From sbaa at vip.qq.com Thu May 2 05:24:56 2013 Content-Type: multipart/mixed; boundary="===============8436980526127361873==" MIME-Version: 1.0 From: =?utf-8?q?=E9=AA=B7=E9=AB=85=E7=8C=AB_=3Csbaa_at_vip=2Eqq=2Ecom=3E?= To: users at lists.dogtagpki.org Subject: =?utf-8?q?=5BPki-users=5D_=E5=9B=9E=E5=A4=8D=EF=BC=9A_=E5=9B=9E=E5=A4=8D?= =?utf-8?q?=EF=BC=9A_=E5=9B=9E=E5=A4=8D=EF=BC=9A__=22SecurityDomain_HTTPSA?= =?utf-8?q?dmin_URL_not_found_=22?= Date: Thu, 02 May 2013 17:24:47 +0800 Message-ID: --===============8436980526127361873== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Hi Alee some update I try another scep client sscep (https://github.com/certnanny/sscep) got the same result: ./sscep: server returned status code 500 ./sscep: mime_err: HTTP/1.1 500 Internal Server Error Date: Thu, 02 May 2013 09:13:20 GMT Server: Apache Content-Length: 333 Connection: close Content-Type: text/html; charset=3Diso-8859-1

Software error:

Could not find pkiclient.xml in /var/lib/pki-ra/docroot/ee/scep/ at /v=
ar/lib/pki-ra/docroot/ee/scep/pkiclient.cgi line 81.

For help, please send mail to the webmaster (you(a)example.com), giving this error message = and the time and date of the error.

./sscep: wrong (or missing) MIME content type ./sscep: error while sending message I am not sure what version is stable and recommended. Thanks Sbaa ------------------ =E5=8E=9F=E5=A7=8B=E9=82=AE=E4=BB=B6 ------------------ =E5=8F=91=E4=BB=B6=E4=BA=BA: "=E9=AA=B7=E9=AB=85=E7=8C=AB"; =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2013=E5=B9=B44=E6=9C=8830=E6=97=A5(= =E6=98=9F=E6=9C=9F=E4=BA=8C) =E4=B8=8B=E5=8D=882:33 =E6=94=B6=E4=BB=B6=E4=BA=BA: "alee"; = =E6=8A=84=E9=80=81: "Pki-users"; = =E4=B8=BB=E9=A2=98: =E5=9B=9E=E5=A4=8D=EF=BC=9A =E5=9B=9E=E5=A4=8D=EF=BC=9A= =E5=9B=9E=E5=A4=8D=EF=BC=9A [Pki-users] "SecurityDomain HTTPSAdmin URL not= found " Hi Alee I used firefox's keymanager plugin to do some simple test. Just connect to = RA server and click next and next ,then encontered this error. = But I did't go through any source about pkiclient.cgi ,so I 'm not sure whe= re introduce the file pkiclient.xml. another question, If the client request can choose some file which used by server cgi interna= lly, is there any security risk? Best Regards sbaa ------------------ =E5=8E=9F=E5=A7=8B=E9=82=AE=E4=BB=B6 ------------------ =E5=8F=91=E4=BB=B6=E4=BA=BA: "alee"; =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2013=E5=B9=B44=E6=9C=8830=E6=97=A5(= =E6=98=9F=E6=9C=9F=E4=BA=8C) =E4=B8=AD=E5=8D=881:06 =E6=94=B6=E4=BB=B6=E4=BA=BA: "=E9=AA=B7=E9=AB=85=E7=8C=AB"; = =E6=8A=84=E9=80=81: "Pki-users"; = =E4=B8=BB=E9=A2=98: Re: =E5=9B=9E=E5=A4=8D=EF=BC=9A =E5=9B=9E=E5=A4=8D=EF= =BC=9A [Pki-users] "SecurityDomain HTTPSAdmin URL not found " I don't see anything in the code about pkiclient.xml. Can you detail exactly what you did to test SCEP? Thanks, = Ade On Sun, 2013-04-28 at 15:13 +0800, =E9=AA=B7=E9=AB=85=E7=8C=AB wrote: > Hi Alee > = > = > Thank you, I finished the configuration for RA server by disable > SElinux > But when I test the SCEP feature, I got such error: > In error log: > [Sun Apr 28 03:05:56.891164 2013] [:error] [pid 1822:tid > 140696560207616] [Sun Apr 28 03:05:56 2013] -e: Could not find > pkiclient.xml in /var/lib/pki-ra/docroot/ee/scep/ > at /var/lib/pki-ra/docroot/ee/scep/pkiclient.cgi line 81.\n > = > = > on firefox: > Software error: > Could not find pkiclient.xml in /var/lib/pki-ra/docroot/ee/scep/ at /var/= lib/pki-ra/docroot/ee/scep/pkiclient.cgi line 81. > = > For help, please send mail to the webmaster (you(a)example.com), giving > this error message and the time and date of the error. = > = > = > = > = > Thanks > sbaa > ------------------ =E5=8E=9F=E5=A7=8B=E9=82=AE=E4=BB=B6 ------------------ > =E5=8F=91=E4=BB=B6=E4=BA=BA: "alee"; > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2013=E5=B9=B44=E6=9C=8828=E6=97=A5(= =E6=98=9F=E6=9C=9F=E5=A4=A9) =E4=B8=8B=E5=8D=882:00 > =E6=94=B6=E4=BB=B6=E4=BA=BA: "=E9=AA=B7=E9=AB=85=E7=8C=AB"; = > =E6=8A=84=E9=80=81: "Pki-users"; = > =E4=B8=BB=E9=A2=98: Re: =E5=9B=9E=E5=A4=8D=EF=BC=9A [Pki-users] "Security= Domain HTTPS Admin URL not found > " > = > = > I ran into the same problem: > = > The one you want is https://localhost.domain:8443 > = > I resolved this by setting selinux in permissive mode. I will file a > bug against selinux policy on Monday. > = > Ade > = > On Sun, 2013-04-28 at 02:27 +0800, =E9=AA=B7=E9=AB=85=E7=8C=AB wrote: > > Hi alee > > = > > = > > I tried following urls > > = > > = > > https://localhost.localdomain:8443 > > https://localhost.localdomain:8443/ca > > http://localhost.localdomain:8080 > > http://localhost.localdomain:8080/ca > > = > > = > > but all failed. > > = > > = > > and i found some info in error log (/var/log/pki-ra/error_log ) > > GET /ca/admin/ca/getStatus HTTP/1.0 > > = > > = > > port: 8443 > > addr=3D'localhost.localdomain' > > family=3D'2' > > IP=3D'127.0.0.1' > > exit after PR_Connect with error -5985: > > GET /ca/admin/ca/getStatus HTTP/1.0 > > = > > = > > port: 9445 > > addr=3D'localhost.localdomain' > > family=3D'2' > > IP=3D'127.0.0.1' > > exit after PR_Connect with error -5961: > > = > > = > > ------------------ =E5=8E=9F=E5=A7=8B=E9=82=AE=E4=BB=B6 ---------------= --- > > =E5=8F=91=E4=BB=B6=E4=BA=BA: "Ade Lee"; > > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2013=E5=B9=B44=E6=9C=8828=E6=97= =A5(=E6=98=9F=E6=9C=9F=E5=A4=A9) =E5=87=8C=E6=99=A81:04 > > =E6=94=B6=E4=BB=B6=E4=BA=BA: "=E9=AA=B7=E9=AB=85=E7=8C=AB"; = > > =E6=8A=84=E9=80=81: "Pki-users"; = > > =E4=B8=BB=E9=A2=98: Re: [Pki-users] "Security Domain HTTPS Admin URL no= t found " > > = > > = > > What value are you putting in for your security domain? > > = > > Ade > > On Sat, 2013-04-27 at 23:39 +0800, =E9=AA=B7=E9=AB=85=E7=8C=AB wrote: > > > Hi All > > > I'am a new user of dogtag. > > > I try the latest build 10.0.2. > > > I install ca server success,but when I configure a ra subsystem, = > > > = > > > = > > > url : > > > https://localhost.localdomain:12890/ra/admin/console/config/wizard > > > = > > > = > > > it alwarys show error "Security Domain HTTPS Admin URL not found" > > and > > > " Create a New Security Domai" cannot be choose. > > > any ideas? > > > = > > > = > > > thanks > > > = > > > = > > > _______________________________________________ > > > Pki-users mailing list > > > Pki-users(a)redhat.com > > > https://www.redhat.com/mailman/listinfo/pki-users > > = > > = > > . > > = > = > = > . > = . --===============8436980526127361873== Content-Type: text/html MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.html" PGRpdj5IaSBBbGVlPC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj5zb21lIHVwZGF0ZTwvZGl2Pjxk aXY+PGJyPjwvZGl2PjxkaXY+SSB0cnkgYW5vdGhlciBzY2VwIGNsaWVudCBzc2NlcCAoPGEgaHJl Zj0iaHR0cHM6Ly9naXRodWIuY29tL2NlcnRuYW5ueS9zc2NlcCIgc3R5bGU9ImZvbnQtZmFtaWx5 OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7ICI+aHR0cHM6Ly9naXRodWIu Y29tL2NlcnRuYW5ueS9zc2NlcDwvYT4pPC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj5nb3QgdGhl IHNhbWUgcmVzdWx0OjwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+PGRpdj4uL3NzY2VwOiBzZXJ2 ZXIgcmV0dXJuZWQgc3RhdHVzIGNvZGUgNTAwPC9kaXY+PGRpdj4uL3NzY2VwOiBtaW1lX2Vycjog SFRUUC8xLjEgNTAwIEludGVybmFsIFNlcnZlciBFcnJvcjwvZGl2PjxkaXY+RGF0ZTogVGh1LCAw MiBNYXkgMjAxMyAwOToxMzoyMCBHTVQ8L2Rpdj48ZGl2PlNlcnZlcjogQXBhY2hlPC9kaXY+PGRp dj5Db250ZW50LUxlbmd0aDogMzMzPC9kaXY+PGRpdj5Db25uZWN0aW9uOiBjbG9zZTwvZGl2Pjxk aXY+Q29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9aXNvLTg4NTktMTwvZGl2PjxkaXY+ PGJyPjwvZGl2PjxkaXY+Jmx0O2gxJmd0O1NvZnR3YXJlIGVycm9yOiZsdDsvaDEmZ3Q7PC9kaXY+ PGRpdj4mbHQ7cHJlJmd0O0NvdWxkIG5vdCBmaW5kIHBraWNsaWVudC54bWwgaW4gL3Zhci9saWIv cGtpLXJhL2RvY3Jvb3QvZWUvc2NlcC8gYXQgL3Zhci9saWIvcGtpLXJhL2RvY3Jvb3QvZWUvc2Nl cC9wa2ljbGllbnQuY2dpIGxpbmUgODEuPC9kaXY+PGRpdj4mbHQ7L3ByZSZndDs8L2Rpdj48ZGl2 PiZsdDtwJmd0OzwvZGl2PjxkaXY+Rm9yIGhlbHAsIHBsZWFzZSBzZW5kIG1haWwgdG8gdGhlIHdl Ym1hc3RlciAoJmx0O2EgaHJlZj0ibWFpbHRvOnlvdUBleGFtcGxlLmNvbSImZ3Q7eW91QGV4YW1w bGUuY29tJmx0Oy9hJmd0OyksIGdpdmluZyB0aGlzIGVycm9yIG1lc3NhZ2UmbmJzcDs8L2Rpdj48 ZGl2PmFuZCB0aGUgdGltZSBhbmQgZGF0ZSBvZiB0aGUgZXJyb3IuPC9kaXY+PGRpdj48YnI+PC9k aXY+PGRpdj4mbHQ7L3AmZ3Q7PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj4uL3NzY2VwOiB3cm9u ZyAob3IgbWlzc2luZykgTUlNRSBjb250ZW50IHR5cGU8L2Rpdj48ZGl2Pi4vc3NjZXA6IGVycm9y IHdoaWxlIHNlbmRpbmcgbWVzc2FnZTwvZGl2PjwvZGl2PjxkaXY+PGRpdj48YnI+PC9kaXY+PGRp dj5JIGFtIG5vdCBzdXJlIHdoYXQgdmVyc2lvbiBpcyBzdGFibGUgYW5kIHJlY29tbWVuZGVkLjwv ZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+VGhhbmtzPC9kaXY+PGRpdj5TYmFhPC9kaXY+PGRpdj48 YnI+PC9kaXY+PGRpdiBzdHlsZT0iZm9udC1zaXplOiAxMnB4O2ZvbnQtZmFtaWx5OiBBcmlhbCBO YXJyb3c7cGFkZGluZzoycHggMCAycHggMDsiPi0tLS0tLS0tLS0tLS0tLS0tLSZuYnNwO9StyrzT yrz+Jm5ic3A7LS0tLS0tLS0tLS0tLS0tLS0tPC9kaXY+PGRpdiBzdHlsZT0iZm9udC1zaXplOiAx MnB4O2JhY2tncm91bmQ6I2VmZWZlZjtwYWRkaW5nOjhweDsiPjxkaXY+PGI+t6K8/sjLOjwvYj4m bmJzcDsi97z3w8OoIiZsdDtzYmFhQHZpcC5xcS5jb20mZ3Q7OzwvZGl2PjxkaXY+PGI+t6LLzcqx vOQ6PC9iPiZuYnNwOzIwMTPE6jTUwjMwyNUo0MfG2rb+KSDPws7nMjozMzwvZGl2PjxkaXY+PGI+ ytW8/sjLOjwvYj4mbmJzcDsiYWxlZSImbHQ7YWxlZUByZWRoYXQuY29tJmd0OzsgPHdicj48L2Rp dj48ZGl2PjxiPrOty806PC9iPiZuYnNwOyJQa2ktdXNlcnMiJmx0O1BraS11c2Vyc0ByZWRoYXQu Y29tJmd0OzsgPHdicj48L2Rpdj48ZGl2PjxiPtb3zOI6PC9iPiZuYnNwO7vYuLSjuiC72Li0o7og u9i4tKO6IFtQa2ktdXNlcnNdICJTZWN1cml0eURvbWFpbiBIVFRQU0FkbWluIFVSTCBub3QgZm91 bmQgIjwvZGl2PjwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+SGkgQWxlZTwvZGl2PjxkaXY+PGJy PjwvZGl2PjxkaXY+SSB1c2VkIGZpcmVmb3gncyBrZXltYW5hZ2VyIHBsdWdpbiB0byBkbyBzb21l IHNpbXBsZSB0ZXN0LiBKdXN0IGNvbm5lY3QgdG8gUkEgc2VydmVyIGFuZCBjbGljayBuZXh0IGFu ZCBuZXh0ICx0aGVuIGVuY29udGVyZWQgdGhpcyBlcnJvci4gPC9kaXY+PGRpdj5CdXQgSSBkaWQn dCBnbyB0aHJvdWdoIGFueSBzb3VyY2UgYWJvdXQgcGtpY2xpZW50LmNnaSAsc28gSSAnbSBub3Qg c3VyZSB3aGVyZSBpbnRyb2R1Y2UgdGhlIGZpbGUgcGtpY2xpZW50LnhtbC48L2Rpdj48ZGl2Pjxi cj48L2Rpdj48ZGl2PmFub3RoZXIgcXVlc3Rpb24sPC9kaXY+PGRpdj5JZiB0aGUgY2xpZW50IHJl cXVlc3QgY2FuIGNob29zZSBzb21lIGZpbGUgd2hpY2ggdXNlZCBieSBzZXJ2ZXIgY2dpIGludGVy bmFsbHksIGlzIHRoZXJlIGFueSBzZWN1cml0eSByaXNrPzwvZGl2PjxkaXY+PGRpdj48YnI+PC9k