Pki-users August 2019

users@lists.dogtagpki.org

4 participants
4 discussions

by Pavel Ryabikh

Hello dear Dogtag PKI users! I am trying to install the system already for some days - it fails: There is a description: [root@ca ~]# pkispawn -f ca-external-step2.cfg -s CA Installation log: /var/log/pki/pki-ca-spawn.20190819144510.log Loading deployment configuration from ca-external-step2.cfg. Installing CA into /var/lib/pki/pki-tomcat. ParsingException: IOException: Sequence tag error 9 ERROR : pkispawn CalledProcessError: Command '['pki', '-d', '/var/lib/pki/pki-tomcat/alias', 'pkcs7-cert-export', '--pkcs7-file', '/tmp/tmpgx3puk6p/cert_chain.p7b', '--output-prefix', '/tmp/tmptc7rw5h0/cert', '--output-suffix', '.crt']' returned non-zero exit status 255. File "/usr/lib/python3.7/site-packages/pki/server/pkispawn.py", line 546, in main scriptlet.spawn(deployer) File "/usr/lib/python3.7/site- packages/pki/server/deployment/scriptlets/configuration.py", line 643, in spawn self.import_system_certs(deployer, nssdb, subsystem) File "/usr/lib/python3.7/site- packages/pki/server/deployment/scriptlets/configuration.py", line 199, in import_system_certs self.import_system_cert(deployer, nssdb, subsystem, 'signing', 'CT,C,C') File "/usr/lib/python3.7/site- packages/pki/server/deployment/scriptlets/configuration.py", line 144, in import_system_cert trust_attributes=trust_attributes) File "/usr/lib/python3.7/site-packages/pki/nssdb.py", line 1295, in import_cert_chain trust_attributes=trust_attributes) File "/usr/lib/python3.7/site-packages/pki/nssdb.py", line 1327, in import_pkcs7 subprocess.check_call(cmd) File "/usr/lib64/python3.7/subprocess.py", line 347, in check_call raise CalledProcessError(retcode, cmd) Installation failed: Command failed: pki -d /var/lib/pki/pki- tomcat/alias pkcs7-cert-export --pkcs7-file /tmp/tmpgx3puk6p/cert_chain.p7b --output-prefix /tmp/tmptc7rw5h0/cert --output-suffix .crt Please check pkispawn logs in /var/log/pki/pki-ca- spawn.20190819144510.log And these are configs: STEP1: [DEFAULT] pki_server_database_password=121212 [CA] pki_admin_email=admin(a)postmet.com pki_admin_name=caadmin pki_admin_nickname=caadmin pki_admin_password=121212 pki_admin_uid=caadmin pki_client_database_password=121212 pki_client_database_purge=False pki_client_pkcs12_password=121212 pki_ds_base_dn=dc=ca,dc=lvm,dc=postmet,dc=com pki_ds_database=ca pki_ds_password=121212 pki_security_domain_name=lvm.postmet.com Security Domain pki_ca_signing_nickname=ca_signing pki_ocsp_signing_nickname=ca_ocsp_signing pki_audit_signing_nickname=ca_audit_signing pki_sslserver_nickname=sslserver pki_subsystem_nickname=subsystem pki_external=True pki_external_step_two=False pki_ca_signing_csr_path=ca_signing.csr STEP2: [DEFAULT] pki_instance_name = pki-tomcat pki_admin_password = 121212 pki_backup_password = 121212 pki_client_database_password = 121212 pki_client_pin = 121212 pki_client_pkcs12_password = 121212 pki_clone_pkcs12_password = 121212 pki_ds_password = 121212 pki_external_pkcs12_password = 121212 pki_pkcs12_password = 121212 pki_replication_password = 121212 pki_security_domain_password = 121212 pki_server_database_password = 121212 pki_server_pkcs12_password = 121212 pki_token_password = 121212 [CA] pki_admin_email=admin(a)postmet.com pki_admin_name=caadmin pki_admin_nickname=caadmin pki_admin_password=121212 pki_admin_uid=caadmin pki_client_database_password=121212 pki_client_database_purge=False pki_client_pkcs12_password=121212 pki_ds_base_dn=dc=ca,dc=lvm,dc=postmet,dc=com pki_ds_database=ca pki_ds_password=121212 pki_security_domain_name=lvm.postmet.com Security Domain pki_ca_signing_nickname=ca_signing pki_ocsp_signing_nickname=ca_ocsp_signing pki_audit_signing_nickname=ca_audit_signing pki_sslserver_nickname=sslserver pki_subsystem_nickname=subsystem pki_external=True pki_external_step_two=True pki_ca_signing_csr_path=ca_signing.csr pki_ca_signing_cert_path=ca_signing.crt pki_cert_chain_nickname=external pki_cert_chain_path=cert_chain.p7b pki_import_admin_cert = False pki_client_admin_cert = ca_admin.cert pki_admin_subject_dn=cn=PKI Administrator,o=%(pki_security_domain_name)s Please help -- Pavel Ryabih PostMet Corporation http://www.postmet.com Call to sip:pr@postmet.com

