I'd really appreciate it is anyone can help with a problem I'm having
with the TKS Subsystem. I have CA, RA, TKS, and TPS installed.
However, when starting the pki-tksd service I get the message that is
started [ok] but when I try to complete the configuration after install,
I get:
# service pki-tksd status
pki-tks-SonshineAccess dead but subsys locked [WARNING]
Log files:
# tail /var/log/pki-tks-SonshineAccess/selftests.log
28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
Initializing self test plugins:
28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
loading all self test plugin logger parameters
28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
loading all self test plugin instances
28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
loading all self test plugin instance parameters
28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
loading self test plugins in on-demand order
28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
loading self test plugins in startup order
28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem: Self
test plugins have been successfully loaded!
28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] SelfTestSubsystem:
Running self test plugins specified to be executed at startup:
28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] TKSKnownSessionKey:
TKS self test called TKSKnownSessionKey FAILED!
28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] SelfTestSubsystem: The
CRITICAL self test plugin called
selftests.container.instance.TKSKnownSessionKey running at startup FAILED
# tail /var/log/pki-tks-SonshineAccess/system
9458.main - [02/Feb/2012:21:46:46 CST] [13] [3] authz instance
DirAclAuthz initialization failed and skipped, error=Property
internaldb.ldapconn.port missing value
# tail /var/log/pki-tks-SonshineAccess/debug
[07/Feb/2012:19:23:54][main]: TKSKnownSessionKey self test FAILED
[07/Feb/2012:19:23:54][main]: SignedAuditEventFactory: create()
message=[AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure]
self tests execution (see selftests.log for details)
[07/Feb/2012:19:23:54][main]: CMSEngine.shutdown()
[07/Feb/2012:19:23:55][main]: LogFile:In log shutdown
[07/Feb/2012:19:23:55][main]: SignedAuditEventFactory: create()
message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success]
audit function shutdown
[07/Feb/2012:19:23:55][main]: LogFile:In log shutdown
[07/Feb/2012:19:23:55][main]: SignedAuditEventFactory: create()
message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success]
audit function shutdown
12 years, 10 months
Dogtag 9 and CentOS 6 WebUI 'XXXX' issue and selinux
by Ritter, Nicholas
Back on 1/23/12, Matt posted a response to Nathanael and Mike with a URL
reference to the PKI FAQ about dogtag-pki v9 packages that come with
CentOSv6 and the CA web interface problems (see
https://www.redhat.com/archives/pki-users/2012-January/ms00011.html and
http://pki.fedoraproject.org/wiki/PKI_Known_Issues#Miscellaneous )
My question is, has anyone been able to fix this issue using the
prescribed methods (listed in the second URL above, ) especially when
considering the desire to have it working with SELINUX?
I would like to get dogtag v9 working on centos v6.2, but not sure if it
is worth the time to use non-centos packages if it serves to only cause
SELinux errors. I was hoping someone could elaborate on their
experiences with this. RedHat told me they are not selling their
Certificate Server product anymore because they are working on a grand
identity management solution, and I can afford either anyway.
Nick
12 years, 10 months