aXY+PGRpdj5CZXN0IFJlZ2FyZHM8L2Rpdj48ZGl2PnNiYWE8L2Rpdj48ZGl2Pjxicj48L2Rpdj48 ZGl2IHN0eWxlPSJmb250LXNpemU6IDEycHg7Zm9udC1mYW1pbHk6IEFyaWFsIE5hcnJvdztwYWRk aW5nOjJweCAwIDJweCAwOyI+LS0tLS0tLS0tLS0tLS0tLS0tINStyrzTyrz+IC0tLS0tLS0tLS0t LS0tLS0tLTwvZGl2PjxkaXYgc3R5bGU9ImZvbnQtc2l6ZTogMTJweDtiYWNrZ3JvdW5kOiNlZmVm ZWY7cGFkZGluZzo4cHg7Ij48ZGl2PjxiPreivP7Iyzo8L2I+Jm5ic3A7ImFsZWUiJmx0O2FsZWVA cmVkaGF0LmNvbSZndDs7PC9kaXY+PGRpdj48Yj63osvNyrG85Do8L2I+Jm5ic3A7MjAxM8TqNNTC MzDI1SjQx8batv4pINbQzucxOjA2PC9kaXY+PGRpdj48Yj7K1bz+yMs6PC9iPiZuYnNwOyL3vPfD w6giJmx0O3NiYWFAdmlwLnFxLmNvbSZndDs7IDx3YnI+PC9kaXY+PGRpdj48Yj6zrcvNOjwvYj4m bmJzcDsiUGtpLXVzZXJzIiZsdDtQa2ktdXNlcnNAcmVkaGF0LmNvbSZndDs7IDx3YnI+PC9kaXY+ PGRpdj48Yj7W98ziOjwvYj4mbmJzcDtSZTogu9i4tKO6ILvYuLSjuiBbUGtpLXVzZXJzXSAiU2Vj dXJpdHlEb21haW4gSFRUUFNBZG1pbiBVUkwgbm90IGZvdW5kICI8L2Rpdj48L2Rpdj48ZGl2Pjxi cj48L2Rpdj5JIGRvbid0IHNlZSBhbnl0aGluZyBpbiB0aGUgY29kZSBhYm91dCBwa2ljbGllbnQu eG1sLjxicj48YnI+Q2FuIHlvdSBkZXRhaWwgZXhhY3RseSB3aGF0IHlvdSBkaWQgdG8gdGVzdCBT Q0VQPzxicj5UaGFua3MsIDxicj5BZGU8YnI+PGJyPk9uIFN1biwgMjAxMy0wNC0yOCBhdCAxNTox MyArMDgwMCwg97z3w8OoIHdyb3RlOjxicj4mZ3Q7IEhpIEFsZWU8YnI+Jmd0OyA8YnI+Jmd0OyA8 YnI+Jmd0OyBUaGFuayB5b3UsIEkgZmluaXNoZWQgdGhlIGNvbmZpZ3VyYXRpb24gZm9yIFJBIHNl cnZlciBieSBkaXNhYmxlPGJyPiZndDsgU0VsaW51eDxicj4mZ3Q7IEJ1dCB3aGVuIEkgdGVzdCB0 aGUgU0NFUCBmZWF0dXJlLCBJIGdvdCBzdWNoIGVycm9yOjxicj4mZ3Q7IEluIGVycm9yIGxvZzo8 YnI+Jmd0OyBbU3VuIEFwciAyOCAwMzowNTo1Ni44OTExNjQgMjAxM10gWzplcnJvcl0gW3BpZCAx ODIyOnRpZDxicj4mZ3Q7IDE0MDY5NjU2MDIwNzYxNl0gW1N1biBBcHIgMjggMDM6MDU6NTYgMjAx M10gLWU6IENvdWxkIG5vdCBmaW5kPGJyPiZndDsgcGtpY2xpZW50LnhtbCBpbiAvdmFyL2xpYi9w a2ktcmEvZG9jcm9vdC9lZS9zY2VwLzxicj4mZ3Q7IGF0IC92YXIvbGliL3BraS1yYS9kb2Nyb290 L2VlL3NjZXAvcGtpY2xpZW50LmNnaSBsaW5lIDgxLlxuPGJyPiZndDsgPGJyPiZndDsgPGJyPiZn dDsgb24gZmlyZWZveDo8YnI+Jmd0OyBTb2Z0d2FyZSBlcnJvcjo8YnI+Jmd0OyBDb3VsZCBub3Qg ZmluZCBwa2ljbGllbnQueG1sIGluIC92YXIvbGliL3BraS1yYS9kb2Nyb290L2VlL3NjZXAvIGF0 IC92YXIvbGliL3BraS1yYS9kb2Nyb290L2VlL3NjZXAvcGtpY2xpZW50LmNnaSBsaW5lIDgxLjxi cj4mZ3Q7IDxicj4mZ3Q7IEZvciBoZWxwLCBwbGVhc2Ugc2VuZCBtYWlsIHRvIHRoZSB3ZWJtYXN0 ZXIgKHlvdUBleGFtcGxlLmNvbSksIGdpdmluZzxicj4mZ3Q7IHRoaXMgZXJyb3IgbWVzc2FnZSBh bmQgdGhlIHRpbWUgYW5kIGRhdGUgb2YgdGhlIGVycm9yLiZuYnNwOyA8YnI+Jmd0OyA8YnI+Jmd0 OyA8YnI+Jmd0OyA8YnI+Jmd0OyA8YnI+Jmd0OyBUaGFua3M8YnI+Jmd0OyBzYmFhPGJyPiZndDsg LS0tLS0tLS0tLS0tLS0tLS0tINStyrzTyrz+IC0tLS0tLS0tLS0tLS0tLS0tLTxicj4mZ3Q7ILei vP7IyzogImFsZWUiJmx0O2FsZWVAcmVkaGF0LmNvbSZndDs7PGJyPiZndDsgt6LLzcqxvOQ6IDIw MTPE6jTUwjI4yNUo0MfG2szsKSDPws7nMjowMDxicj4mZ3Q7IMrVvP7IyzogIve898PDqCImbHQ7 c2JhYUB2aXAucXEuY29tJmd0OzsgPGJyPiZndDsgs63LzTogIlBraS11c2VycyImbHQ7UGtpLXVz ZXJzQHJlZGhhdC5jb20mZ3Q7OyA8YnI+Jmd0OyDW98ziOiBSZTogu9i4tKO6IFtQa2ktdXNlcnNd ICJTZWN1cml0eURvbWFpbiBIVFRQUyBBZG1pbiBVUkwgbm90IGZvdW5kPGJyPiZndDsgIjxicj4m Z3Q7IDxicj4mZ3Q7IDxicj4mZ3Q7IEkgcmFuIGludG8gdGhlIHNhbWUgcHJvYmxlbTo8YnI+Jmd0 OyA8YnI+Jmd0OyBUaGUgb25lIHlvdSB3YW50IGlzIGh0dHBzOi8vbG9jYWxob3N0LmRvbWFpbjo4 NDQzPGJyPiZndDsgPGJyPiZndDsgSSByZXNvbHZlZCB0aGlzIGJ5IHNldHRpbmcgc2VsaW51eCBp biBwZXJtaXNzaXZlIG1vZGUuJm5ic3A7IEkgd2lsbCBmaWxlIGE8YnI+Jmd0OyBidWcgYWdhaW5z dCBzZWxpbnV4IHBvbGljeSBvbiBNb25kYXkuPGJyPiZndDsgPGJyPiZndDsgQWRlPGJyPiZndDsg PGJyPiZndDsgT24gU3VuLCAyMDEzLTA0LTI4IGF0IDAyOjI3ICswODAwLCD3vPfDw6ggd3JvdGU6 PGJyPiZndDsgJmd0OyBIaSBhbGVlPGJyPiZndDsgJmd0OyA8YnI+Jmd0OyAmZ3Q7IDxicj4mZ3Q7 ICZndDsgSSB0cmllZCBmb2xsb3dpbmcgdXJsczxicj4mZ3Q7ICZndDsgPGJyPiZndDsgJmd0OyA8 YnI+Jmd0OyAmZ3Q7IGh0dHBzOi8vbG9jYWxob3N0LmxvY2FsZG9tYWluOjg0NDM8YnI+Jmd0OyAm Z3Q7IGh0dHBzOi8vbG9jYWxob3N0LmxvY2FsZG9tYWluOjg0NDMvY2E8YnI+Jmd0OyAmZ3Q7IGh0 dHA6Ly9sb2NhbGhvc3QubG9jYWxkb21haW46ODA4MDxicj4mZ3Q7ICZndDsgaHR0cDovL2xvY2Fs aG9zdC5sb2NhbGRvbWFpbjo4MDgwL2NhPGJyPiZndDsgJmd0OyA8YnI+Jmd0OyAmZ3Q7IDxicj4m Z3Q7ICZndDsgYnV0IGFsbCBmYWlsZWQuPGJyPiZndDsgJmd0OyA8YnI+Jmd0OyAmZ3Q7IDxicj4m Z3Q7ICZndDsgYW5kIGkgZm91bmQgc29tZSBpbmZvIGluIGVycm9yIGxvZyAoL3Zhci9sb2cvcGtp LXJhL2Vycm9yX2xvZyApPGJyPiZndDsgJmd0OyBHRVQgL2NhL2FkbWluL2NhL2dldFN0YXR1cyBI VFRQLzEuMDxicj4mZ3Q7ICZndDsgPGJyPiZndDsgJmd0OyA8YnI+Jmd0OyAmZ3Q7IHBvcnQ6IDg0 NDM8YnI+Jmd0OyAmZ3Q7IGFkZHI9J2xvY2FsaG9zdC5sb2NhbGRvbWFpbic8YnI+Jmd0OyAmZ3Q7 IGZhbWlseT0nMic8YnI+Jmd0OyAmZ3Q7IElQPScxMjcuMC4wLjEnPGJyPiZndDsgJmd0OyBleGl0 IGFmdGVyIFBSX0Nvbm5lY3Qgd2l0aCBlcnJvciAtNTk4NTo8YnI+Jmd0OyAmZ3Q7IEdFVCAvY2Ev YWRtaW4vY2EvZ2V0U3RhdHVzIEhUVFAvMS4wPGJyPiZndDsgJmd0OyA8YnI+Jmd0OyAmZ3Q7IDxi cj4mZ3Q7ICZndDsgcG9ydDogOTQ0NTxicj4mZ3Q7ICZndDsgYWRkcj0nbG9jYWxob3N0LmxvY2Fs ZG9tYWluJzxicj4mZ3Q7ICZndDsgZmFtaWx5PScyJzxicj4mZ3Q7ICZndDsgSVA9JzEyNy4wLjAu MSc8YnI+Jmd0OyAmZ3Q7IGV4aXQgYWZ0ZXIgUFJfQ29ubmVjdCB3aXRoIGVycm9yIC01OTYxOjxi cj4mZ3Q7ICZndDsgPGJyPiZndDsgJmd0OyA8YnI+Jmd0OyAmZ3Q7IC0tLS0tLS0tLS0tLS0tLS0t LSDUrcq808q8/iAtLS0tLS0tLS0tLS0tLS0tLS08YnI+Jmd0OyAmZ3Q7ILeivP7IyzogIkFkZSBM ZWUiJmx0O2FsZWVAcmVkaGF0LmNvbSZndDs7PGJyPiZndDsgJmd0OyC3osvNyrG85DogMjAxM8Tq NNTCMjjI1SjQx8bazOwpIMHos78xOjA0PGJyPiZndDsgJmd0OyDK1bz+yMs6ICL3vPfDw6giJmx0 O3NiYWFAdmlwLnFxLmNvbSZndDs7IDxicj4mZ3Q7ICZndDsgs63LzTogIlBraS11c2VycyImbHQ7 UGtpLXVzZXJzQHJlZGhhdC5jb20mZ3Q7OyA8YnI+Jmd0OyAmZ3Q7INb3zOI6IFJlOiBbUGtpLXVz ZXJzXSAiU2VjdXJpdHkgRG9tYWluIEhUVFBTIEFkbWluIFVSTCBub3QgZm91bmQgIjxicj4mZ3Q7 ICZndDsgPGJyPiZndDsgJmd0OyA8YnI+Jmd0OyAmZ3Q7IFdoYXQgdmFsdWUgYXJlIHlvdSBwdXR0 aW5nIGluIGZvciB5b3VyIHNlY3VyaXR5IGRvbWFpbj88YnI+Jmd0OyAmZ3Q7IDxicj4mZ3Q7ICZn dDsgQWRlPGJyPiZndDsgJmd0OyBPbiBTYXQsIDIwMTMtMDQtMjcgYXQgMjM6MzkgKzA4MDAsIPe8 98PDqCB3cm90ZTo8YnI+Jmd0OyAmZ3Q7ICZndDsgSGkgQWxsPGJyPiZndDsgJmd0OyAmZ3Q7IEkn YW0gYSBuZXcgdXNlciBvZiBkb2d0YWcuPGJyPiZndDsgJmd0OyAmZ3Q7IEkgdHJ5IHRoZSBsYXRl c3QgYnVpbGQgMTAuMC4yLjxicj4mZ3Q7ICZndDsgJmd0OyBJIGluc3RhbGwgY2Egc2VydmVyIHN1 Y2Nlc3MsYnV0IHdoZW4gSSBjb25maWd1cmUgYSByYSBzdWJzeXN0ZW0sIDxicj4mZ3Q7ICZndDsg Jmd0OyA8YnI+Jmd0OyAmZ3Q7ICZndDsgPGJyPiZndDsgJmd0OyAmZ3Q7IHVybCA6PGJyPiZndDsg Jmd0OyAmZ3Q7IGh0dHBzOi8vbG9jYWxob3N0LmxvY2FsZG9tYWluOjEyODkwL3JhL2FkbWluL2Nv bnNvbGUvY29uZmlnL3dpemFyZDxicj4mZ3Q7ICZndDsgJmd0OyA8YnI+Jmd0OyAmZ3Q7ICZndDsg PGJyPiZndDsgJmd0OyAmZ3Q7IGl0IGFsd2FyeXMgc2hvdyBlcnJvciAiU2VjdXJpdHkgRG9tYWlu IEhUVFBTIEFkbWluIFVSTCBub3QgZm91bmQiPGJyPiZndDsgJmd0OyBhbmQ8YnI+Jmd0OyAmZ3Q7 ICZndDsgIiBDcmVhdGUgYSBOZXcgU2VjdXJpdHkgRG9tYWkiIGNhbm5vdCBiZSBjaG9vc2UuPGJy PiZndDsgJmd0OyAmZ3Q7IGFueSBpZGVhcz88YnI+Jmd0OyAmZ3Q7ICZndDsgPGJyPiZndDsgJmd0 OyAmZ3Q7IDxicj4mZ3Q7ICZndDsgJmd0OyB0aGFua3M8YnI+Jmd0OyAmZ3Q7ICZndDsgPGJyPiZn dDsgJmd0OyAmZ3Q7IDxicj4mZ3Q7ICZndDsgJmd0OyBfX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fXzxicj4mZ3Q7ICZndDsgJmd0OyBQa2ktdXNlcnMgbWFpbGlu ZyBsaXN0PGJyPiZndDsgJmd0OyAmZ3Q7IFBraS11c2Vyc0ByZWRoYXQuY29tPGJyPiZndDsgJmd0 OyAmZ3Q7IGh0dHBzOi8vd3d3LnJlZGhhdC5jb20vbWFpbG1hbi9saXN0aW5mby9wa2ktdXNlcnM8 YnI+Jmd0OyAmZ3Q7IDxicj4mZ3Q7ICZndDsgPGJyPiZndDsgJmd0OyAuPGJyPiZndDsgJmd0OyA8 YnI+Jmd0OyA8YnI+Jmd0OyA8YnI+Jmd0OyAuPGJyPiZndDsgPGJyPjxicj48YnI+Ljxicj48L2Rp dj48L2Rpdj4= --===============8436980526127361873==-- From sbaa at vip.qq.com Thu May 2 07:17:16 2013 Content-Type: multipart/mixed; boundary="===============1766357621391069681==" MIME-Version: 1.0 From: =?utf-8?q?=E9=AA=B7=E9=AB=85=E7=8C=AB_=3Csbaa_at_vip=2Eqq=2Ecom=3E?= To: users at lists.dogtagpki.org Subject: =?utf-8?q?=5BPki-users=5D_=E5=9B=9E=E5=A4=8D=EF=BC=9A_=E5=9B=9E=E5=A4=8D?= =?utf-8?q?=EF=BC=9A_=E5=9B=9E=E5=A4=8D=EF=BC=9A__=22SecurityDomain_HTTPSA?= =?utf-8?q?dmin_URL_not_found_=22_=28solved=29?= Date: Thu, 02 May 2013 19:17:07 +0800 Message-ID: --===============1766357621391069681== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Hi Alee I take some time to debug the perl cgi. I found the error caused by decode method after I change it, it works. /sscep enroll -f sscep.conf -E 3des -S sha1 .... CN's of request and certificate matched! ./sscep: writing cert -----BEGIN CERTIFICATE----- MIIC8DCCAdigAwIBAgIBCjANBgkqhkiG9w0BAQsFADBHMSQwIgYDVQQKExtsb2Nh bGRvbWFpbiBTZWN1cml0eSBEb21haW4xHzAdBgNVBAMTFkNBIFNpZ25pbmcgQ2Vy dGlmaWNhdGUwHhcNMTMwNTAyMTEwOTAwWhcNMTUwNDIyMTEwOTAwWjAXMRUwEwYD VQQDEwwxMC42NC43OS4yMzQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOAV TYAh2vWcLWys4AMGEs9qbUeg/IkG9R944fHnaR9+uwqA+cZVNwmOl/Qwvk3GINiS JQKlhR1wxf4AHeCACtfN7fk+ckjOngx+PN4GLGwZyTAPSWEFCK7vzGqrFWyqAibL eeKzhhXiWkoHqQYkOoboAKY2OEvHuwKDod5xT3q/AgMBAAGjgZowgZcwHwYDVR0j BBgwFoAUs0FtabRcZ2tq6VfsBCXKQKzoWsAwRQYIKwYBBQUHAQEEOTA3MDUGCCsG AQUFBzABhilodHRwOi8vbG9jYWxob3N0LmxvY2FsZG9tYWluOjgwODAvY2Evb2Nz cDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME MA0GCSqGSIb3DQEBCwUAA4IBAQBzRKjf0ebDVjhIOuYFhbE/Htful4oLtCcQI2sZ xjr9uWUITEVZNCWONUJ2pZKT+9KefE8zCjRd8tliyKjUZOO4VYpO+TDfe4KsQMSe 2Lrd35g35iUXOhqi2IVXLjQT6mdEWuYKwIGRl98pyoLMz9MZKbLdnrGkhYZHxA9n EMds+7VmYdw3orZDaD4UmMqZL6FfNazjTKK1VlOWDL75QeVGGv9lNXbWqB+EUAZp U0mc/dip2R3wZRwygHE7cKs/lvheI9GkoQYLSLWzKcS2M2JiSOiwrEfi+zMWF71O DRbD6S2b8tl8k/f9WCwgLgKisw3TKRyJV+FLb5LdapE7lMQi -----END CERTIFICATE----- ./sscep: certificate written as ./local.crt sorry , I didn't change the default value according to (http://pki.fedorapr= oject.org/wiki/SCEP_in_Dogtag#SSCEP_Configuration) Because first time I use firefox's keymanager. Thanks very much! sbaa ------------------ =E5=8E=9F=E5=A7=8B=E9=82=AE=E4=BB=B6 ------------------ =E5=8F=91=E4=BB=B6=E4=BA=BA: "=E9=AA=B7=E9=AB=85=E7=8C=AB"; =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2013=E5=B9=B45=E6=9C=882=E6=97=A5(=E6= =98=9F=E6=9C=9F=E5=9B=9B) =E4=B8=8B=E5=8D=885:24 =E6=94=B6=E4=BB=B6=E4=BA=BA: "alee"; = =E6=8A=84=E9=80=81: "Pki-users"; = =E4=B8=BB=E9=A2=98: =E5=9B=9E=E5=A4=8D=EF=BC=9A =E5=9B=9E=E5=A4=8D=EF=BC=9A= =E5=9B=9E=E5=A4=8D=EF=BC=9A [Pki-users] "SecurityDomain HTTPSAdmin URL not= found " Hi Alee some update I try another scep client sscep (https://github.com/certnanny/sscep) got the same result: ./sscep: server returned status code 500 ./sscep: mime_err: HTTP/1.1 500 Internal Server Error Date: Thu, 02 May 2013 09:13:20 GMT Server: Apache Content-Length: 333 Connection: close Content-Type: text/html; charset=3Diso-8859-1

Software error:

Could not find pkiclient.xml in /var/lib/pki-ra/docroot/ee/scep/ at /v=
ar/lib/pki-ra/docroot/ee/scep/pkiclient.cgi line 81.

For help, please send mail to the webmaster (you(a)example.com), giving this error message = and the time and date of the error.