3 years, 6 months

2
2
0 / 0

10.7.x fails to run tests

by Timo Aaltonen

building on Debian I get a failure on "Running JUnit test-pki-util" cd dogtag-pki.git/build/core/base/util/test && mkdir -p reports cd dogtag-pki.git/build/core/base/util/test && /usr/lib/jvm/java-8-openjdk-amd64/bin/java -Djunit.reports.dir=reports -classpath :/usr/share/java/slf4j-api.jar:/usr/share/java/slf4j-jdk14.jar:dogtag-pki.git/build/core/dist/pki-nsutil.jar:dogtag-pki.git/build/core/dist/pki-cmsutil.jar:/usr/share/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/commons-codec.jar:/usr/share/java/hamcrest-core.jar:/usr/share/java/junit4.jar:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/build/core/test/classes com.netscape.test.TestRunner com.netscape.cmsutil.crypto.KeyIDCodecTest com.netscape.security.util.BMPStringTest com.netscape.security.util.IA5StringTest com.netscape.security.util.PrintableStringTest com.netscape.security.util.TeletexStringTest com.netscape.security.util.UniversalStringTest com.netscape.security.util.UTF8StringTest com.netscape.security.x509.GenericValueConverterTest com.netscape.security.x509.IA5StringConverterTest com.netscape.security.x509.PrintableConverterTest TestRunner: Test FAILED and then an example from the results: <testcase classname="com.netscape.security.x509.PrintableConverterTest" name="testControlCharacters" time="0.001"> <failure message="java.nio.ByteBuffer.mark()Ljava/nio/ByteBuffer;" type="java.lang.NoSuchMethodError">java.lang.NoSuchMethodError: java.nio.ByteBuffer.mark()Ljava/nio/ByteBuffer; at com.netscape.security.x509.PrintableConverterTest.testControlCharacters(PrintableConverterTest.java:73) how to fix that? -- t

3 years, 7 months

2
2
0 / 0

Notifications

by Pavel Ryabikh

Hello, dear DogTag users How can I manage system notifications, i.e. New request notifications etc. ? I cannot find any settings and documentation section is empty: https://www.dogtagpki.org/wiki/CA_Admin_Tasks#Using_Automated_Notifications -- Pavel Ryabih PostMet Corporation http://www.postmet.com Call to sip:pr@postmet.com

3 years, 7 months

2
1
0 / 0

New Release: PKI 10.7.3 is available for testing

by Dinesh Prasanth Moluguwan Krishnamoorthy

Hello everyone! We, the PKI Team, are happy to announce a new release for Dogtag PKI (and its deps) and is ready for some testing. Fedora 30 builds: https://bodhi.fedoraproject.org/updates/FEDORA-2019-0c32c4775a Fedora 29 builds: https://bodhi.fedoraproject.org/updates/FEDORA-2019-9a306c181a Fedora Rawhide builds are available in Koji stable repo. PKI 10.7.3 source is now available upstream: https://github.com/dogtagpki/pki/releases/tag/v10.7.3 We'd be glad to hear feedback on the new release and will help us to push it to stable, quicker. Regards, --Dinesh

3 years, 7 months

1
0
0 / 0

← Newer
1
Older →

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-users August 2019