Installation failed: import_pkcs7
by Pavel Ryabikh
Hello dear Dogtag PKI users!
I am trying to install the system already for some days - it fails:
There is a description:
[root@ca ~]# pkispawn -f ca-external-step2.cfg -s CA
Installation log: /var/log/pki/pki-ca-spawn.20190819144510.log
Loading deployment configuration from ca-external-step2.cfg.
Installing CA into /var/lib/pki/pki-tomcat.
ParsingException: IOException: Sequence tag error 9
ERROR : pkispawn CalledProcessError: Command '['pki', '-d',
'/var/lib/pki/pki-tomcat/alias', 'pkcs7-cert-export', '--pkcs7-file',
'/tmp/tmpgx3puk6p/cert_chain.p7b', '--output-prefix',
'/tmp/tmptc7rw5h0/cert', '--output-suffix', '.crt']' returned non-zero
exit status 255.
File "/usr/lib/python3.7/site-packages/pki/server/pkispawn.py", line
546, in main
scriptlet.spawn(deployer)
File "/usr/lib/python3.7/site-
packages/pki/server/deployment/scriptlets/configuration.py", line 643,
in spawn
self.import_system_certs(deployer, nssdb, subsystem)
File "/usr/lib/python3.7/site-
packages/pki/server/deployment/scriptlets/configuration.py", line 199,
in import_system_certs
self.import_system_cert(deployer, nssdb, subsystem, 'signing',
'CT,C,C')
File "/usr/lib/python3.7/site-
packages/pki/server/deployment/scriptlets/configuration.py", line 144,
in import_system_cert
trust_attributes=trust_attributes)
File "/usr/lib/python3.7/site-packages/pki/nssdb.py", line 1295, in
import_cert_chain
trust_attributes=trust_attributes)
File "/usr/lib/python3.7/site-packages/pki/nssdb.py", line 1327, in
import_pkcs7
subprocess.check_call(cmd)
File "/usr/lib64/python3.7/subprocess.py", line 347, in check_call
raise CalledProcessError(retcode, cmd)
Installation failed: Command failed: pki -d /var/lib/pki/pki-
tomcat/alias pkcs7-cert-export --pkcs7-file
/tmp/tmpgx3puk6p/cert_chain.p7b --output-prefix /tmp/tmptc7rw5h0/cert
--output-suffix .crt
Please check pkispawn logs in /var/log/pki/pki-ca-
spawn.20190819144510.log
And these are configs:
STEP1:
[DEFAULT]
pki_server_database_password=121212
[CA]
pki_admin_email=admin(a)postmet.com
pki_admin_name=caadmin
pki_admin_nickname=caadmin
pki_admin_password=121212
pki_admin_uid=caadmin
pki_client_database_password=121212
pki_client_database_purge=False
pki_client_pkcs12_password=121212
pki_ds_base_dn=dc=ca,dc=lvm,dc=postmet,dc=com
pki_ds_database=ca
pki_ds_password=121212
pki_security_domain_name=lvm.postmet.com Security Domain
pki_ca_signing_nickname=ca_signing
pki_ocsp_signing_nickname=ca_ocsp_signing
pki_audit_signing_nickname=ca_audit_signing
pki_sslserver_nickname=sslserver
pki_subsystem_nickname=subsystem
pki_external=True
pki_external_step_two=False
pki_ca_signing_csr_path=ca_signing.csr
STEP2:
[DEFAULT]
pki_instance_name = pki-tomcat
pki_admin_password = 121212
pki_backup_password = 121212
pki_client_database_password = 121212
pki_client_pin = 121212
pki_client_pkcs12_password = 121212
pki_clone_pkcs12_password = 121212
pki_ds_password = 121212
pki_external_pkcs12_password = 121212
pki_pkcs12_password = 121212
pki_replication_password = 121212
pki_security_domain_password = 121212
pki_server_database_password = 121212
pki_server_pkcs12_password = 121212
pki_token_password = 121212
[CA]
pki_admin_email=admin(a)postmet.com
pki_admin_name=caadmin
pki_admin_nickname=caadmin
pki_admin_password=121212
pki_admin_uid=caadmin
pki_client_database_password=121212
pki_client_database_purge=False
pki_client_pkcs12_password=121212
pki_ds_base_dn=dc=ca,dc=lvm,dc=postmet,dc=com
pki_ds_database=ca
pki_ds_password=121212
pki_security_domain_name=lvm.postmet.com Security Domain
pki_ca_signing_nickname=ca_signing
pki_ocsp_signing_nickname=ca_ocsp_signing
pki_audit_signing_nickname=ca_audit_signing
pki_sslserver_nickname=sslserver
pki_subsystem_nickname=subsystem
pki_external=True
pki_external_step_two=True
pki_ca_signing_csr_path=ca_signing.csr
pki_ca_signing_cert_path=ca_signing.crt
pki_cert_chain_nickname=external
pki_cert_chain_path=cert_chain.p7b
pki_import_admin_cert = False
pki_client_admin_cert = ca_admin.cert
pki_admin_subject_dn=cn=PKI
Administrator,o=%(pki_security_domain_name)s
Please help
--
Pavel Ryabih
PostMet Corporation
http://www.postmet.com
Call to sip:pr@postmet.com
5 years, 1 month
10.7.x fails to run tests
by Timo Aaltonen
building on Debian I get a failure on "Running JUnit test-pki-util"
cd dogtag-pki.git/build/core/base/util/test && mkdir -p reports
cd dogtag-pki.git/build/core/base/util/test &&
/usr/lib/jvm/java-8-openjdk-amd64/bin/java -Djunit.reports.dir=reports
-classpath
:/usr/share/java/slf4j-api.jar:/usr/share/java/slf4j-jdk14.jar:dogtag-pki.git/build/core/dist/pki-nsutil.jar:dogtag-pki.git/build/core/dist/pki-cmsutil.jar:/usr/share/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/commons-codec.jar:/usr/share/java/hamcrest-core.jar:/usr/share/java/junit4.jar:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/build/core/test/classes
com.netscape.test.TestRunner com.netscape.cmsutil.crypto.KeyIDCodecTest
com.netscape.security.util.BMPStringTest
com.netscape.security.util.IA5StringTest
com.netscape.security.util.PrintableStringTest
com.netscape.security.util.TeletexStringTest
com.netscape.security.util.UniversalStringTest
com.netscape.security.util.UTF8StringTest
com.netscape.security.x509.GenericValueConverterTest
com.netscape.security.x509.IA5StringConverterTest
com.netscape.security.x509.PrintableConverterTest
TestRunner: Test FAILED
and then an example from the results:
<testcase classname="com.netscape.security.x509.PrintableConverterTest"
name="testControlCharacters" time="0.001">
<failure message="java.nio.ByteBuffer.mark()Ljava/nio/ByteBuffer;"
type="java.lang.NoSuchMethodError">java.lang.NoSuchMethodError:
java.nio.ByteBuffer.mark()Ljava/nio/ByteBuffer;
at
com.netscape.security.x509.PrintableConverterTest.testControlCharacters(PrintableConverterTest.java:73)
how to fix that?
--
t
5 years, 1 month