./sscep: wrong (or missing) MIME content type ./sscep: error while sending message I am not sure what version is stable and recommended. Thanks Sbaa ------------------ =E5=8E=9F=E5=A7=8B=E9=82=AE=E4=BB=B6 ------------------ =E5=8F=91=E4=BB=B6=E4=BA=BA: "=E9=AA=B7=E9=AB=85=E7=8C=AB"; =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2013=E5=B9=B44=E6=9C=8830=E6=97=A5(= =E6=98=9F=E6=9C=9F=E4=BA=8C) =E4=B8=8B=E5=8D=882:33 =E6=94=B6=E4=BB=B6=E4=BA=BA: "alee"; = =E6=8A=84=E9=80=81: "Pki-users"; = =E4=B8=BB=E9=A2=98: =E5=9B=9E=E5=A4=8D=EF=BC=9A =E5=9B=9E=E5=A4=8D=EF=BC=9A= =E5=9B=9E=E5=A4=8D=EF=BC=9A [Pki-users] "SecurityDomain HTTPSAdmin URL not= found " Hi Alee I used firefox's keymanager plugin to do some simple test. Just connect to = RA server and click next and next ,then encontered this error. = But I did't go through any source about pkiclient.cgi ,so I 'm not sure whe= re introduce the file pkiclient.xml. another question, If the client request can choose some file which used by server cgi interna= lly, is there any security risk? Best Regards sbaa ------------------ =E5=8E=9F=E5=A7=8B=E9=82=AE=E4=BB=B6 ------------------ =E5=8F=91=E4=BB=B6=E4=BA=BA: "alee"; =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2013=E5=B9=B44=E6=9C=8830=E6=97=A5(= =E6=98=9F=E6=9C=9F=E4=BA=8C) =E4=B8=AD=E5=8D=881:06 =E6=94=B6=E4=BB=B6=E4=BA=BA: "=E9=AA=B7=E9=AB=85=E7=8C=AB"; = =E6=8A=84=E9=80=81: "Pki-users"; = =E4=B8=BB=E9=A2=98: Re: =E5=9B=9E=E5=A4=8D=EF=BC=9A =E5=9B=9E=E5=A4=8D=EF= =BC=9A [Pki-users] "SecurityDomain HTTPSAdmin URL not found " I don't see anything in the code about pkiclient.xml. Can you detail exactly what you did to test SCEP? Thanks, = Ade On Sun, 2013-04-28 at 15:13 +0800, =E9=AA=B7=E9=AB=85=E7=8C=AB wrote: > Hi Alee > = > = > Thank you, I finished the configuration for RA server by disable > SElinux > But when I test the SCEP feature, I got such error: > In error log: > [Sun Apr 28 03:05:56.891164 2013] [:error] [pid 1822:tid > 140696560207616] [Sun Apr 28 03:05:56 2013] -e: Could not find > pkiclient.xml in /var/lib/pki-ra/docroot/ee/scep/ > at /var/lib/pki-ra/docroot/ee/scep/pkiclient.cgi line 81.\n > = > = > on firefox: > Software error: > Could not find pkiclient.xml in /var/lib/pki-ra/docroot/ee/scep/ at /var/= lib/pki-ra/docroot/ee/scep/pkiclient.cgi line 81. > = > For help, please send mail to the webmaster (you(a)example.com), giving > this error message and the time and date of the error. = > = > = > = > = > Thanks > sbaa > ------------------ =E5=8E=9F=E5=A7=8B=E9=82=AE=E4=BB=B6 ------------------ > =E5=8F=91=E4=BB=B6=E4=BA=BA: "alee"; > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2013=E5=B9=B44=E6=9C=8828=E6=97=A5(= =E6=98=9F=E6=9C=9F=E5=A4=A9) =E4=B8=8B=E5=8D=882:00 > =E6=94=B6=E4=BB=B6=E4=BA=BA: "=E9=AA=B7=E9=AB=85=E7=8C=AB"; = > =E6=8A=84=E9=80=81: "Pki-users"; = > =E4=B8=BB=E9=A2=98: Re: =E5=9B=9E=E5=A4=8D=EF=BC=9A [Pki-users] "Security= Domain HTTPS Admin URL not found > " > = > = > I ran into the same problem: > = > The one you want is https://localhost.domain:8443 > = > I resolved this by setting selinux in permissive mode. I will file a > bug against selinux policy on Monday. > = > Ade > = > On Sun, 2013-04-28 at 02:27 +0800, =E9=AA=B7=E9=AB=85=E7=8C=AB wrote: > > Hi alee > > = > > = > > I tried following urls > > = > > = > > https://localhost.localdomain:8443 > > https://localhost.localdomain:8443/ca > > http://localhost.localdomain:8080 > > http://localhost.localdomain:8080/ca > > = > > = > > but all failed. > > = > > = > > and i found some info in error log (/var/log/pki-ra/error_log ) > > GET /ca/admin/ca/getStatus HTTP/1.0 > > = > > = > > port: 8443 > > addr=3D'localhost.localdomain' > > family=3D'2' > > IP=3D'127.0.0.1' > > exit after PR_Connect with error -5985: > > GET /ca/admin/ca/getStatus HTTP/1.0 > > = > > = > > port: 9445 > > addr=3D'localhost.localdomain' > > family=3D'2' > > IP=3D'127.0.0.1' > > exit after PR_Connect with error -5961: > > = > > = > > ------------------ =E5=8E=9F=E5=A7=8B=E9=82=AE=E4=BB=B6 ---------------= --- > > =E5=8F=91=E4=BB=B6=E4=BA=BA: "Ade Lee"; > > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2013=E5=B9=B44=E6=9C=8828=E6=97= =A5(=E6=98=9F=E6=9C=9F=E5=A4=A9) =E5=87=8C=E6=99=A81:04 > > =E6=94=B6=E4=BB=B6=E4=BA=BA: "=E9=AA=B7=E9=AB=85=E7=8C=AB"; = > > =E6=8A=84=E9=80=81: "Pki-users"; = > > =E4=B8=BB=E9=A2=98: Re: [Pki-users] "Security Domain HTTPS Admin URL no= t found " > > = > > = > > What value are you putting in for your security domain? > > = > > Ade > > On Sat, 2013-04-27 at 23:39 +0800, =E9=AA=B7=E9=AB=85=E7=8C=AB wrote: > > > Hi All > > > I'am a new user of dogtag. > > > I try the latest build 10.0.2. > > > I install ca server success,but when I configure a ra subsystem, = > > > = > > > = > > > url : > > > https://localhost.localdomain:12890/ra/admin/console/config/wizard > > > = > > > = > > > it alwarys show error "Security Domain HTTPS Admin URL not found" > > and > > > " Create a New Security Domai" cannot be choose. > > > any ideas? > > > = > > > = > > > thanks > > > = > > > = > > > _______________________________________________ > > > Pki-users mailing list > > > Pki-users(a)redhat.com > > > https://www.redhat.com/mailman/listinfo/pki-users > > = > > = > > . > > = > = > = > . > = . --===============1766357621391069681== Content-Type: text/html MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.html" PGRpdj5IaSBBbGVlPC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj5JIHRha2Ugc29tZSB0aW1lIHRv IGRlYnVnIHRoZSBwZXJsIGNnaS48L2Rpdj48ZGl2PkkgZm91bmQgdGhlIGVycm9yIGNhdXNlZCBi eSBkZWNvZGUgbWV0aG9kPC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj5hZnRlciBJIGNoYW5nZSBp dCwgaXQgd29ya3MuPC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj4vc3NjZXAgZW5yb2xsIC1mIHNz Y2VwLmNvbmYgLUUgM2RlcyAtUyBzaGExPC9kaXY+PGRpdj4uLi4uPC9kaXY+PGRpdj48ZGl2PkNO J3Mgb2YgcmVxdWVzdCBhbmQgY2VydGlmaWNhdGUgbWF0Y2hlZCE8L2Rpdj48ZGl2Pi4vc3NjZXA6 IHdyaXRpbmcgY2VydDwvZGl2PjxkaXY+LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tPC9kaXY+ PGRpdj5NSUlDOERDQ0FkaWdBd0lCQWdJQkNqQU5CZ2txaGtpRzl3MEJBUXNGQURCSE1TUXdJZ1lE VlFRS0V4dHNiMk5oPC9kaXY+PGRpdj5iR1J2YldGcGJpQlRaV04xY21sMGVTQkViMjFoYVc0eEh6 QWRCZ05WQkFNVEZrTkJJRk5wWjI1cGJtY2dRMlZ5PC9kaXY+PGRpdj5kR2xtYVdOaGRHVXdIaGNO TVRNd05UQXlNVEV3T1RBd1doY05NVFV3TkRJeU1URXdPVEF3V2pBWE1SVXdFd1lEPC9kaXY+PGRp dj5WUVFERXd3eE1DNDJOQzQzT1M0eU16UXdnWjh3RFFZSktvWklodmNOQVFFQkJRQURnWTBBTUlH SkFvR0JBT0FWPC9kaXY+PGRpdj5UWUFoMnZXY0xXeXM0QU1HRXM5cWJVZWcvSWtHOVI5NDRmSG5h UjkrdXdxQStjWlZOd21PbC9Rd3ZrM0dJTmlTPC9kaXY+PGRpdj5KUUtsaFIxd3hmNEFIZUNBQ3Rm Tjdmaytja2pPbmd4K1BONEdMR3daeVRBUFNXRUZDSzd2ekdxckZXeXFBaWJMPC9kaXY+PGRpdj5l ZUt6aGhYaVdrb0hxUVlrT29ib0FLWTJPRXZIdXdLRG9kNXhUM3EvQWdNQkFBR2pnWm93Z1pjd0h3 WURWUjBqPC9kaXY+PGRpdj5CQmd3Rm9BVXMwRnRhYlJjWjJ0cTZWZnNCQ1hLUUt6b1dzQXdSUVlJ S3dZQkJRVUhBUUVFT1RBM01EVUdDQ3NHPC9kaXY+PGRpdj5BUVVGQnpBQmhpbG9kSFJ3T2k4dmJH OWpZV3hvYjNOMExteHZZMkZzWkc5dFlXbHVPamd3T0RBdlkyRXZiMk56PC9kaXY+PGRpdj5jREFP QmdOVkhROEJBZjhFQkFNQ0JlQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0lHQ0NzR0FRVUZC d01FPC9kaXY+PGRpdj5NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJ6UktqZjBlYkRWamhJT3VZ RmhiRS9IdGZ1bDRvTHRDY1FJMnNaPC9kaXY+PGRpdj54anI5dVdVSVRFVlpOQ1dPTlVKMnBaS1Qr OUtlZkU4ekNqUmQ4dGxpeUtqVVpPTzRWWXBPK1REZmU0S3NRTVNlPC9kaXY+PGRpdj4yTHJkMzVn MzVpVVhPaHFpMklWWExqUVQ2bWRFV3VZS3dJR1JsOThweW9MTXo5TVpLYkxkbnJHa2hZWkh4QTlu PC9kaXY+PGRpdj5FTWRzKzdWbVlkdzNvclpEYUQ0VW1NcVpMNkZmTmF6alRLSzFWbE9XREw3NVFl VkdHdjlsTlhiV3FCK0VVQVpwPC9kaXY+PGRpdj5VMG1jL2RpcDJSM3daUnd5Z0hFN2NLcy9sdmhl STlHa29RWUxTTFd6S2NTMk0ySmlTT2l3ckVmaSt6TVdGNzFPPC9kaXY+PGRpdj5EUmJENlMyYjh0 bDhrL2Y5V0N3Z0xnS2lzdzNUS1J5SlYrRkxiNUxkYXBFN2xNUWk8L2Rpdj48ZGl2Pi0tLS0tRU5E IENFUlRJRklDQVRFLS0tLS08L2Rpdj48ZGl2Pi4vc3NjZXA6IGNlcnRpZmljYXRlIHdyaXR0ZW4g YXMgLi9sb2NhbC5jcnQ8L2Rpdj48L2Rpdj48ZGl2Pjxicj48L2Rpdj48ZGl2PnNvcnJ5ICwgSSBk aWRuJ3QgY2hhbmdlIHRoZSBkZWZhdWx0IHZhbHVlIGFjY29yZGluZyB0byAoaHR0cDovL3BraS5m ZWRvcmFwcm9qZWN0Lm9yZy93aWtpL1NDRVBfaW5fRG9ndGFnI1NTQ0VQX0NvbmZpZ3VyYXRpb24p PC9kaXY+PGRpdj5CZWNhdXNlIGZpcnN0IHRpbWUgSSB1c2UgZmlyZWZveCdzIGtleW1hbmFnZXIu PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj5UaGFua3MgdmVyeSBtdWNoITwvZGl2PjxkaXY+PGJy PjwvZGl2PjxkaXY+c2JhYTwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+ PGJyPjwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+PGRpdj48YnI+PC9kaXY+PGRpdj48YnI+PC9k aXY+PGRpdiBzdHlsZT0iZm9udC1zaXplOiAxMnB4O2ZvbnQtZmFtaWx5OiBBcmlhbCBOYXJyb3c7 cGFkZGluZzoycHggMCAycHggMDsiPi0tLS0tLS0tLS0tLS0tLS0tLSZuYnNwO9StyrzTyrz+Jm5i c3A7LS0tLS0tLS0tLS0tLS0tLS0tPC9kaXY+PGRpdiBzdHlsZT0iZm9udC1zaXplOiAxMnB4O2Jh Y2tncm91bmQ6I2VmZWZlZjtwYWRkaW5nOjhweDsiPjxkaXY+PGI+t6K8/sjLOjwvYj4mbmJzcDsi 97z3w8OoIiZsdDtzYmFhQHZpcC5xcS5jb20mZ3Q7OzwvZGl2PjxkaXY+PGI+t6LLzcqxvOQ6PC9i PiZuYnNwOzIwMTPE6jXUwjLI1SjQx8bay8QpIM/Czuc1OjI0PC9kaXY+PGRpdj48Yj7K1bz+yMs6 PC9iPiZuYnNwOyJhbGVlIiZsdDthbGVlQHJlZGhhdC5jb20mZ3Q7OyA8d2JyPjwvZGl2PjxkaXY+ PGI+s63LzTo8L2I+Jm5ic3A7IlBraS11c2VycyImbHQ7UGtpLXVzZXJzQHJlZGhhdC5jb20mZ3Q7 OyA8d2JyPjwvZGl2PjxkaXY+PGI+1vfM4jo8L2I+Jm5ic3A7u9i4tKO6ILvYuLSjuiC72Li0o7og W1BraS11c2Vyc10gIlNlY3VyaXR5RG9tYWluIEhUVFBTQWRtaW4gVVJMIG5vdCBmb3VuZCAiPC9k aXY+PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj5IaSBBbGVlPC9kaXY+PGRpdj48YnI+PC9kaXY+ PGRpdj5zb21lIHVwZGF0ZTwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+SSB0cnkgYW5vdGhlciBz Y2VwIGNsaWVudCBzc2NlcCAoPGEgaHJlZj0iaHR0cHM6Ly9naXRodWIuY29tL2NlcnRuYW5ueS9z c2NlcCIgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6 IDExcHQ7ICI+aHR0cHM6Ly9naXRodWIuY29tL2NlcnRuYW5ueS9zc2NlcDwvYT4pPC9kaXY+PGRp dj48YnI+PC9kaXY+PGRpdj5nb3QgdGhlIHNhbWUgcmVzdWx0OjwvZGl2PjxkaXY+PGJyPjwvZGl2 PjxkaXY+PGRpdj4uL3NzY2VwOiBzZXJ2ZXIgcmV0dXJuZWQgc3RhdHVzIGNvZGUgNTAwPC9kaXY+ PGRpdj4uL3NzY2VwOiBtaW1lX2VycjogSFRUUC8xLjEgNTAwIEludGVybmFsIFNlcnZlciBFcnJv cjwvZGl2PjxkaXY+RGF0ZTogVGh1LCAwMiBNYXkgMjAxMyAwOToxMzoyMCBHTVQ8L2Rpdj48ZGl2 PlNlcnZlcjogQXBhY2hlPC9kaXY+PGRpdj5Db250ZW50LUxlbmd0aDogMzMzPC9kaXY+PGRpdj5D b25uZWN0aW9uOiBjbG9zZTwvZGl2PjxkaXY+Q29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJz ZXQ9aXNvLTg4NTktMTwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+Jmx0O2gxJmd0O1NvZnR3YXJl IGVycm9yOiZsdDsvaDEmZ3Q7PC9kaXY+PGRpdj4mbHQ7cHJlJmd0O0NvdWxkIG5vdCBmaW5kIHBr aWNsaWVudC54bWwgaW4gL3Zhci9saWIvcGtpLXJhL2RvY3Jvb3QvZWUvc2NlcC8gYXQgL3Zhci9s aWIvcGtpLXJhL2RvY3Jvb3QvZWUvc2NlcC9wa2ljbGllbnQuY2dpIGxpbmUgODEuPC9kaXY+PGRp dj4mbHQ7L3ByZSZndDs8L2Rpdj48ZGl2PiZsdDtwJmd0OzwvZGl2PjxkaXY+Rm9yIGhlbHAsIHBs ZWFzZSBzZW5kIG1haWwgdG8gdGhlIHdlYm1hc3RlciAoJmx0O2EgaHJlZj0ibWFpbHRvOnlvdUBl eGFtcGxlLmNvbSImZ3Q7eW91QGV4YW1wbGUuY29tJmx0Oy9hJmd0OyksIGdpdmluZyB0aGlzIGVy cm9yIG1lc3NhZ2UgPC9kaXY+PGRpdj5hbmQgdGhlIHRpbWUgYW5kIGRhdGUgb2YgdGhlIGVycm9y LjwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+Jmx0Oy9wJmd0OzwvZGl2PjxkaXY+PGJyPjwvZGl2 PjxkaXY+Li9zc2NlcDogd3JvbmcgKG9yIG1pc3NpbmcpIE1JTUUgY29udGVudCB0eXBlPC9kaXY+ PGRpdj4uL3NzY2VwOiBlcnJvciB3aGlsZSBzZW5kaW5nIG1lc3NhZ2U8L2Rpdj48L2Rpdj48ZGl2 PjxkaXY+PGJyPjwvZGl2PjxkaXY+SSBhbSBub3Qgc3VyZSB3aGF0IHZlcnNpb24gaXMgc3RhYmxl IGFuZCByZWNvbW1lbmRlZC48L2Rpdj48ZGl2Pjxicj48L2Rpdj48ZGl2PlRoYW5rczwvZGl2Pjxk aXY+U2JhYTwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXYgc3R5bGU9ImZvbnQtc2l6ZTogMTJweDtm b250LWZhbWlseTogQXJpYWwgTmFycm93O3BhZGRpbmc6MnB4IDAgMnB4IDA7Ij4tLS0tLS0tLS0t LS0tLS0tLS0g1K3KvNPKvP4gLS0tLS0tLS0tLS0tLS0tLS0tPC9kaXY+PGRpdiBzdHlsZT0iZm9u dC1zaXplOiAxMnB4O2JhY2tncm91bmQ6I2VmZWZlZjtwYWRkaW5nOjhweDsiPjxkaXY+PGI+t6K8 /sjLOjwvYj4mbmJzcDsi97z3w8OoIiZsdDtzYmFhQHZpcC5xcS5jb20mZ3Q7OzwvZGl2PjxkaXY+ PGI+t6LLzcqxvOQ6PC9iPiZuYnNwOzIwMTPE6jTUwjMwyNUo0MfG2rb+KSDPws7nMjozMzwvZGl2 PjxkaXY+PGI+ytW8/sjLOjwvYj4mbmJzcDsiYWxlZSImbHQ7YWxlZUByZWRoYXQuY29tJmd0Ozsg PHdicj48L2Rpdj48ZGl2PjxiPrOty806PC9iPiZuYnNwOyJQa2ktdXNlcnMiJmx0O1BraS11c2Vy c0ByZWRoYXQuY29tJmd0OzsgPHdicj48L2Rpdj48ZGl2PjxiPtb3zOI6PC9iPiZuYnNwO7vYuLSj uiC72Li0o7ogu9i4tKO6IFtQa2ktdXNlcnNdICJTZWN1cml0eURvbWFpbiBIVFRQU0FkbWluIFVS TCBub3QgZm91bmQgIjwvZGl2PjwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+SGkgQWxlZTwvZGl2 PjxkaXY+PGJyPjwvZGl2PjxkaXY+SSB1c2VkIGZpcmVmb3gncyBrZXltYW5hZ2VyIHBsdWdpbiB0 byBkbyBzb21lIHNpbXBsZSB0ZXN0LiBKdXN0IGNvbm5lY3QgdG8gUkEgc2VydmVyIGFuZCBjbGlj ayBuZXh0IGFuZCBuZXh0ICx0aGVuIGVuY29udGVyZWQgdGhpcyBlcnJvci4gPC9kaXY+PGRpdj5C dXQgSSBkaWQndCBnbyB0aHJvdWdoIGFueSBzb3VyY2UgYWJvdXQgcGtpY2xpZW50LmNnaSAsc28g SSAnbSBub3Qgc3VyZSB3aGVyZSBpbnRyb2R1Y2UgdGhlIGZpbGUgcGtpY2xpZW50LnhtbC48L2Rp dj48ZGl2Pjxicj48L2Rpdj48ZGl2PmFub3RoZXIgcXVlc3Rpb24sPC9kaXY+PGRpdj5JZiB0aGUg Y2xpZW50IHJlcXVlc3QgY2FuIGNob29zZSBzb21lIGZpbGUgd2hpY2ggdXNlZCBieSBzZXJ2ZXIg Y2dpIGludGVybmFsbHksIGlzIHRoZXJlIGFueSBzZWN1cml0eSByaXNrPzwvZGl2PjxkaXY+PGRp dj48YnI+PC9kaXY+PGRpdj5CZXN0IFJlZ2FyZHM8L2Rpdj48ZGl2PnNiYWE8L2Rpdj48ZGl2Pjxi cj48L2Rpdj48ZGl2IHN0eWxlPSJmb250LXNpemU6IDEycHg7Zm9udC1mYW1pbHk6IEFyaWFsIE5h cnJvdztwYWRkaW5nOjJweCAwIDJweCAwOyI+LS0tLS0tLS0tLS0tLS0tLS0tINStyrzTyrz+IC0t LS0tLS0tLS0tLS0tLS0tLTwvZGl2PjxkaXYgc3R5bGU9ImZvbnQtc2l6ZTogMTJweDtiYWNrZ3Jv dW5kOiNlZmVmZWY7cGFkZGluZzo4cHg7Ij48ZGl2PjxiPreivP7Iyzo8L2I+Jm5ic3A7ImFsZWUi Jmx0O2FsZWVAcmVkaGF0LmNvbSZndDs7PC9kaXY+PGRpdj48Yj63osvNyrG85Do8L2I+Jm5ic3A7 MjAxM8TqNNTCMzDI1SjQx8batv4pINbQzucxOjA2PC9kaXY+PGRpdj48Yj7K1bz+yMs6PC9iPiZu YnNwOyL3vPfDw6giJmx0O3NiYWFAdmlwLnFxLmNvbSZndDs7IDx3YnI+PC9kaXY+PGRpdj48Yj6z rcvNOjwvYj4mbmJzcDsiUGtpLXVzZXJzIiZsdDtQa2ktdXNlcnNAcmVkaGF0LmNvbSZndDs7IDx3 YnI+PC9kaXY+PGRpdj48Yj7W98ziOjwvYj4mbmJzcDtSZTogu9i4tKO6ILvYuLSjuiBbUGtpLXVz ZXJzXSAiU2VjdXJpdHlEb21haW4gSFRUUFNBZG1pbiBVUkwgbm90IGZvdW5kICI8L2Rpdj48L2Rp dj48ZGl2Pjxicj48L2Rpdj5JIGRvbid0IHNlZSBhbnl0aGluZyBpbiB0aGUgY29kZSBhYm91dCBw a2ljbGllbnQueG1sLjxicj48YnI+Q2FuIHlvdSBkZXRhaWwgZXhhY3RseSB3aGF0IHlvdSBkaWQg dG8gdGVzdCBTQ0VQPzxicj5UaGFua3MsIDxicj5BZGU8YnI+PGJyPk9uIFN1biwgMjAxMy0wNC0y OCBhdCAxNToxMyArMDgwMCwg97z3w8OoIHdyb3RlOjxicj4mZ3Q7IEhpIEFsZWU8YnI+Jmd0OyA8 YnI+Jmd0OyA8YnI+Jmd0OyBUaGFuayB5b3UsIEkgZmluaXNoZWQgdGhlIGNvbmZpZ3VyYXRpb24g Zm9yIFJBIHNlcnZlciBieSBkaXNhYmxlPGJyPiZndDsgU0VsaW51eDxicj4mZ3Q7IEJ1dCB3aGVu IEkgdGVzdCB0aGUgU0NFUCBmZWF0dXJlLCBJIGdvdCBzdWNoIGVycm9yOjxicj4mZ3Q7IEluIGVy cm9yIGxvZzo8YnI+Jmd0OyBbU3VuIEFwciAyOCAwMzowNTo1Ni44OTExNjQgMjAxM10gWzplcnJv cl0gW3BpZCAxODIyOnRpZDxicj4mZ3Q7IDE0MDY5NjU2MDIwNzYxNl0gW1N1biBBcHIgMjggMDM6 MDU6NTYgMjAxM10gLWU6IENvdWxkIG5vdCBmaW5kPGJyPiZndDsgcGtpY2xpZW50LnhtbCBpbiAv dmFyL2xpYi9wa2ktcmEvZG9jcm9vdC9lZS9zY2VwLzxicj4mZ3Q7IGF0IC92YXIvbGliL3BraS1y