pkispawn fails with HSM
by daniel jimenez
Greetings,
When runnign the pkispawn with a custom file in order to use and HSM as a
token, the installation fails with the following error:
The custom file I use is the suggested here:
http://pki.fedoraproject.org/wiki/Installing_CA_with_HSM
do you have a similar issue in this one?
do you have any single example of the custom file in order to use the HSM
as a token?
PS I VE ALREADY ADDED THE NFAST MODULEvia modutil -dbdir
/etc/pki/pki-tomcat/alias -nocertdb -fips true )
7 years, 7 months
resteasy 3.1.0 breakage
by Timo Aaltonen
Hi, Debian updated resteasy to 3.1.0 and it broke dogtag. I filed a ticket(*)
and attached a patch to fix the build, but pkispawn still fails:
root@zesty:~# pkispawn -f /tmp/pkispawn.config
Subsystem (CA/KRA/OCSP/TKS/TPS) [CA]:
Begin installation (Yes/No/Quit)? yes
Log file: /var/log/pki/pki-ca-spawn.20170217194720.log
Loading deployment configuration from /tmp/pkispawn.config.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into /etc/dogtag/tomcat/pki-tomcat/ca/deployment.cfg.
[ ok ] Starting pki-tomcatd (via systemctl): pki-tomcatd.service.
Installation failed:
Traceback (most recent call last):
File "/usr/sbin/pkispawn", line 817, in <module>
main(sys.argv)
File "/usr/sbin/pkispawn", line 535, in main
if r.headers['content-type'] == 'application/json':
File "/usr/lib/python2.7/dist-packages/requests/structures.py", line 54, in __getitem__
return self._store[key.lower()][1]
KeyError: 'content-type'
The last thing in pki-ca-spawn logfile is:
2017-02-17 19:47:23 pkispawn : INFO ....... executing '/etc/init.d/pki-tomcatd start pki-tomcat'
2017-02-17 19:47:30 pkispawn : DEBUG ........... <?xml version="1.0" encoding="UTF-8"?><XMLResponse><State>0</State><Type>CA</Type><Status>running</Status><Version>10.3.5+12</Version></XMLResponse>
2017-02-17 19:47:31 pkispawn : INFO ....... constructing PKI configuration data.
2017-02-17 19:47:31 pkispawn : INFO ....... executing 'certutil -R -d /root/.dogtag/pki-tomcat/ca/alias -s cn=PKI Administrator,e=caadmin@tyrell,ou=pki-tomcat,o=tyrell Security Domain -k rsa -g 2048 -z /root/.dogtag/pki-tomcat/ca/alias/noise -f /root/.dogtag/pki-tomcat/ca/password.conf -o /root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin'
2017-02-17 19:47:31 pkispawn : INFO ....... rm -f /root/.dogtag/pki-tomcat/ca/alias/noise
2017-02-17 19:47:31 pkispawn : INFO ....... BtoA /root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin /root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin.asc
2017-02-17 19:47:31 pkispawn : INFO ....... configuring PKI configuration data.
The instance is running, and catalina.out looks pretty normal like when the instance isn't configured yet.
So I'm stuck trying to figure out what's broken... Any ideas?
* https://fedorahosted.org/pki/ticket/2596
--
t
7 years, 7 months
IMPORTANT: Relocation of fedorahosted.org source code repositories to github . . .
by Matthew Harmsen
This is to notify everyone that the following source code repositories
located onhttps://fedorahosted.org/web/ <https://fedorahosted.org/web/>
have been relocated:
* *nuxwdog*
o OLD LOCATION (fedorahosted SVN repo):
+ svn co http://svn.fedorahosted.org/svn/nuxwdog
o NEW LOCATION (GITHUB GIT repo):
+ *git****clone****git**@github**.**com:dogtagpki**/**nuxwdog**.**git*
+ *git****clone****https:**//gi**thub**.**com**/dogtagpki/**nuxwdog**.**git*
* *pki (legacy versions)*
o OLD LOCATION (fedorahosted SVN repo):
+ svn co http://svn.fedorahosted.org/svn/pki
o NEW LOCATION (GITHUB GIT repo):
+ *git****clone****git**@github**.**com:dogtagpki**/**legacy-pki.git*****
+ *git****clone****https:**//gi**thub**.**com**/dogtagpki/**legacy-pki**.**git*
* *pki*
o OLD LOCATION (fedorahosted GIT repo):
+ git clone git://git.fedorahosted.org/git/pki.git
o NEW LOCATION (GITHUB GIT repo):
+ *git****clone****git**@github**.**com:dogtagpki**/**pki.git*****
+ *git****clone****https:**//gi**thub**.**com**/dogtagpki/**pki**.**git*
* *tomcatjss*
o OLD LOCATION (fedorahosted SVN repo):
+ svn co http://svn.fedorahosted.org/svn/tomcatjss
o NEW LOCATION (GITHUB GIT repo):
+ *git clone git@github.com:dogtagpki/tomcatjss.git*
+ *git clone https://github.com/dogtagpki/tomcatjss.git*
*
*
*WARNING: THE SOURCE CODE AT THE OLD LOCATIONS IS SUBJECT TO VANISH AND
WILL NO LONGER BE MAINTAINED!*
IMPORTANT: For all local PKI GIT repositories that were previously
checked out from fedorahosted.org, please follow these instuctions
(published on http://pki.fedoraproject.org/wiki/PKI_Developers):
To check the current GIT repository:
*$ git config remote.origin.url
ssh://username@git.fedorahosted.org/git/pki.git *
**
To change the GIT repository:
*$ git config remote.origin.url
git@github.com:dogtagpki/pki.git*
For all other local SVN repositories (nuxwdog, pki (legacy
versions), or tomcatjss) that were checked out from
fedorahosted.org, please identify any local changes,
checkout a fresh repository from GITHUB, and manually apply
the local changes (patches) from your old local repository
to your newly checked out local repository.
Thanks,
-- Matt
7 years, 7 months