YS9kb2Nyb290L2VlL3NjZXAvcGtpY2xpZW50LmNnaSBsaW5lIDgxLlxuPGJyPiZndDsgPGJyPiZn dDsgPGJyPiZndDsgb24gZmlyZWZveDo8YnI+Jmd0OyBTb2Z0d2FyZSBlcnJvcjo8YnI+Jmd0OyBD b3VsZCBub3QgZmluZCBwa2ljbGllbnQueG1sIGluIC92YXIvbGliL3BraS1yYS9kb2Nyb290L2Vl L3NjZXAvIGF0IC92YXIvbGliL3BraS1yYS9kb2Nyb290L2VlL3NjZXAvcGtpY2xpZW50LmNnaSBs aW5lIDgxLjxicj4mZ3Q7IDxicj4mZ3Q7IEZvciBoZWxwLCBwbGVhc2Ugc2VuZCBtYWlsIHRvIHRo ZSB3ZWJtYXN0ZXIgKHlvdUBleGFtcGxlLmNvbSksIGdpdmluZzxicj4mZ3Q7IHRoaXMgZXJyb3Ig bWVzc2FnZSBhbmQgdGhlIHRpbWUgYW5kIGRhdGUgb2YgdGhlIGVycm9yLiZuYnNwOyA8YnI+Jmd0 OyA8YnI+Jmd0OyA8YnI+Jmd0OyA8YnI+Jmd0OyA8YnI+Jmd0OyBUaGFua3M8YnI+Jmd0OyBzYmFh PGJyPiZndDsgLS0tLS0tLS0tLS0tLS0tLS0tINStyrzTyrz+IC0tLS0tLS0tLS0tLS0tLS0tLTxi cj4mZ3Q7ILeivP7IyzogImFsZWUiJmx0O2FsZWVAcmVkaGF0LmNvbSZndDs7PGJyPiZndDsgt6LL zcqxvOQ6IDIwMTPE6jTUwjI4yNUo0MfG2szsKSDPws7nMjowMDxicj4mZ3Q7IMrVvP7IyzogIve8 98PDqCImbHQ7c2JhYUB2aXAucXEuY29tJmd0OzsgPGJyPiZndDsgs63LzTogIlBraS11c2VycyIm bHQ7UGtpLXVzZXJzQHJlZGhhdC5jb20mZ3Q7OyA8YnI+Jmd0OyDW98ziOiBSZTogu9i4tKO6IFtQ a2ktdXNlcnNdICJTZWN1cml0eURvbWFpbiBIVFRQUyBBZG1pbiBVUkwgbm90IGZvdW5kPGJyPiZn dDsgIjxicj4mZ3Q7IDxicj4mZ3Q7IDxicj4mZ3Q7IEkgcmFuIGludG8gdGhlIHNhbWUgcHJvYmxl bTo8YnI+Jmd0OyA8YnI+Jmd0OyBUaGUgb25lIHlvdSB3YW50IGlzIGh0dHBzOi8vbG9jYWxob3N0 LmRvbWFpbjo4NDQzPGJyPiZndDsgPGJyPiZndDsgSSByZXNvbHZlZCB0aGlzIGJ5IHNldHRpbmcg c2VsaW51eCBpbiBwZXJtaXNzaXZlIG1vZGUuJm5ic3A7IEkgd2lsbCBmaWxlIGE8YnI+Jmd0OyBi dWcgYWdhaW5zdCBzZWxpbnV4IHBvbGljeSBvbiBNb25kYXkuPGJyPiZndDsgPGJyPiZndDsgQWRl PGJyPiZndDsgPGJyPiZndDsgT24gU3VuLCAyMDEzLTA0LTI4IGF0IDAyOjI3ICswODAwLCD3vPfD w6ggd3JvdGU6PGJyPiZndDsgJmd0OyBIaSBhbGVlPGJyPiZndDsgJmd0OyA8YnI+Jmd0OyAmZ3Q7 IDxicj4mZ3Q7ICZndDsgSSB0cmllZCBmb2xsb3dpbmcgdXJsczxicj4mZ3Q7ICZndDsgPGJyPiZn dDsgJmd0OyA8YnI+Jmd0OyAmZ3Q7IGh0dHBzOi8vbG9jYWxob3N0LmxvY2FsZG9tYWluOjg0NDM8 YnI+Jmd0OyAmZ3Q7IGh0dHBzOi8vbG9jYWxob3N0LmxvY2FsZG9tYWluOjg0NDMvY2E8YnI+Jmd0 OyAmZ3Q7IGh0dHA6Ly9sb2NhbGhvc3QubG9jYWxkb21haW46ODA4MDxicj4mZ3Q7ICZndDsgaHR0 cDovL2xvY2FsaG9zdC5sb2NhbGRvbWFpbjo4MDgwL2NhPGJyPiZndDsgJmd0OyA8YnI+Jmd0OyAm Z3Q7IDxicj4mZ3Q7ICZndDsgYnV0IGFsbCBmYWlsZWQuPGJyPiZndDsgJmd0OyA8YnI+Jmd0OyAm Z3Q7IDxicj4mZ3Q7ICZndDsgYW5kIGkgZm91bmQgc29tZSBpbmZvIGluIGVycm9yIGxvZyAoL3Zh ci9sb2cvcGtpLXJhL2Vycm9yX2xvZyApPGJyPiZndDsgJmd0OyBHRVQgL2NhL2FkbWluL2NhL2dl dFN0YXR1cyBIVFRQLzEuMDxicj4mZ3Q7ICZndDsgPGJyPiZndDsgJmd0OyA8YnI+Jmd0OyAmZ3Q7 IHBvcnQ6IDg0NDM8YnI+Jmd0OyAmZ3Q7IGFkZHI9J2xvY2FsaG9zdC5sb2NhbGRvbWFpbic8YnI+ Jmd0OyAmZ3Q7IGZhbWlseT0nMic8YnI+Jmd0OyAmZ3Q7IElQPScxMjcuMC4wLjEnPGJyPiZndDsg Jmd0OyBleGl0IGFmdGVyIFBSX0Nvbm5lY3Qgd2l0aCBlcnJvciAtNTk4NTo8YnI+Jmd0OyAmZ3Q7 IEdFVCAvY2EvYWRtaW4vY2EvZ2V0U3RhdHVzIEhUVFAvMS4wPGJyPiZndDsgJmd0OyA8YnI+Jmd0 OyAmZ3Q7IDxicj4mZ3Q7ICZndDsgcG9ydDogOTQ0NTxicj4mZ3Q7ICZndDsgYWRkcj0nbG9jYWxo b3N0LmxvY2FsZG9tYWluJzxicj4mZ3Q7ICZndDsgZmFtaWx5PScyJzxicj4mZ3Q7ICZndDsgSVA9 JzEyNy4wLjAuMSc8YnI+Jmd0OyAmZ3Q7IGV4aXQgYWZ0ZXIgUFJfQ29ubmVjdCB3aXRoIGVycm9y IC01OTYxOjxicj4mZ3Q7ICZndDsgPGJyPiZndDsgJmd0OyA8YnI+Jmd0OyAmZ3Q7IC0tLS0tLS0t LS0tLS0tLS0tLSDUrcq808q8/iAtLS0tLS0tLS0tLS0tLS0tLS08YnI+Jmd0OyAmZ3Q7ILeivP7I yzogIkFkZSBMZWUiJmx0O2FsZWVAcmVkaGF0LmNvbSZndDs7PGJyPiZndDsgJmd0OyC3osvNyrG8 5DogMjAxM8TqNNTCMjjI1SjQx8bazOwpIMHos78xOjA0PGJyPiZndDsgJmd0OyDK1bz+yMs6ICL3 vPfDw6giJmx0O3NiYWFAdmlwLnFxLmNvbSZndDs7IDxicj4mZ3Q7ICZndDsgs63LzTogIlBraS11 c2VycyImbHQ7UGtpLXVzZXJzQHJlZGhhdC5jb20mZ3Q7OyA8YnI+Jmd0OyAmZ3Q7INb3zOI6IFJl OiBbUGtpLXVzZXJzXSAiU2VjdXJpdHkgRG9tYWluIEhUVFBTIEFkbWluIFVSTCBub3QgZm91bmQg Ijxicj4mZ3Q7ICZndDsgPGJyPiZndDsgJmd0OyA8YnI+Jmd0OyAmZ3Q7IFdoYXQgdmFsdWUgYXJl IHlvdSBwdXR0aW5nIGluIGZvciB5b3VyIHNlY3VyaXR5IGRvbWFpbj88YnI+Jmd0OyAmZ3Q7IDxi cj4mZ3Q7ICZndDsgQWRlPGJyPiZndDsgJmd0OyBPbiBTYXQsIDIwMTMtMDQtMjcgYXQgMjM6Mzkg KzA4MDAsIPe898PDqCB3cm90ZTo8YnI+Jmd0OyAmZ3Q7ICZndDsgSGkgQWxsPGJyPiZndDsgJmd0 OyAmZ3Q7IEknYW0gYSBuZXcgdXNlciBvZiBkb2d0YWcuPGJyPiZndDsgJmd0OyAmZ3Q7IEkgdHJ5 IHRoZSBsYXRlc3QgYnVpbGQgMTAuMC4yLjxicj4mZ3Q7ICZndDsgJmd0OyBJIGluc3RhbGwgY2Eg c2VydmVyIHN1Y2Nlc3MsYnV0IHdoZW4gSSBjb25maWd1cmUgYSByYSBzdWJzeXN0ZW0sIDxicj4m Z3Q7ICZndDsgJmd0OyA8YnI+Jmd0OyAmZ3Q7ICZndDsgPGJyPiZndDsgJmd0OyAmZ3Q7IHVybCA6 PGJyPiZndDsgJmd0OyAmZ3Q7IGh0dHBzOi8vbG9jYWxob3N0LmxvY2FsZG9tYWluOjEyODkwL3Jh L2FkbWluL2NvbnNvbGUvY29uZmlnL3dpemFyZDxicj4mZ3Q7ICZndDsgJmd0OyA8YnI+Jmd0OyAm Z3Q7ICZndDsgPGJyPiZndDsgJmd0OyAmZ3Q7IGl0IGFsd2FyeXMgc2hvdyBlcnJvciAiU2VjdXJp dHkgRG9tYWluIEhUVFBTIEFkbWluIFVSTCBub3QgZm91bmQiPGJyPiZndDsgJmd0OyBhbmQ8YnI+ Jmd0OyAmZ3Q7ICZndDsgIiBDcmVhdGUgYSBOZXcgU2VjdXJpdHkgRG9tYWkiIGNhbm5vdCBiZSBj aG9vc2UuPGJyPiZndDsgJmd0OyAmZ3Q7IGFueSBpZGVhcz88YnI+Jmd0OyAmZ3Q7ICZndDsgPGJy PiZndDsgJmd0OyAmZ3Q7IDxicj4mZ3Q7ICZndDsgJmd0OyB0aGFua3M8YnI+Jmd0OyAmZ3Q7ICZn dDsgPGJyPiZndDsgJmd0OyAmZ3Q7IDxicj4mZ3Q7ICZndDsgJmd0OyBfX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzxicj4mZ3Q7ICZndDsgJmd0OyBQa2ktdXNl cnMgbWFpbGluZyBsaXN0PGJyPiZndDsgJmd0OyAmZ3Q7IFBraS11c2Vyc0ByZWRoYXQuY29tPGJy PiZndDsgJmd0OyAmZ3Q7IGh0dHBzOi8vd3d3LnJlZGhhdC5jb20vbWFpbG1hbi9saXN0aW5mby9w a2ktdXNlcnM8YnI+Jmd0OyAmZ3Q7IDxicj4mZ3Q7ICZndDsgPGJyPiZndDsgJmd0OyAuPGJyPiZn dDsgJmd0OyA8YnI+Jmd0OyA8YnI+Jmd0OyA8YnI+Jmd0OyAuPGJyPiZndDsgPGJyPjxicj48YnI+ Ljxicj48L2Rpdj48L2Rpdj48L2Rpdj4= --===============1766357621391069681==-- From alee at redhat.com Thu May 2 22:09:30 2013 Content-Type: multipart/mixed; boundary="===============1744148073920039323==" MIME-Version: 1.0 From: Ade Lee To: users at lists.dogtagpki.org Subject: [Pki-users] Announcing the release of Dogtag 10.0.2 Date: Thu, 02 May 2013 22:09:29 -0400 Message-ID: <1367546969.7810.35.camel@aleeredhat.laptop> --===============1744148073920039323== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable The Dogtag team is proud to announce the second errata build for = Dogtag v10.0.0. = Builds are available for Fedora 18 and Fedora 19 in the updates-testing repo. Please try it out and provide karma to move them to the F18 and F19 stable repos. Daily developer builds for Fedora 17, 18 and 19 are available at http://nkinder.fedorapeople.org/dogtag-devel/fedora/ =3D=3D Build Versions =3D=3D pki-core-10.0.2-2 pki-ra-10.0.2-2 pki-tps-10.0.2-2 dogtag-pki-10.0.2-1 dogtag-pki-theme-10.0.2-1 pki-console-10.0.2-2 =3D=3D Highlights since Dogtag v. 10.0.1 =3D=3D * A new Python client framework has been written to connect to the restful interface on the java subsystems. This interface was used for some installation functionality and will continue to be expanded. * pkispawn and pkidestroy were modified to use the new Python client framework and the dependency on jython was eliminated. * The installation interfaces were changed so that most of the installation interactions take place over the admin interface. * New command line parameters have been added to pkidestroy to provide the username and password of the security domain administrator to update the security domain. Formerly, no credentials were required because we used the subsystem certificate of the subsystem for authentication. The new method provides better auditing as to exactly who is de-registering and removing a subsystem. As such, use of the new options is recommended, and will be made mandatory in a future release. * Although it is possible to run Dogtag 9 style instances on Dogtag 10, these instances do not have the required configuration to expose the RESTful interface. A new servlet has been added to return 501 (Not implemented) on these instances when the REST URLs are accessed. This is only applicable on Fedora 18 (See Fedora 19 note below). * A new interactive mode has been added to pkispawn and pkidestroy. In this mode, users are prompted for details in order to set up the most basic servers. Any customizations would still need to be done through configuration files. Interactive mode is an excellent way for users to set up a server and become familiar with Dogtag. * Support has been added for the random generation of serial numbers for certificates issued. More details about this feature and how to enable it can be found here: = http://pki.fedoraproject.org/wiki/Random_Certificate_Serial_Numbers * Nonces are used in Dogtag to prevent cross-site request forgery and replay attack, but they were stored in a global list. To prevent possible collisions with other user's nonces, they are now stored in each user's session. * Previously, session IDs were generated using /dev/random, which may block under certain circumstances, making server startup slow. To avoid this, the server configuration has been changed to use PKCS11PRNG provided by JSS. * A new upgrade framework has been added to allow instances to be automatically upgraded when new packages are installed. This framework will be used to eventually remove the need for migrations between releases. The upgrade scripts are invoked by postinstall scriptlets in the pki-base and pki-server packages. On completing an upgrade, users should check the upgrade logs in /var/log/pki/pki-upgrade-*.log and /var/log/pki/pki-server-upgrade-*.log for any errors. The upgrade scripts (pki-upgrade and pki-server-upgrade) can also be run manually. Additional troubleshooting information can be found at: http://pki.fedoraproject.org/wiki/Upgrade * New CLI has been added to simplify client certificate management including importing and trusting CA certificates. * Previously, the pki CLI tool used the same parameter (-w) to specify both user and client certificate database passwords. The CLI has been modified to use a new parameter (-c) for the database password, and -w for the user password. * Multiple additional fixes to pkispawn, pkidestroy, pki and their man pages. =3D=3D Notes on Fedora 19 =3D=3D Fedora 19 does not provide tomcat 6. Dogtag 9 style instances will therefore no longer work on Fedora 19. These instances need to be migrated to Dogtag 10. To prevent inadvertently disabling Dogtag instances, code has been added to prevent upgrades to Fedora 19 if Dogtag 9 instances exist. Details on how to upgrade Dogtag 9 instances and workarounds can be found at: http://pki.fedoraproject.org/wiki/Migrating_Dogtag_9_Instances_to_Dogtag_10 =3D=3D Detailed Changes since Dogtag v. 10.0.1 =3D=3D akoneru (23): #191 Map REST exceptions to HTTP status codes #217 CLI should display message on operations that complete with error #290 Add hints to option descriptions for cert-find cli command #383 Extend coverity tests to scan other subsystems (TPS, etc.) #452 Dogtag 10: Fix minor RA and TPS Configuration Wizard Panel issues #465 Verify 'pki_backup_keys=3DTrue' if 'pki_backup_password'is set #470 Prevent concurrent execution of pkispawn/pkidestroy #471 Update man pages for interactive pkispawn/pkidestroy #493 interpolation in pkispawn scripts should not apply to passwords #502 Change pkidestroy "-w" option to require a password file #507 Mark pki.conf as configuration file in RPM spec #509 man page for pkispawn should be modified to specify = pki_ca_signing_subject_dn when setting up subordinate CA #514 Clean up pkispawn output #521 Separate python deployment engine from python deployment = scriptlets source code #525 Incorrect info in pkispawn man page #536 Catch keyboard interrupt #542 Remove all "respawn()" logic from "pkispawn" #543 Incorrect user-show usage. #549 PKCS10Client tool throws java exception NoClassDefFoundError #563 Use timeout in configuration script #566 Mask sensitive parameters in archived config #592 pkispawn not reporting the error message when exceptions are thrown #593 Error caused by JSON Configuration result decoding when installing = CA clone alee (9): #232 add python binding for pkispawn/ pkidestroy #419 REST interface for cert requests #532 refactor pkispawn to use new python client #546 Upgrade script for clone installation #564 Rename base/deploy to base/server #589 dependency needed for java-atk-wrapper in f19 #578 Rest API does not work on d9 -> d10 upgrade instances #590 pki-base needs to deliver /var/log/pki #597 Create 10.0.2 builds awnuk (7): #569 Port support for random certificate serial numbers to Dogtag 10 #570 Port patch allowing to support random certificate serial numbers = for system certificates to Dogtag 10 #579 Port patch allowing to clone CA with random serial number enabled. #580 Port patch allowing to restart CA clone during configuration = change to random serial numbers. #584 Port patch including system certificates with random serial = numbers in the certificate counter. BZ 955784 - Correct Javascript inability to handle big numbers BZ 951501 - Coorects key IDs miscalculated by Javascript cfu (6): BZ 929043 - serverCert.profile with SAN results in SubjectAltNameException BZ 927545 - Transport Cert signing Algorithm doesn't show ECC Signing Algorithm BZ 904289 - Add ECC Support to Certificate Profiles BZ 902952 - RFE: Revocation routing with TPS and multiple non-cloned CAs BZ 903401 - TMS: RSA token enrollment failed : public key decode error #362 CMC ECC = edewata (24) #190 REST interface for user-group membership. #291 Fix forma of validityUnit option in cert-find command #380 default install: part 2 #472 pkispawn should test DS info #473 pkispawn should test security domain info #474 Session-based nonces #476 Limit username & password authentication #477 Annotation for authentication methods #491 Prompt CLI user on certificate warnings. #497 Date format for cert-find #498 [RFE] Add dates to cert-find output #500 validityCount option returns 500 error #501 Add cert status option to cert-find #503 Dogtag 10: Security Domain Issues #511 Add cert-request-show command. #520 CLI returns 0 on error #523 Add CLI option to capture HTTP data #524 Tomcat blocks during startup #535 python-requests compatibility problem #541 Use FQDN instead of localhost in CLI #544 Implement upgrade framework #545 Upgrade script for random number generator #553 pki.conf needs to be delivered by pki-base #598 Upgrade script for JNI_JAR_DIR jmagne (1): #587 ipa-server-install crashes due to sslget error mharmsen (7): #409 Add pkispawn option to not copy the UI pieces (gifs, templates). #488 Dogtag 10: Fix cli 'cert-find' clientAuth issue #517 Clean up theme dependencies #518 Remove UI dependencies from pkispawn #602 pkiconsole cannot find 'jss4.jar' on Fedora 19 BZ 947524 - Clone installation does not work over NAT BZ 919476 - pkispawn crashes due to dangling symlink to jss4.jar --===============1744148073920039323==-- From sbaa at vip.qq.com Fri May 3 06:21:07 2013 Content-Type: multipart/mixed; boundary="===============4328968739546834675==" MIME-Version: 1.0 From: =?utf-8?q?=E9=AA=B7=E9=AB=85=E7=8C=AB_=3Csbaa_at_vip=2Eqq=2Ecom=3E?= To: users at lists.dogtagpki.org Subject: [Pki-users] iphone's scep function with dogtag Date: Fri, 03 May 2013 18:20:59 +0800 Message-ID: --===============4328968739546834675== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Hi All Who tried the SCEP feature with iphone? I tested on iphone 4s, it return "invalid response". = Thanks sbaa --===============4328968739546834675== Content-Type: text/html MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.html" PGRpdj5IaSBBbGw8L2Rpdj48ZGl2Pjxicj48L2Rpdj48ZGl2PldobyB0cmllZCB0aGUgU0NFUCBm ZWF0dXJlIHdpdGggaXBob25lPzwvZGl2PjxkaXY+SSB0ZXN0ZWQgb24gaXBob25lIDRzLCBpdCBy ZXR1cm4gImludmFsaWQgcmVzcG9uc2UiLiZuYnNwOzwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+ PGJyPjwvZGl2PjxkaXY+VGhhbmtzPC9kaXY+PGRpdj5zYmFhPC9kaXY+ --===============4328968739546834675==-- From jdennis at redhat.com Fri May 3 09:49:23 2013 Content-Type: multipart/mixed; boundary="===============2219766015492958857==" MIME-Version: 1.0 From: John Dennis To: users at lists.dogtagpki.org Subject: Re: [Pki-users] [Pki-announce] Announcing the release of Dogtag 10.0.2 Date: Fri, 03 May 2013 09:49:19 -0400 Message-ID: <5183C05F.1070300@redhat.com> In-Reply-To: 1367546969.7810.35.camel@aleeredhat.laptop --===============2219766015492958857== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable On 05/02/2013 10:09 PM, Ade Lee wrote: > The Dogtag team is proud to announce the second errata build for > Dogtag v10.0.0. Just wanted to say the CS team is doing great work. Thanks for all these = improvements! John -- = John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ --===============2219766015492958857==-- From thomas.moyer at ll.mit.edu Fri May 3 09:57:10 2013 Content-Type: multipart/mixed; boundary="===============2190677985854118986==" MIME-Version: 1.0 From: Moyer, Thomas - 0558 - MITLL To: users at lists.dogtagpki.org Subject: Re: [Pki-users] Announcing the release of Dogtag 10.0.2 Date: Fri, 03 May 2013 09:57:01 -0400 Message-ID: In-Reply-To: 1367546969.7810.35.camel@aleeredhat.laptop --===============2190677985854118986== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Is there documentation on the REST interface that I can look at? I've found some examples, but nothing that outlines everything. Also, does the Python client framework support querying for certificates, or is it just for the initial deployment? Thanks! -Tom On 5/2/13 10:09 PM, "Ade Lee" wrote: >The Dogtag team is proud to announce the second errata build for >Dogtag v10.0.0. = > >Builds are available for Fedora 18 and Fedora 19 in the updates-testing >repo. Please try it out and provide karma to move them to the F18 and >F19 stable repos. > >Daily developer builds for Fedora 17, 18 and 19 are available at >http://nkinder.fedorapeople.org/dogtag-devel/fedora/ > >=3D=3D Build Versions =3D=3D >pki-core-10.0.2-2 >pki-ra-10.0.2-2 >pki-tps-10.0.2-2 >dogtag-pki-10.0.2-1 >dogtag-pki-theme-10.0.2-1 >pki-console-10.0.2-2 > >=3D=3D Highlights since Dogtag v. 10.0.1 =3D=3D >* A new Python client framework has been written to connect to the >restful interface on the java subsystems. This interface was used >for some installation functionality and will continue to be expanded. > >* pkispawn and pkidestroy were modified to use the new Python client >framework and the dependency on jython was eliminated. > >* The installation interfaces were changed so that most of the >installation interactions take place over the admin interface. > >* New command line parameters have been added to pkidestroy to provide >the username and password of the security domain administrator to update >the security domain. Formerly, no credentials were required because we >used the subsystem certificate of the subsystem for authentication. The >new method provides better auditing as to exactly who is de-registering >and removing a subsystem. As such, use of the new options is >recommended, and will be made mandatory in a future release. > >* Although it is possible to run Dogtag 9 style instances on Dogtag 10, >these instances do not have the required configuration to expose the >RESTful interface. A new servlet has been added to return 501 (Not >implemented) on these instances when the REST URLs are accessed. This >is only applicable on Fedora 18 (See Fedora 19 note below). > >* A new interactive mode has been added to pkispawn and pkidestroy. In >this mode, users are prompted for details in order to set up the most >basic servers. Any customizations would still need to be done through >configuration files. Interactive mode is an excellent way for users to >set up a server and become familiar with Dogtag. > >* Support has been added for the random generation of serial numbers for >certificates issued. More details about this feature and how to enable >it can be found here: >http://pki.fedoraproject.org/wiki/Random_Certificate_Serial_Numbers > > >* Nonces are used in Dogtag to prevent cross-site request forgery and >replay attack, but they were stored in a global list. To prevent >possible collisions with other user's nonces, they are now stored in >each user's session. > >* Previously, session IDs were generated using /dev/random, which may >block under certain circumstances, making server startup slow. To avoid >this, the server configuration has been changed to use PKCS11PRNG >provided by JSS. > >* A new upgrade framework has been added to allow instances to be >automatically upgraded when new packages are installed. This framework >will be used to eventually remove the need for migrations between >releases. The upgrade scripts are invoked by postinstall scriptlets in >the pki-base and pki-server packages. On completing an upgrade, users >should check the upgrade logs in /var/log/pki/pki-upgrade-*.log >and /var/log/pki/pki-server-upgrade-*.log for any errors. The upgrade >scripts (pki-upgrade and pki-server-upgrade) can also be run manually. >Additional troubleshooting information can be found at: >http://pki.fedoraproject.org/wiki/Upgrade > >* New CLI has been added to simplify client certificate management >including importing and trusting CA certificates. > >* Previously, the pki CLI tool used the same parameter (-w) to specify >both user and client certificate database passwords. The CLI has been >modified to use a new parameter (-c) for the database password, and -w >for the user password. > >* Multiple additional fixes to pkispawn, pkidestroy, pki and their man >pages. > >=3D=3D Notes on Fedora 19 =3D=3D >Fedora 19 does not provide tomcat 6. Dogtag 9 style instances will >therefore no longer work on Fedora 19. These instances need to be >migrated to Dogtag 10. > >To prevent inadvertently disabling Dogtag instances, code has been added >to prevent upgrades to Fedora 19 if Dogtag 9 instances exist. Details >on how to upgrade Dogtag 9 instances and workarounds can be found at: >http://pki.fedoraproject.org/wiki/Migrating_Dogtag_9_Instances_to_Dogtag_1 >0 > >=3D=3D Detailed Changes since Dogtag v. 10.0.1 =3D=3D > >akoneru (23): >#191 Map REST exceptions to HTTP status codes >#217 CLI should display message on operations that complete with error >#290 Add hints to option descriptions for cert-find cli command >#383 Extend coverity tests to scan other subsystems (TPS, etc.) >#452 Dogtag 10: Fix minor RA and TPS Configuration Wizard Panel issues >#465 Verify 'pki_backup_keys=3DTrue' if 'pki_backup_password'is set >#470 Prevent concurrent execution of pkispawn/pkidestroy >#471 Update man pages for interactive pkispawn/pkidestroy >#493 interpolation in pkispawn scripts should not apply to passwords >#502 Change pkidestroy "-w" option to require a password file >#507 Mark pki.conf as configuration file in RPM spec >#509 man page for pkispawn should be modified to specify > pki_ca_signing_subject_dn when setting up subordinate CA >#514 Clean up pkispawn output >#521 Separate python deployment engine from python deployment > scriptlets source code >#525 Incorrect info in pkispawn man page >#536 Catch keyboard interrupt >#542 Remove all "respawn()" logic from "pkispawn" >#543 Incorrect user-show usage. >#549 PKCS10Client tool throws java exception NoClassDefFoundError >#563 Use timeout in configuration script >#566 Mask sensitive parameters in archived config >#592 pkispawn not reporting the error message when exceptions are thrown >#593 Error caused by JSON Configuration result decoding when installing > CA clone > >alee (9): >#232 add python binding for pkispawn/ pkidestroy >#419 REST interface for cert requests >#532 refactor pkispawn to use new python client >#546 Upgrade script for clone installation >#564 Rename base/deploy to base/server >#589 dependency needed for java-atk-wrapper in f19 >#578 Rest API does not work on d9 -> d10 upgrade instances >#590 pki-base needs to deliver /var/log/pki >#597 Create 10.0.2 builds > >awnuk (7): >#569 Port support for random certificate serial numbers to Dogtag 10 >#570 Port patch allowing to support random certificate serial numbers > for system certificates to Dogtag 10 >#579 Port patch allowing to clone CA with random serial number enabled. >#580 Port patch allowing to restart CA clone during configuration > change to random serial numbers. >#584 Port patch including system certificates with random serial > numbers in the certificate counter. >BZ 955784 - Correct Javascript inability to handle big numbers >BZ 951501 - Coorects key IDs miscalculated by Javascript > > >cfu (6): >BZ 929043 - serverCert.profile with SAN results in >SubjectAltNameException >BZ 927545 - Transport Cert signing Algorithm doesn't show ECC Signing >Algorithm >BZ 904289 - Add ECC Support to Certificate Profiles >BZ 902952 - RFE: Revocation routing with TPS and multiple non-cloned CAs >BZ 903401 - TMS: RSA token enrollment failed : public key decode error >#362 CMC ECC = > >edewata (24) >#190 REST interface for user-group membership. >#291 Fix forma of validityUnit option in cert-find command >#380 default install: part 2 >#472 pkispawn should test DS info >#473 pkispawn should test security domain info >#474 Session-based nonces >#476 Limit username & password authentication >#477 Annotation for authentication methods >#491 Prompt CLI user on certificate warnings. >#497 Date format for cert-find >#498 [RFE] Add dates to cert-find output >#500 validityCount option returns 500 error >#501 Add cert status option to cert-find >#503 Dogtag 10: Security Domain Issues >#511 Add cert-request-show command. >#520 CLI returns 0 on error >#523 Add CLI option to capture HTTP data >#524 Tomcat blocks during startup >#535 python-requests compatibility problem >#541 Use FQDN instead of localhost in CLI >#544 Implement upgrade framework >#545 Upgrade script for random number generator >#553 pki.conf needs to be delivered by pki-base >#598 Upgrade script for JNI_JAR_DIR > >jmagne (1): >#587 ipa-server-install crashes due to sslget error > >mharmsen (7): >#409 Add pkispawn option to not copy the UI pieces (gifs, templates). >#488 Dogtag 10: Fix cli 'cert-find' clientAuth issue >#517 Clean up theme dependencies >#518 Remove UI dependencies from pkispawn >#602 pkiconsole cannot find 'jss4.jar' on Fedora 19 >BZ 947524 - Clone installation does not work over NAT >BZ 919476 - pkispawn crashes due to dangling symlink to jss4.jar > > >_______________________________________________ >Pki-users mailing list >Pki-users(a)redhat.com >https://www.redhat.com/mailman/listinfo/pki-users --===============2190677985854118986== Content-Type: application/pkcs7-signature MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIIUEgYJKoZIhvcNAQcCoIIUAzCCE/8CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCEfUw ggTUMIIDvKADAgECAgpbnpTCAAAAAE9nMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNVBAYTAlVTMR8w HQYDVQQKExZNSVQgTGluY29sbiBMYWJvcmF0b3J5MQwwCgYDVQQLEwNQS0kxEzARBgNVBAMTCk1J VExMIENBLTIwHhcNMTIwODI0MTMzNzMyWhcNMTMwODI0MTMzNzMyWjBhMQswCQYDVQQGEwJVUzEf MB0GA1UEChMWTUlUIExpbmNvbG4gTGFib3JhdG9yeTEPMA0GA1UECxMGUGVvcGxlMSAwHgYDVQQD ExdNb3llci5UaG9tYXMuTS41MDAxMjcxNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AN2kzL21gle2n6FJ68b7s6rhJUZWK4zTnKN9TD7tGS1mLNuDkO55g8tKHf8g+TM5nK89anV960D+ 4cwbWK4sbs9pQcrrSlzhQJhsZ4QSqMWsT9Gzq2qucaSwTge3LuySmA/8JPbVa3c+sSQNYc6qkbGK g97WYA+CP/CKknN8yS14S2OX1W27GJsTzF4c84YaB1qRBAwfBQMFbd51AfZ5j0c6isk0ov8kJkyY rqHKj4qbOG8WjvmSkPA+pXcbwUEnWXJLtCZZ4+aZIQ2Sv7DE35urlrzYjrY6ENUzDV5dy86oFKjf 8nJFiIV6NtYVSkRVOK2e5KqsGpIdcAOpTJus/y8CAwEAAaOCAZwwggGYMB0GA1UdDgQWBBQVe66M 3+xu+px9yukwqwj+SAbDUTAOBgNVHQ8BAf8EBAMCBsAwHwYDVR0jBBgwFoAUjkp9iaFjFxyBiDRX NyZFXhmKfiQwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5sbC5taXQuZWR1L2dldGNybC9M TENBMjBiBggrBgEFBQcBAQRWMFQwLQYIKwYBBQUHMAKGIWh0dHA6Ly9jcmwubGwubWl0LmVkdS9n ZXR0by9MTENBMjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AubGwubWl0LmVkdS8wDAYDVR0TAQH/ BAIwADA9BgkrBgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiDg+Udh+ynZoathxWD6vBFhbahHx2Fy94y h/+KcwIBZAIBBTAiBgNVHSUBAf8EGDAWBggrBgEFBQcDBAYKKwYBBAGCNwoDDDAYBgNVHSAEETAP MA0GCyqGSIb3EgIBAwEIMCIGA1UdEQQbMBmBF3Rob21hcy5tb3llckBsbC5taXQuZWR1MA0GCSqG SIb3DQEBCwUAA4IBAQCUlrkm+GfYTCj6nbpoLyXLDymErn/IuDj+nzH2IAWCjSyo4Nbeu4hDAaXg bMtbweHWdgFSy9KeyricQO1T0LTY+nG7dcl4gP7Vwb7/Yz5/XHYdjynATFgonjWaLmNQQtPR5xTc cEg+WYEXIUks11te7R21Xcq9xcVRpkEGJH+lCGkmLJBFPHTGqCgM/WwtQEu3T8JOBbYKmNmdZZ9n vwFrttjG8PEyNIIiWIxoy/WI9DDgfNOVeIjwDUU5GIyaA3Oa2hiRkmyLot8cIAWZoxCZXs43/ydl PsrU/TUuhwpG+OjOo6n2sd0OaExHv4A1p3nrn/+uH/BCvxHY9oX9GepKMIIEtzCCA5+gAwIBAgIB FDANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWTUlUIExpbmNvbG4gTGFi b3JhdG9yeTEMMAoGA1UECxMDUEtJMRYwFAYDVQQDEw1NSVRMTCBSb290IENBMB4XDTA5MTIxNDEy MDAwMFoXDTE1MTIzMTIzNTk1OVowUTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFk1JVCBMaW5jb2xu IExhYm9yYXRvcnkxDDAKBgNVBAsTA1BLSTETMBEGA1UEAxMKTUlUTEwgQ0EtMjCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKcEyyNhSIfsN6AzBwVhZkzo6SdjNGAQ7mA2A8T0kmdCB8MH 6jWjVVMwFZwlg9cgjgLKEuEO9KN8K9M8jgeZEMoinlRfk3YELPC7sEkkzBQkcVpLhEwALue9iHow gSLGmXZpYKmRhfvhvYJ4MNCuIaWpcK/GaDZCE+U2aTg42kv/zQrH3AoqFX81OF7niwXNnanP1hQR fkMTRrnaEW8DX0TMaG/t9Ry5xSMrLTNc9DvQtjA5ZcuWnECiUpyDBFWxLr9yx7xgf1/LwgCxcoBe KSBBoWzkQmKAsgMo9Mq1Fp/nnIqw5FKmgOs7Vy+6e0Dk+cgf+oAV8AK8ZFMQrVE0uH0CAwEAAaOC AZUwggGRMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFI5KfYmhYxccgYg0VzcmRV4Zin4k MB8GA1UdIwQYMBaAFGeqes/0Cqa5crWKoNKd8hDDQ+0pMA4GA1UdDwEB/wQEAwIBhjBhBggrBgEF BQcBAQRVMFMwLQYIKwYBBQUHMAKGIWh0dHA6Ly9jcmwubGwubWl0LmVkdS9nZXR0bz9MTFJDQTAi BggrBgEFBQcwAYYWaHR0cDovL29jc3AubGwubWl0LmVkdTAzBgNVHR8ELDAqMCigJqAkhiJodHRw Oi8vY3JsLmxsLm1pdC5lZHUvZ2V0Y3JsP0xMUkNBMIGSBgNVHSAEgYowgYcwDQYLKoZIhvcSAgED AQYwDQYLKoZIhvcSAgEDAQgwDQYLKoZIhvcSAgEDAQcwDQYLKoZIhvcSAgEDAQkwDQYLKoZIhvcS AgEDAQowDQYLKoZIhvcSAgEDAQswDQYLKoZIhvcSAgEDAQ4wDQYLKoZIhvcSAgEDAQ8wDQYLKoZI hvcSAgEDARAwDQYJKoZIhvcNAQELBQADggEBAIh3BqHQ/XH8C6DCL+eEGroOzxBcCqTNItmsv4MA NaOTodgU2jrjHcGjXlzqhpb8ZxOlkAK3dK09rc6+yACcoK2TzVtDRZXYxov/SqZRjI3dufU2JatA PxosCyy/1otjl1TKUY47Wvft31vdf5i0XK2DQVEJ+XlqtgBiFTVIMIfBJwPajrsiz+pgFEYwhhwJ xvs8flSi0FLCE77VYLEioP5hxG6zIPeQRxzh1bogbfphWHHtoiTDkBSZ4UfvGXQTVf7QjhD5yYw1 0yICtjHmtgbfgBkH5/vvR92NY9RSlNPzZqmGKIia61bJCmagRYGyexfedVNF0cJWL4J/cLHhgNYw ggODMIICa6ADAgECAgEBMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZN SVQgTGluY29sbiBMYWJvcmF0b3J5MQwwCgYDVQQLEwNQS0kxFjAUBgNVBAMTDU1JVExMIFJvb3Qg Q0EwHhcNMDgwOTIzMTIwMDAwWhcNMjkxMjMxMjM1OTU5WjBUMQswCQYDVQQGEwJVUzEfMB0GA1UE ChMWTUlUIExpbmNvbG4gTGFib3JhdG9yeTEMMAoGA1UECxMDUEtJMRYwFAYDVQQDEw1NSVRMTCBS b290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxU4pF1iyJrL5rYq/XBAKg93k CTATG7Bw0NGFpEJ1A3Xsr6UIIq9/1VJBOgCwDqrVsAK1lRwy/lkrHzPkobiMr1wzjQ28SR/9sg5k AcmrMqBYbc302qtwCGKZxdNdhAh2nUOCO10AMpUsCNdpikPY9ukT8lsA+eorM4Q1rc/L0J6AHRpt OU7IuDBdZj+tdNb7gv+GKknr6wj9m2sVGawoaG7AAqhsWvQUM/q4h/H5FpYlwnVAEh2AzhqiG9bw l6uJJIzJ/8uUWldNkVwz1I5fR/vCaxiLXIW4oUydBuRKTG+ekEoxHGuD73yx5JtsSciS8HQL2oEM 8tv+VAC+albqgwIDAQABo2AwXjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRnqnrP9AqmuXK1 iqDSnfIQw0PtKTAfBgNVHSMEGDAWgBRnqnrP9AqmuXK1iqDSnfIQw0PtKTALBgNVHQ8EBAMCAYYw DQYJKoZIhvcNAQEFBQADggEBAD4bbQVg0Hh42EpYX4/JPkNS3OUAEWR/YgzZUY1QGi9rQZ4pfcjU 1/TaoNT8Y7Yf0RO+e9NiG9+BDhQH/kQiZOQo9rv9NUb8xDtKCYCad7zEQtVsYsWuvK2XLw/Ji1m2 eBvoOB4RS/5LAWfNws7W+DWt2ayzeTCyrLSrx7ZVgBjzNOm0TPIkbfppdwgxuo7FZL8ts+M2492A l87d3VasevUS1pprRBEupChmPTt1hjtajkQOpT4BQAzP1lVEYrWzlv+O/lbP9iujKpYWcfYqQ3FG f37YCvuDeues4xm+nqmyraNsNeI8Gh3XDIwqfzHnLhy4Y80VyqN/Jj8df3SK9AAwggTXMIIDv6AD AgECAgpbn2n6AAAAAE9oMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZN SVQgTGluY29sbiBMYWJvcmF0b3J5MQwwCgYDVQQLEwNQS0kxEzARBgNVBAMTCk1JVExMIENBLTIw HhcNMTIwODI0MTMzODI3WhcNMTMwODI0MTMzODI3WjBhMQswCQYDVQQGEwJVUzEfMB0GA1UEChMW TUlUIExpbmNvbG4gTGFib3JhdG9yeTEPMA0GA1UECxMGUGVvcGxlMSAwHgYDVQQDExdNb3llci5U aG9tYXMuTS41MDAxMjcxNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAInOjv4PcQYS wcse3b/iU13ufWpydhGF1zKyWx6Vxn7EhTdIiVqRZSWEEhUN54ZZvcNCjJigjNc92nS7/DZ6QzHT DuWlIvgi76xgl8bbK6oCKEv80+LBZKd4w3O8G0D3JakwveWWT1jZJXRG0QT6y9Xy4ENiWleon60U AKD5frJtnNu3AH8ElATkuh5iPyMzvvZ+dthAeVjyOnYiRTI3/z+8nWrY2Yxd5dumg8YuGP4Xg24l hSzxRFluqflWytRyjOabskU4bjjW9MTMhLXDR5P1UG1ilkCG1CK883No8b4QguQhMTCPv4/3vta3 E2V3m1APGCJfn9GNXaJTi4/369ECAwEAAaOCAZ8wggGbMB0GA1UdDgQWBBQ/lnMko0FQsFkSo7eG shVplcTtnDAOBgNVHQ8BAf8EBAMCBSAwHwYDVR0jBBgwFoAUjkp9iaFjFxyBiDRXNyZFXhmKfiQw MwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5sbC5taXQuZWR1L2dldGNybC9MTENBMjBiBggr BgEFBQcBAQRWMFQwLQYIKwYBBQUHMAKGIWh0dHA6Ly9jcmwubGwubWl0LmVkdS9nZXR0by9MTENB MjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AubGwubWl0LmVkdS8wDAYDVR0TAQH/BAIwADA9Bgkr BgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiDg+Udh+ynZoathxWD6vBFhbahHx2F69Bwg+vtIAIBZAIB BDAlBgNVHSUEHjAcBgRVHSUABggrBgEFBQcDBAYKKwYBBAGCNwoDBDAYBgNVHSAEETAPMA0GCyqG SIb3EgIBAwEIMCIGA1UdEQQbMBmBF3Rob21hcy5tb3llckBsbC5taXQuZWR1MA0GCSqGSIb3DQEB CwUAA4IBAQBwwPS4BoKbBymCVEqjxedOV4E5Fru8DwWklJ3GD7C+wttuGXTKfy51Jdb2fySXLKSr hXZ0hM4c8gdUpOZN8SShDXFFdHt3pc5k4ZW2JBvkTv3MYDr3UIJqQMpuKx5S/yZjOgcsIuDHzwa6 Wh+YwlEa1eiJJ3KYdqKQiKUht0ogXAJK/UfbUraLTKBrHYFAzDC5a2bgDjS4yDGfx7M1hWHAXYEq NcXp9MTPhCayleDpFAeBsNdihvFzuQfXJioY3hHlTf36w7GE4RMfnEHvrZzVvfZ4kDkN0Eta85cj 8Oc/YtYN/j9RaFkZzw+MsygDhUDMPuyBVvdnP6L1gdK5yCyCMYIB5TCCAeECAQEwXzBRMQswCQYD VQQGEwJVUzEfMB0GA1UEChMWTUlUIExpbmNvbG4gTGFib3JhdG9yeTEMMAoGA1UECxMDUEtJMRMw EQYDVQQDEwpNSVRMTCBDQS0yAgpbnpTCAAAAAE9nMAkGBSsOAwIaBQCgXTAjBgkqhkiG9w0BCQQx FgQUh5HSD3vHKrp9YKvxqPJaqtoPBvwwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG 9w0BCQUxDxcNMTMwNTAzMTM1NzAxWjANBgkqhkiG9w0BAQEFAASCAQCucwhbqVHzxUy0zbRLOZ3P zCLKY9m4F3R7Bc2OcX5HQ4Ty1RuR/2TJdHPvt8uEeBwlFMGJ+IZ7D92heAw1D6Hit5ciCHniVipp kRmz9gxPbk3ImKHD1nlA/UyHVZBqaCNBompHZQ6wRPJPgZSpU2pY7rxeqY3WwCIMuMfbGsa0/nHh D8Utzi3aokfNvlhvLCl5JuPtF7w7wl9xyeZIK3nMDHjFzmo5c/qnP/PhXBRoIKYxOIEC8KNMO0dD TkKdarhwiHV79Vb8L0iGDqzxk+skWoR/AxDtvUEMmO6SCaNEwAmT/ZaVCZ30yaA3DpTzpCx4dZ0/ ToqMOv1RGpQOK+OI --===============2190677985854118986==-- From awnuk at redhat.com Fri May 3 12:56:36 2013 Content-Type: multipart/mixed; boundary="===============9175952309556281484==" MIME-Version: 1.0 From: Andrew Wnuk To: users at lists.dogtagpki.org Subject: Re: [Pki-users] iphone's scep function with dogtag Date: Fri, 03 May 2013 09:55:40 -0700 Message-ID: <5183EC0C.6050808@redhat.com> In-Reply-To: tencent_6874AA6024AAF9DB4E019A4A@qq.com --===============9175952309556281484== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable On 05/03/2013 03:20 AM, =E9=AA=B7=E9=AB=85=E7=8C=AB wrote: > Hi All > > Who tried the SCEP feature with iphone? > I tested on iphone 4s, it return "invalid response". > > > Thanks > sbaa > Could you provide more details? Thank you, Andrew --===============9175952309556281484==-- From alee at redhat.com Fri May 3 12:57:09 2013 Content-Type: multipart/mixed; boundary="===============5238070289396966508==" MIME-Version: 1.0 From: Ade Lee To: users at lists.dogtagpki.org Subject: Re: [Pki-users] Announcing the release of Dogtag 10.0.2 Date: Fri, 03 May 2013 12:57:07 -0400 Message-ID: <1367600227.28606.23.camel@aleeredhat.laptop> In-Reply-To: CDA93A2B.56CA%thomas.moyer@ll.mit.edu --===============5238070289396966508== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Hi, = We're working on some more substantial documentation, and maybe some javadocs. In the meantime, there is some information on a wiki page: http://pki.fedoraproject.org/wiki/REST In particular, there is a section called "Current Implementation", which has links to the relevant files in the code. If you look at the resource files, you'll see exactly which calls and URLs have been implemented. http://pki.fedoraproject.org/wiki/RESTEasy has more details on how to interpret the files. The java client framework is - by definition - complete, because Resteasy provides a client framework. The Python client framework will be expanded to include all operations very soon. For now, it just covers initial deployment operations. = FreeIPA has implemented some python code to do things like listing and querying certs and requests though in Python. On Fri, 2013-05-03 at 09:57 -0400, Moyer, Thomas - 0558 - MITLL wrote: > Is there documentation on the REST interface that I can look at? I've > found some examples, but nothing that outlines everything. > = > Also, does the Python client framework support querying for certificates, > or is it just for the initial deployment? > = > Thanks! > = > -Tom > = > On 5/2/13 10:09 PM, "Ade Lee" wrote: > = > >The Dogtag team is proud to announce the second errata build for > >Dogtag v10.0.0. = > > > >Builds are available for Fedora 18 and Fedora 19 in the updates-testing > >repo. Please try it out and provide karma to move them to the F18 and > >F19 stable repos. > > > >Daily developer builds for Fedora 17, 18 and 19 are available at > >http://nkinder.fedorapeople.org/dogtag-devel/fedora/ > > > >=3D=3D Build Versions =3D=3D > >pki-core-10.0.2-2 > >pki-ra-10.0.2-2 > >pki-tps-10.0.2-2 > >dogtag-pki-10.0.2-1 > >dogtag-pki-theme-10.0.2-1 > >pki-console-10.0.2-2 > > > >=3D=3D Highlights since Dogtag v. 10.0.1 =3D=3D > >* A new Python client framework has been written to connect to the > >restful interface on the java subsystems. This interface was used > >for some installation functionality and will continue to be expanded. > > > >* pkispawn and pkidestroy were modified to use the new Python client > >framework and the dependency on jython was eliminated. > > > >* The installation interfaces were changed so that most of the > >installation interactions take place over the admin interface. > > > >* New command line parameters have been added to pkidestroy to provide > >the username and password of the security domain administrator to update > >the security domain. Formerly, no credentials were required because we > >used the subsystem certificate of the subsystem for authentication. The > >new method provides better auditing as to exactly who is de-registering > >and removing a subsystem. As such, use of the new options is > >recommended, and will be made mandatory in a future release. > > > >* Although it is possible to run Dogtag 9 style instances on Dogtag 10, > >these instances do not have the required configuration to expose the > >RESTful interface. A new servlet has been added to return 501 (Not > >implemented) on these instances when the REST URLs are accessed. This > >is only applicable on Fedora 18 (See Fedora 19 note below). > > > >* A new interactive mode has been added to pkispawn and pkidestroy. In > >this mode, users are prompted for details in order to set up the most > >basic servers. Any customizations would still need to be done through > >configuration files. Interactive mode is an excellent way for users to > >set up a server and become familiar with Dogtag. > > > >* Support has been added for the random generation of serial numbers for > >certificates issued. More details about this feature and how to enable > >it can be found here: > >http://pki.fedoraproject.org/wiki/Random_Certificate_Serial_Numbers > > > > > >* Nonces are used in Dogtag to prevent cross-site request forgery and > >replay attack, but they were stored in a global list. To prevent > >possible collisions with other user's nonces, they are now stored in > >each user's session. > > > >* Previously, session IDs were generated using /dev/random, which may > >block under certain circumstances, making server startup slow. To avoid > >this, the server configuration has been changed to use PKCS11PRNG > >provided by JSS. > > > >* A new upgrade framework has been added to allow instances to be > >automatically upgraded when new packages are installed. This framework > >will be used to eventually remove the need for migrations between > >releases. The upgrade scripts are invoked by postinstall scriptlets in > >the pki-base and pki-server packages. On completing an upgrade, users > >should check the upgrade logs in /var/log/pki/pki-upgrade-*.log > >and /var/log/pki/pki-server-upgrade-*.log for any errors. The upgrade > >scripts (pki-upgrade and pki-server-upgrade) can also be run manually. > >Additional troubleshooting information can be found at: > >http://pki.fedoraproject.org/wiki/Upgrade > > > >* New CLI has been added to simplify client certificate management > >including importing and trusting CA certificates. > > > >* Previously, the pki CLI tool used the same parameter (-w) to specify > >both user and client certificate database passwords. The CLI has been > >modified to use a new parameter (-c) for the database password, and -w > >for the user password. > > > >* Multiple additional fixes to pkispawn, pkidestroy, pki and their man > >pages. > > > >=3D=3D Notes on Fedora 19 =3D=3D > >Fedora 19 does not provide tomcat 6. Dogtag 9 style instances will > >therefore no longer work on Fedora 19. These instances need to be > >migrated to Dogtag 10. > > > >To prevent inadvertently disabling Dogtag instances, code has been added > >to prevent upgrades to Fedora 19 if Dogtag 9 instances exist. Details > >on how to upgrade Dogtag 9 instances and workarounds can be found at: > >http://pki.fedoraproject.org/wiki/Migrating_Dogtag_9_Instances_to_Dogtag= _1 > >0 > > > >=3D=3D Detailed Changes since Dogtag v. 10.0.1 =3D=3D > > > >akoneru (23): > >#191 Map REST exceptions to HTTP status codes > >#217 CLI should display message on operations that complete with error > >#290 Add hints to option descriptions for cert-find cli command > >#383 Extend coverity tests to scan other subsystems (TPS, etc.) > >#452 Dogtag 10: Fix minor RA and TPS Configuration Wizard Panel issues > >#465 Verify 'pki_backup_keys=3DTrue' if 'pki_backup_password'is set > >#470 Prevent concurrent execution of pkispawn/pkidestroy > >#471 Update man pages for interactive pkispawn/pkidestroy > >#493 interpolation in pkispawn scripts should not apply to passwords > >#502 Change pkidestroy "-w" option to require a password file > >#507 Mark pki.conf as configuration file in RPM spec > >#509 man page for pkispawn should be modified to specify > > pki_ca_signing_subject_dn when setting up subordinate CA > >#514 Clean up pkispawn output > >#521 Separate python deployment engine from python deployment > > scriptlets source code > >#525 Incorrect info in pkispawn man page > >#536 Catch keyboard interrupt > >#542 Remove all "respawn()" logic from "pkispawn" > >#543 Incorrect user-show usage. > >#549 PKCS10Client tool throws java exception NoClassDefFoundError > >#563 Use timeout in configuration script > >#566 Mask sensitive parameters in archived config > >#592 pkispawn not reporting the error message when exceptions are thrown > >#593 Error caused by JSON Configuration result decoding when installing > > CA clone > > > >alee (9): > >#232 add python binding for pkispawn/ pkidestroy > >#419 REST interface for cert requests > >#532 refactor pkispawn to use new python client > >#546 Upgrade script for clone installation > >#564 Rename base/deploy to base/server > >#589 dependency needed for java-atk-wrapper in f19 > >#578 Rest API does not work on d9 -> d10 upgrade instances > >#590 pki-base needs to deliver /var/log/pki > >#597 Create 10.0.2 builds > > > >awnuk (7): > >#569 Port support for random certificate serial numbers to Dogtag 10 > >#570 Port patch allowing to support random certificate serial numbers > > for system certificates to Dogtag 10 > >#579 Port patch allowing to clone CA with random serial number enabled. > >#580 Port patch allowing to restart CA clone during configuration > > change to random serial numbers. > >#584 Port patch including system certificates with random serial > > numbers in the certificate counter. > >BZ 955784 - Correct Javascript inability to handle big numbers > >BZ 951501 - Coorects key IDs miscalculated by Javascript > > > > > >cfu (6): > >BZ 929043 - serverCert.profile with SAN results in > >SubjectAltNameException > >BZ 927545 - Transport Cert signing Algorithm doesn't show ECC Signing > >Algorithm > >BZ 904289 - Add ECC Support to Certificate Profiles > >BZ 902952 - RFE: Revocation routing with TPS and multiple non-cloned CAs > >BZ 903401 - TMS: RSA token enrollment failed : public key decode error > >#362 CMC ECC = > > > >edewata (24) > >#190 REST interface for user-group membership. > >#291 Fix forma of validityUnit option in cert-find command > >#380 default install: part 2 > >#472 pkispawn should test DS info > >#473 pkispawn should test security domain info > >#474 Session-based nonces > >#476 Limit username & password authentication > >#477 Annotation for authentication methods > >#491 Prompt CLI user on certificate warnings. > >#497 Date format for cert-find > >#498 [RFE] Add dates to cert-find output > >#500 validityCount option returns 500 error > >#501 Add cert status option to cert-find > >#503 Dogtag 10: Security Domain Issues > >#511 Add cert-request-show command. > >#520 CLI returns 0 on error > >#523 Add CLI option to capture HTTP data > >#524 Tomcat blocks during startup > >#535 python-requests compatibility problem > >#541 Use FQDN instead of localhost in CLI > >#544 Implement upgrade framework > >#545 Upgrade script for random number generator > >#553 pki.conf needs to be delivered by pki-base > >#598 Upgrade script for JNI_JAR_DIR > > > >jmagne (1): > >#587 ipa-server-install crashes due to sslget error > > > >mharmsen (7): > >#409 Add pkispawn option to not copy the UI pieces (gifs, templates). > >#488 Dogtag 10: Fix cli 'cert-find' clientAuth issue > >#517 Clean up theme dependencies > >#518 Remove UI dependencies from pkispawn > >#602 pkiconsole cannot find 'jss4.jar' on Fedora 19 > >BZ 947524 - Clone installation does not work over NAT > >BZ 919476 - pkispawn crashes due to dangling symlink to jss4.jar > > > > > >_______________________________________________ > >Pki-users mailing list > >Pki-users(a)redhat.com > >https://www.redhat.com/mailman/listinfo/pki-users > _______________________________________________ > Pki-users mailing list > Pki-users(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-users --===============5238070289396966508==-- From thomas.moyer at ll.mit.edu Fri May 3 14:26:15 2013 Content-Type: multipart/mixed; boundary="===============7195429008744819996==" MIME-Version: 1.0 From: Moyer, Thomas - 0558 - MITLL To: users at lists.dogtagpki.org Subject: Re: [Pki-users] Announcing the release of Dogtag 10.0.2 Date: Fri, 03 May 2013 14:26:08 -0400 Message-ID: In-Reply-To: 1367600227.28606.23.camel@aleeredhat.laptop --===============7195429008744819996== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable That is what I needed. Thanks! -Tom -- Thomas Moyer, Ph.D. 58: Cyber Systems and Technology http://www.ll.mit.edu/CST 244 Wood St, Lexington, MA 02420 (781) 981-1374 Office: C-385H On 5/3/13 12:57 PM, "Ade Lee" wrote: >Hi, = > >We're working on some more substantial documentation, and maybe some >javadocs. In the meantime, there is some information on a wiki page: > >http://pki.fedoraproject.org/wiki/REST > >In particular, there is a section called "Current Implementation", which >has links to the relevant files in the code. If you look at the >resource files, you'll see exactly which calls and URLs have been >implemented. > >http://pki.fedoraproject.org/wiki/RESTEasy has more details on how to >interpret the files. > >The java client framework is - by definition - complete, because >Resteasy provides a client framework. > >The Python client framework will be expanded to include all operations >very soon. For now, it just covers initial deployment operations. > >FreeIPA has implemented some python code to do things like listing and >querying certs and requests though in Python. > >On Fri, 2013-05-03 at 09:57 -0400, Moyer, Thomas - 0558 - MITLL wrote: >> Is there documentation on the REST interface that I can look at? I've >> found some examples, but nothing that outlines everything. >> = >> Also, does the Python client framework support querying for >>certificates, >> or is it just for the initial deployment? >> = >> Thanks! >> = >> -Tom >> = >> On 5/2/13 10:09 PM, "Ade Lee" wrote: >> = >> >The Dogtag team is proud to announce the second errata build for >> >Dogtag v10.0.0. >> > >> >Builds are available for Fedora 18 and Fedora 19 in the updates-testing >> >repo. Please try it out and provide karma to move them to the F18 and >> >F19 stable repos. >> > >> >Daily developer builds for Fedora 17, 18 and 19 are available at >> >http://nkinder.fedorapeople.org/dogtag-devel/fedora/ >> > >> >=3D=3D Build Versions =3D=3D >> >pki-core-10.0.2-2 >> >pki-ra-10.0.2-2 >> >pki-tps-10.0.2-2 >> >dogtag-pki-10.0.2-1 >> >dogtag-pki-theme-10.0.2-1 >> >pki-console-10.0.2-2 >> > >> >=3D=3D Highlights since Dogtag v. 10.0.1 =3D=3D >> >* A new Python client framework has been written to connect to the >> >restful interface on the java subsystems. This interface was used >> >for some installation functionality and will continue to be expanded. >> > >> >* pkispawn and pkidestroy were modified to use the new Python client >> >framework and the dependency on jython was eliminated. >> > >> >* The installation interfaces were changed so that most of the >> >installation interactions take place over the admin interface. >> > >> >* New command line parameters have been added to pkidestroy to provide >> >the username and password of the security domain administrator to >>update >> >the security domain. Formerly, no credentials were required because we >> >used the subsystem certificate of the subsystem for authentication. >>The >> >new method provides better auditing as to exactly who is de-registering >> >and removing a subsystem. As such, use of the new options is >> >recommended, and will be made mandatory in a future release. >> > >> >* Although it is possible to run Dogtag 9 style instances on Dogtag 10, >> >these instances do not have the required configuration to expose the >> >RESTful interface. A new servlet has been added to return 501 (Not >> >implemented) on these instances when the REST URLs are accessed. This >> >is only applicable on Fedora 18 (See Fedora 19 note below). >> > >> >* A new interactive mode has been added to pkispawn and pkidestroy. In >> >this mode, users are prompted for details in order to set up the most >> >basic servers. Any customizations would still need to be done through >> >configuration files. Interactive mode is an excellent way for users >>to >> >set up a server and become familiar with Dogtag. >> > >> >* Support has been added for the random generation of serial numbers >>for >> >certificates issued. More details about this feature and how to enable >> >it can be found here: >> >http://pki.fedoraproject.org/wiki/Random_Certificate_Serial_Numbers >> > >> > >> >* Nonces are used in Dogtag to prevent cross-site request forgery and >> >replay attack, but they were stored in a global list. To prevent >> >possible collisions with other user's nonces, they are now stored in >> >each user's session. >> > >> >* Previously, session IDs were generated using /dev/random, which may >> >block under certain circumstances, making server startup slow. To avoid >> >this, the server configuration has been changed to use PKCS11PRNG >> >provided by JSS. >> > >> >* A new upgrade framework has been added to allow instances to be >> >automatically upgraded when new packages are installed. This framework >> >will be used to eventually remove the need for migrations between >> >releases. The upgrade scripts are invoked by postinstall scriptlets in >> >the pki-base and pki-server packages. On completing an upgrade, users >> >should check the upgrade logs in /var/log/pki/pki-upgrade-*.log >> >and /var/log/pki/pki-server-upgrade-*.log for any errors. The upgrade >> >scripts (pki-upgrade and pki-server-upgrade) can also be run manually. >> >Additional troubleshooting information can be found at: >> >http://pki.fedoraproject.org/wiki/Upgrade >> > >> >* New CLI has been added to simplify client certificate management >> >including importing and trusting CA certificates. >> > >> >* Previously, the pki CLI tool used the same parameter (-w) to specify >> >both user and client certificate database passwords. The CLI has been >> >modified to use a new parameter (-c) for the database password, and -w >> >for the user password. >> > >> >* Multiple additional fixes to pkispawn, pkidestroy, pki and their man >> >pages. >> > >> >=3D=3D Notes on Fedora 19 =3D=3D >> >Fedora 19 does not provide tomcat 6. Dogtag 9 style instances will >> >therefore no longer work on Fedora 19. These instances need to be >> >migrated to Dogtag 10. >> > >> >To prevent inadvertently disabling Dogtag instances, code has been >>added >> >to prevent upgrades to Fedora 19 if Dogtag 9 instances exist. Details >> >on how to upgrade Dogtag 9 instances and workarounds can be found at: >> = >>>http://pki.fedoraproject.org/wiki/Migrating_Dogtag_9_Instances_to_Dogtag >>>_1 >> >0 >> > >> >=3D=3D Detailed Changes since Dogtag v. 10.0.1 =3D=3D >> > >> >akoneru (23): >> >#191 Map REST exceptions to HTTP status codes >> >#217 CLI should display message on operations that complete with error >> >#290 Add hints to option descriptions for cert-find cli command >> >#383 Extend coverity tests to scan other subsystems (TPS, etc.) >> >#452 Dogtag 10: Fix minor RA and TPS Configuration Wizard Panel issues >> >#465 Verify 'pki_backup_keys=3DTrue' if 'pki_backup_password'is set >> >#470 Prevent concurrent execution of pkispawn/pkidestroy >> >#471 Update man pages for interactive pkispawn/pkidestroy >> >#493 interpolation in pkispawn scripts should not apply to passwords >> >#502 Change pkidestroy "-w" option to require a password file >> >#507 Mark pki.conf as configuration file in RPM spec >> >#509 man page for pkispawn should be modified to specify >> > pki_ca_signing_subject_dn when setting up subordinate CA >> >#514 Clean up pkispawn output >> >#521 Separate python deployment engine from python deployment >> > scriptlets source code >> >#525 Incorrect info in pkispawn man page >> >#536 Catch keyboard interrupt >> >#542 Remove all "respawn()" logic from "pkispawn" >> >#543 Incorrect user-show usage. >> >#549 PKCS10Client tool throws java exception NoClassDefFoundError >> >#563 Use timeout in configuration script >> >#566 Mask sensitive parameters in archived config >> >#592 pkispawn not reporting the error message when exceptions are >>thrown >> >#593 Error caused by JSON Configuration result decoding when installing >> > CA clone >> > >> >alee (9): >> >#232 add python binding for pkispawn/ pkidestroy >> >#419 REST interface for cert requests >> >#532 refactor pkispawn to use new python client >> >#546 Upgrade script for clone installation >> >#564 Rename base/deploy to base/server >> >#589 dependency needed for java-atk-wrapper in f19 >> >#578 Rest API does not work on d9 -> d10 upgrade instances >> >#590 pki-base needs to deliver /var/log/pki >> >#597 Create 10.0.2 builds >> > >> >awnuk (7): >> >#569 Port support for random certificate serial numbers to Dogtag 10 >> >#570 Port patch allowing to support random certificate serial numbers >> > for system certificates to Dogtag 10 >> >#579 Port patch allowing to clone CA with random serial number enabled. >> >#580 Port patch allowing to restart CA clone during configuration >> > change to random serial numbers. >> >#584 Port patch including system certificates with random serial >> > numbers in the certificate counter. >> >BZ 955784 - Correct Javascript inability to handle big numbers >> >BZ 951501 - Coorects key IDs miscalculated by Javascript >> > >> > >> >cfu (6): >> >BZ 929043 - serverCert.profile with SAN results in >> >SubjectAltNameException >> >BZ 927545 - Transport Cert signing Algorithm doesn't show ECC Signing >> >Algorithm >> >BZ 904289 - Add ECC Support to Certificate Profiles >> >BZ 902952 - RFE: Revocation routing with TPS and multiple non-cloned >>CAs >> >BZ 903401 - TMS: RSA token enrollment failed : public key decode error >> >#362 CMC ECC = >> > >> >edewata (24) >> >#190 REST interface for user-group membership. >> >#291 Fix forma of validityUnit option in cert-find command >> >#380 default install: part 2 >> >#472 pkispawn should test DS info >> >#473 pkispawn should test security domain info >> >#474 Session-based nonces >> >#476 Limit username & password authentication >> >#477 Annotation for authentication methods >> >#491 Prompt CLI user on certificate warnings. >> >#497 Date format for cert-find >> >#498 [RFE] Add dates to cert-find output >> >#500 validityCount option returns 500 error >> >#501 Add cert status option to cert-find >> >#503 Dogtag 10: Security Domain Issues >> >#511 Add cert-request-show command. >> >#520 CLI returns 0 on error >> >#523 Add CLI option to capture HTTP data >> >#524 Tomcat blocks during startup >> >#535 python-requests compatibility problem >> >#541 Use FQDN instead of localhost in CLI >> >#544 Implement upgrade framework >> >#545 Upgrade script for random number generator >> >#553 pki.conf needs to be delivered by pki-base >> >#598 Upgrade script for JNI_JAR_DIR >> > >> >jmagne (1): >> >#587 ipa-server-install crashes due to sslget error >> > >> >mharmsen (7): >> >#409 Add pkispawn option to not copy the UI pieces (gifs, templates). >> >#488 Dogtag 10: Fix cli 'cert-find' clientAuth issue >> >#517 Clean up theme dependencies >> >#518 Remove UI dependencies from pkispawn >> >#602 pkiconsole cannot find 'jss4.jar' on Fedora 19 >> >BZ 947524 - Clone installation does not work over NAT >> >BZ 919476 - pkispawn crashes due to dangling symlink to jss4.jar >> > >> > >> >_______________________________________________ >> >Pki-users mailing list >> >Pki-users(a)redhat.com >> >https://www.redhat.com/mailman/listinfo/pki-users >> _______________________________________________ >> Pki-users mailing list >> Pki-users(a)redhat.com >> https://www.redhat.com/mailman/listinfo/pki-users > > --===============7195429008744819996== Content-Type: application/pkcs7-signature MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIIUEgYJKoZIhvcNAQcCoIIUAzCCE/8CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCEfUw ggTUMIIDvKADAgECAgpbnpTCAAAAAE9nMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNVBAYTAlVTMR8w HQYDVQQKExZNSVQgTGluY29sbiBMYWJvcmF0b3J5MQwwCgYDVQQLEwNQS0kxEzARBgNVBAMTCk1J VExMIENBLTIwHhcNMTIwODI0MTMzNzMyWhcNMTMwODI0MTMzNzMyWjBhMQswCQYDVQQGEwJVUzEf MB0GA1UEChMWTUlUIExpbmNvbG4gTGFib3JhdG9yeTEPMA0GA1UECxMGUGVvcGxlMSAwHgYDVQQD ExdNb3llci5UaG9tYXMuTS41MDAxMjcxNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AN2kzL21gle2n6FJ68b7s6rhJUZWK4zTnKN9TD7tGS1mLNuDkO55g8tKHf8g+TM5nK89anV960D+ 4cwbWK4sbs9pQcrrSlzhQJhsZ4QSqMWsT9Gzq2qucaSwTge3LuySmA/8JPbVa3c+sSQNYc6qkbGK g97WYA+CP/CKknN8yS14S2OX1W27GJsTzF4c84YaB1qRBAwfBQMFbd51AfZ5j0c6isk0ov8kJkyY rqHKj4qbOG8WjvmSkPA+pXcbwUEnWXJLtCZZ4+aZIQ2Sv7DE35urlrzYjrY6ENUzDV5dy86oFKjf 8nJFiIV6NtYVSkRVOK2e5KqsGpIdcAOpTJus/y8CAwEAAaOCAZwwggGYMB0GA1UdDgQWBBQVe66M 3+xu+px9yukwqwj+SAbDUTAOBgNVHQ8BAf8EBAMCBsAwHwYDVR0jBBgwFoAUjkp9iaFjFxyBiDRX NyZFXhmKfiQwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5sbC5taXQuZWR1L2dldGNybC9M TENBMjBiBggrBgEFBQcBAQRWMFQwLQYIKwYBBQUHMAKGIWh0dHA6Ly9jcmwubGwubWl0LmVkdS9n ZXR0by9MTENBMjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AubGwubWl0LmVkdS8wDAYDVR0TAQH/ BAIwADA9BgkrBgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiDg+Udh+ynZoathxWD6vBFhbahHx2Fy94y h/+KcwIBZAIBBTAiBgNVHSUBAf8EGDAWBggrBgEFBQcDBAYKKwYBBAGCNwoDDDAYBgNVHSAEETAP MA0GCyqGSIb3EgIBAwEIMCIGA1UdEQQbMBmBF3Rob21hcy5tb3llckBsbC5taXQuZWR1MA0GCSqG SIb3DQEBCwUAA4IBAQCUlrkm+GfYTCj6nbpoLyXLDymErn/IuDj+nzH2IAWCjSyo4Nbeu4hDAaXg bMtbweHWdgFSy9KeyricQO1T0LTY+nG7dcl4gP7Vwb7/Yz5/XHYdjynATFgonjWaLmNQQtPR5xTc cEg+WYEXIUks11te7R21Xcq9xcVRpkEGJH+lCGkmLJBFPHTGqCgM/WwtQEu3T8JOBbYKmNmdZZ9n vwFrttjG8PEyNIIiWIxoy/WI9DDgfNOVeIjwDUU5GIyaA3Oa2hiRkmyLot8cIAWZoxCZXs43/ydl PsrU/TUuhwpG+OjOo6n2sd0OaExHv4A1p3nrn/+uH/BCvxHY9oX9GepKMIIEtzCCA5+gAwIBAgIB FDANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWTUlUIExpbmNvbG4gTGFi b3JhdG9yeTEMMAoGA1UECxMDUEtJMRYwFAYDVQQDEw1NSVRMTCBSb290IENBMB4XDTA5MTIxNDEy MDAwMFoXDTE1MTIzMTIzNTk1OVowUTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFk1JVCBMaW5jb2xu IExhYm9yYXRvcnkxDDAKBgNVBAsTA1BLSTETMBEGA1UEAxMKTUlUTEwgQ0EtMjCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKcEyyNhSIfsN6AzBwVhZkzo6SdjNGAQ7mA2A8T0kmdCB8MH 6jWjVVMwFZwlg9cgjgLKEuEO9KN8K9M8jgeZEMoinlRfk3YELPC7sEkkzBQkcVpLhEwALue9iHow gSLGmXZpYKmRhfvhvYJ4MNCuIaWpcK/GaDZCE+U2aTg42kv/zQrH3AoqFX81OF7niwXNnanP1hQR fkMTRrnaEW8DX0TMaG/t9Ry5xSMrLTNc9DvQtjA5ZcuWnECiUpyDBFWxLr9yx7xgf1/LwgCxcoBe KSBBoWzkQmKAsgMo9Mq1Fp/nnIqw5FKmgOs7Vy+6e0Dk+cgf+oAV8AK8ZFMQrVE0uH0CAwEAAaOC AZUwggGRMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFI5KfYmhYxccgYg0VzcmRV4Zin4k MB8GA1UdIwQYMBaAFGeqes/0Cqa5crWKoNKd8hDDQ+0pMA4GA1UdDwEB/wQEAwIBhjBhBggrBgEF BQcBAQRVMFMwLQYIKwYBBQUHMAKGIWh0dHA6Ly9jcmwubGwubWl0LmVkdS9nZXR0bz9MTFJDQTAi BggrBgEFBQcwAYYWaHR0cDovL29jc3AubGwubWl0LmVkdTAzBgNVHR8ELDAqMCigJqAkhiJodHRw Oi8vY3JsLmxsLm1pdC5lZHUvZ2V0Y3JsP0xMUkNBMIGSBgNVHSAEgYowgYcwDQYLKoZIhvcSAgED AQYwDQYLKoZIhvcSAgEDAQgwDQYLKoZIhvcSAgEDAQcwDQYLKoZIhvcSAgEDAQkwDQYLKoZIhvcS AgEDAQowDQYLKoZIhvcSAgEDAQswDQYLKoZIhvcSAgEDAQ4wDQYLKoZIhvcSAgEDAQ8wDQYLKoZI hvcSAgEDARAwDQYJKoZIhvcNAQELBQADggEBAIh3BqHQ/XH8C6DCL+eEGroOzxBcCqTNItmsv4MA NaOTodgU2jrjHcGjXlzqhpb8ZxOlkAK3dK09rc6+yACcoK2TzVtDRZXYxov/SqZRjI3dufU2JatA PxosCyy/1otjl1TKUY47Wvft31vdf5i0XK2DQVEJ+XlqtgBiFTVIMIfBJwPajrsiz+pgFEYwhhwJ xvs8flSi0FLCE77VYLEioP5hxG6zIPeQRxzh1bogbfphWHHtoiTDkBSZ4UfvGXQTVf7QjhD5yYw1 0yICtjHmtgbfgBkH5/vvR92NY9RSlNPzZqmGKIia61bJCmagRYGyexfedVNF0cJWL4J/cLHhgNYw ggODMIICa6ADAgECAgEBMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZN SVQgTGluY29sbiBMYWJvcmF0b3J5MQwwCgYDVQQLEwNQS0kxFjAUBgNVBAMTDU1JVExMIFJvb3Qg Q0EwHhcNMDgwOTIzMTIwMDAwWhcNMjkxMjMxMjM1OTU5WjBUMQswCQYDVQQGEwJVUzEfMB0GA1UE ChMWTUlUIExpbmNvbG4gTGFib3JhdG9yeTEMMAoGA1UECxMDUEtJMRYwFAYDVQQDEw1NSVRMTCBS b290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxU4pF1iyJrL5rYq/XBAKg93k CTATG7Bw0NGFpEJ1A3Xsr6UIIq9/1VJBOgCwDqrVsAK1lRwy/lkrHzPkobiMr1wzjQ28SR/9sg5k AcmrMqBYbc302qtwCGKZxdNdhAh2nUOCO10AMpUsCNdpikPY9ukT8lsA+eorM4Q1rc/L0J6AHRpt OU7IuDBdZj+tdNb7gv+GKknr6wj9m2sVGawoaG7AAqhsWvQUM/q4h/H5FpYlwnVAEh2AzhqiG9bw l6uJJIzJ/8uUWldNkVwz1I5fR/vCaxiLXIW4oUydBuRKTG+ekEoxHGuD73yx5JtsSciS8HQL2oEM 8tv+VAC+albqgwIDAQABo2AwXjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRnqnrP9AqmuXK1 iqDSnfIQw0PtKTAfBgNVHSMEGDAWgBRnqnrP9AqmuXK1iqDSnfIQw0PtKTALBgNVHQ8EBAMCAYYw DQYJKoZIhvcNAQEFBQADggEBAD4bbQVg0Hh42EpYX4/JPkNS3OUAEWR/YgzZUY1QGi9rQZ4pfcjU 1/TaoNT8Y7Yf0RO+e9NiG9+BDhQH/kQiZOQo9rv9NUb8xDtKCYCad7zEQtVsYsWuvK2XLw/Ji1m2 eBvoOB4RS/5LAWfNws7W+DWt2ayzeTCyrLSrx7ZVgBjzNOm0TPIkbfppdwgxuo7FZL8ts+M2492A l87d3VasevUS1pprRBEupChmPTt1hjtajkQOpT4BQAzP1lVEYrWzlv+O/lbP9iujKpYWcfYqQ3FG f37YCvuDeues4xm+nqmyraNsNeI8Gh3XDIwqfzHnLhy4Y80VyqN/Jj8df3SK9AAwggTXMIIDv6AD AgECAgpbn2n6AAAAAE9oMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZN SVQgTGluY29sbiBMYWJvcmF0b3J5MQwwCgYDVQQLEwNQS0kxEzARBgNVBAMTCk1JVExMIENBLTIw HhcNMTIwODI0MTMzODI3WhcNMTMwODI0MTMzODI3WjBhMQswCQYDVQQGEwJVUzEfMB0GA1UEChMW TUlUIExpbmNvbG4gTGFib3JhdG9yeTEPMA0GA1UECxMGUGVvcGxlMSAwHgYDVQQDExdNb3llci5U aG9tYXMuTS41MDAxMjcxNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAInOjv4PcQYS wcse3b/iU13ufWpydhGF1zKyWx6Vxn7EhTdIiVqRZSWEEhUN54ZZvcNCjJigjNc92nS7/DZ6QzHT DuWlIvgi76xgl8bbK6oCKEv80+LBZKd4w3O8G0D3JakwveWWT1jZJXRG0QT6y9Xy4ENiWleon60U AKD5frJtnNu3AH8ElATkuh5iPyMzvvZ+dthAeVjyOnYiRTI3/z+8nWrY2Yxd5dumg8YuGP4Xg24l hSzxRFluqflWytRyjOabskU4bjjW9MTMhLXDR5P1UG1ilkCG1CK883No8b4QguQhMTCPv4/3vta3 E2V3m1APGCJfn9GNXaJTi4/369ECAwEAAaOCAZ8wggGbMB0GA1UdDgQWBBQ/lnMko0FQsFkSo7eG shVplcTtnDAOBgNVHQ8BAf8EBAMCBSAwHwYDVR0jBBgwFoAUjkp9iaFjFxyBiDRXNyZFXhmKfiQw MwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5sbC5taXQuZWR1L2dldGNybC9MTENBMjBiBggr BgEFBQcBAQRWMFQwLQYIKwYBBQUHMAKGIWh0dHA6Ly9jcmwubGwubWl0LmVkdS9nZXR0by9MTENB MjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AubGwubWl0LmVkdS8wDAYDVR0TAQH/BAIwADA9Bgkr BgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiDg+Udh+ynZoathxWD6vBFhbahHx2F69Bwg+vtIAIBZAIB BDAlBgNVHSUEHjAcBgRVHSUABggrBgEFBQcDBAYKKwYBBAGCNwoDBDAYBgNVHSAEETAPMA0GCyqG SIb3EgIBAwEIMCIGA1UdEQQbMBmBF3Rob21hcy5tb3llckBsbC5taXQuZWR1MA0GCSqGSIb3DQEB CwUAA4IBAQBwwPS4BoKbBymCVEqjxedOV4E5Fru8DwWklJ3GD7C+wttuGXTKfy51Jdb2fySXLKSr hXZ0hM4c8gdUpOZN8SShDXFFdHt3pc5k4ZW2JBvkTv3MYDr3UIJqQMpuKx5S/yZjOgcsIuDHzwa6 Wh+YwlEa1eiJJ3KYdqKQiKUht0ogXAJK/UfbUraLTKBrHYFAzDC5a2bgDjS4yDGfx7M1hWHAXYEq NcXp9MTPhCayleDpFAeBsNdihvFzuQfXJioY3hHlTf36w7GE4RMfnEHvrZzVvfZ4kDkN0Eta85cj 8Oc/YtYN/j9RaFkZzw+MsygDhUDMPuyBVvdnP6L1gdK5yCyCMYIB5TCCAeECAQEwXzBRMQswCQYD VQQGEwJVUzEfMB0GA1UEChMWTUlUIExpbmNvbG4gTGFib3JhdG9yeTEMMAoGA1UECxMDUEtJMRMw EQYDVQQDEwpNSVRMTCBDQS0yAgpbnpTCAAAAAE9nMAkGBSsOAwIaBQCgXTAjBgkqhkiG9w0BCQQx FgQUHhIvSnmW2anzu1ujmv43fjlIjwwwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG 9w0BCQUxDxcNMTMwNTAzMTgyNjA4WjANBgkqhkiG9w0BAQEFAASCAQAwIvftNgm89EoBYe9Z+bcM PQhHlhmvbdWU0qQ5SxcLREixVKocvaAfd2siLEAT/FbEm/PZ2dfsvuDpzipvql/m0FYf7GSADnYC UrtRXQuH5ZKKPbChqYakk62Xi56Q/iQxpHLAylkMZKGmsHcNkao0Wp9w1ywK6hoWsHO7w7C4tJL7 NtzTDABf0qtYoWxOYvlCoRzpMO3ES1wImxAWAR1i/kubaVVE4uw9q04j3Rv5p4jqqjrqNHyYEM8K AArgkW1UlcV8b6YFUlXZQX8pQ/9CDLrVM7norxrvnUAQcg5oPIpHwpcTf/iCi0ihmyuZwiGgu5ds HeASJ/3Q0trT2SFg --===============7195429008744819996==-- From pkiadmin at nym.hush.com Sun May 5 06:46:38 2013 Content-Type: multipart/mixed; boundary="===============9104785622592416318==" MIME-Version: 1.0 From: pkiadmin at nym.hush.com To: users at lists.dogtagpki.org Subject: [Pki-users] 10.0.2 CA Instllation failed on LDAP and CA chain Date: Sun, 05 May 2013 12:46:35 +0200 Message-ID: <20130505104636.42EEA6F443@smtp.hushmail.com> --===============9104785622592416318== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Hello list memebers, I have been trying to get Dogtag 10.0.2 on fc18 running but = pkispawn concludes with Installation Failed. Here is what I see: pkispawn -s CA -f /home/pkiadmin/CA.cfg = Loading deployment configuration from /home/pkiadmin/CA.cfg. Installing CA into /var/lib/pki/pki-tomcat. Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki- tomcat/ca/deployment.cfg. Installation failed. The interactive pkispawn was also tried but this gives the same = fail results. In /var/log/pki/pki-tomcat/ca/system I see the following: 6650.localhost-startStop-1 - [05/May/2013:10:33:53 CEST] [3] [3] = Cannot build CA chain. Error = java.security.cert.CertificateException: Certificate is not a = PKCS#11 certificate 6650.localhost-startStop-1 - [05/May/2013:10:33:53 CEST] [13] [3] = authz instance DirAclAuthz initialization failed and skipped, = error=3DProperty internaldb.ldapconn.port missing value In /var/log/pki/pki-tomcat/catalina.out I see the above 2 errors = preceded by CMS WARNING: FAILURE: In /etc/pki/default.cfg I put pki_ds_hostname=3Dhostname and made = sure the pki_ds_port was correct. Oh yes, the remote DS389 was = running and accessible. When I look at services there is a pki-tomcatd(a)pki-tomcat running = and I can restart it without problems. I can alo get to the "End = USer Services" page on 8080. None of the other ports connect. Thanks in advance. --===============9104785622592416318==-- From sbaa at vip.qq.com Mon May 6 01:42:48 2013 Content-Type: multipart/mixed; boundary="===============1803702893249072655==" MIME-Version: 1.0 From: =?utf-8?q?=E9=AA=B7=E9=AB=85=E7=8C=AB_=3Csbaa_at_vip=2Eqq=2Ecom=3E?= To: users at lists.dogtagpki.org Subject: =?utf-8?q?=5BPki-users=5D_=E5=9B=9E=E5=A4=8D=EF=BC=9Aiphone=27s_scep_func?= =?utf-8?q?tion_with_dogtag?= Date: Mon, 06 May 2013 13:42:26 +0800 Message-ID: --===============1803702893249072655== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Hi All More details: I made a profile include SCEP settings,apply to iphone 4s. During the installation, it try to enroll the cert and report such error "i= nvalid response" The scep server was tested by SSCEP client. Thanks ------------------ =E5=8E=9F=E5=A7=8B=E9=82=AE=E4=BB=B6 ------------------ =E5=8F=91=E4=BB=B6=E4=BA=BA: "=E9=AA=B7=E9=AB=85=E7=8C=AB"; =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2013=E5=B9=B45=E6=9C=883=E6=97=A5(=E6= =98=9F=E6=9C=9F=E4=BA=94) =E6=99=9A=E4=B8=8A6:20 =E6=94=B6=E4=BB=B6=E4=BA=BA: "Pki-users"; = =E4=B8=BB=E9=A2=98: iphone's scep function with dogtag Hi All Who tried the SCEP feature with iphone? I tested on iphone 4s, it return "invalid response". = Thanks sbaa --===============1803702893249072655== Content-Type: text/html MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.html" PGRpdj5IaSBBbGw8L2Rpdj48ZGl2Pjxicj48L2Rpdj48ZGl2Pk1vcmUgZGV0YWlsczo8L2Rpdj48 ZGl2PkkgbWFkZSBhIHByb2ZpbGUgaW5jbHVkZSBTQ0VQIHNldHRpbmdzLGFwcGx5IHRvIGlwaG9u ZSA0cy48L2Rpdj48ZGl2PkR1cmluZyB0aGUgaW5zdGFsbGF0aW9uLCBpdCB0cnkgdG8gZW5yb2xs IHRoZSBjZXJ0IGFuZCByZXBvcnQgc3VjaCBlcnJvciAiaW52YWxpZCByZXNwb25zZSI8L2Rpdj48 ZGl2PlRoZSBzY2VwIHNlcnZlciB3YXMgdGVzdGVkIGJ5IFNTQ0VQIGNsaWVudC48L2Rpdj48ZGl2 Pjxicj48L2Rpdj48ZGl2Pjxicj48L2Rpdj48ZGl2PlRoYW5rczwvZGl2PjxkaXY+PGJyPjwvZGl2 PjxkaXY+PGJyPjwvZGl2PjxkaXY+PGRpdj48YnI+PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdiBz dHlsZT0iZm9udC1zaXplOiAxMnB4O2ZvbnQtZmFtaWx5OiBBcmlhbCBOYXJyb3c7cGFkZGluZzoy cHggMCAycHggMDsiPi0tLS0tLS0tLS0tLS0tLS0tLSZuYnNwO9StyrzTyrz+Jm5ic3A7LS0tLS0t LS0tLS0tLS0tLS0tPC9kaXY+PGRpdiBzdHlsZT0iZm9udC1zaXplOiAxMnB4O2JhY2tncm91bmQ6 I2VmZWZlZjtwYWRkaW5nOjhweDsiPjxkaXY+PGI+t6K8/sjLOjwvYj4mbmJzcDsi97z3w8OoIiZs dDtzYmFhQHZpcC5xcS5jb20mZ3Q7OzwvZGl2PjxkaXY+PGI+t6LLzcqxvOQ6PC9iPiZuYnNwOzIw MTPE6jXUwjPI1SjQx8bazuUpIM3tyc82OjIwPC9kaXY+PGRpdj48Yj7K1bz+yMs6PC9iPiZuYnNw OyJQa2ktdXNlcnMiJmx0O1BraS11c2Vyc0ByZWRoYXQuY29tJmd0OzsgPHdicj48L2Rpdj48ZGl2 PjwvZGl2PjxkaXY+PGI+1vfM4jo8L2I+Jm5ic3A7aXBob25lJ3Mgc2NlcCBmdW5jdGlvbiB3aXRo IGRvZ3RhZzwvZGl2PjwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+SGkgQWxsPC9kaXY+PGRpdj48 YnI+PC9kaXY+PGRpdj5XaG8gdHJpZWQgdGhlIFNDRVAgZmVhdHVyZSB3aXRoIGlwaG9uZT88L2Rp dj48ZGl2PkkgdGVzdGVkIG9uIGlwaG9uZSA0cywgaXQgcmV0dXJuICJpbnZhbGlkIHJlc3BvbnNl Ii4gPC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj5UaGFua3M8L2Rpdj48 ZGl2PnNiYWE8L2Rpdj48L2Rpdj4= --===============1803702893249072655==-- From fabeisageek at googlemail.com Mon May 6 03:33:56 2013 Content-Type: multipart/mixed; boundary="===============4610678031905891891==" MIME-Version: 1.0 From: Fabian Bertholm To: users at lists.dogtagpki.org Subject: [Pki-users] End-Of-Life Gemalto TOP IM FIPS CY2 (Cyberflex Access 64k v2) Date: Mon, 06 May 2013 09:33:53 +0200 Message-ID: --===============4610678031905891891== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Hi, I got a message from my smartard dealer that the Gemalto TOP IM FIPS CY2 (Cyberflex Access 64k v2) ist now EOL. Which other smartcard is officially supported? I need something with at least 64k. Anyone with an idea? best regards Fabian --===============4610678031905891891== Content-Type: text/html MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.html" PGRpdiBkaXI9Imx0ciI+PGRpdj48ZGl2PjxkaXY+PGRpdj5IaSw8YnI+PGJyPjwvZGl2PkkgZ290 IGEgbWVzc2FnZSBmcm9tIG15IHNtYXJ0YXJkIGRlYWxlciB0aGF0IHRoZSBHZW1hbHRvoCBUT1Ag SU0gRklQUyBDWTIgKEN5YmVyZmxleCBBY2Nlc3MgNjRrIHYyKaAgaXN0IG5vdyBFT0wuPGJyPjxi cj48L2Rpdj5XaGljaCBvdGhlciBzbWFydGNhcmQgaXMgb2ZmaWNpYWxseSBzdXBwb3J0ZWQ/IEkg bmVlZCBzb21ldGhpbmcgd2l0aCBhdCBsZWFzdCA2NGsuIEFueW9uZSB3aXRoIGFuIGlkZWE/PGJy Pgo8YnI+PC9kaXY+YmVzdCByZWdhcmRzPGJyPjwvZGl2PkZhYmlhbjxicj48L2Rpdj4K --===============4610678031905891891==-- From chrisb at csr.net Mon May 6 08:50:26 2013 Content-Type: multipart/mixed; boundary="===============9166277211282821775==" MIME-Version: 1.0 From: Buckingham To: users at lists.dogtagpki.org Subject: [Pki-users] Addendum: 10.0.2 CA Instllation failed on LDAP and CA chain Date: Mon, 06 May 2013 14:50:18 +0200 Message-ID: <20130506125018.68BD110E2C8@smtp.hushmail.com> --===============9166277211282821775== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Hello, After further investigation into the failing setup/configuration, I = found that /etc/pki/pki-tomcat/ca/CS.cfg has no values set for the = following: authz.instance.DirAclAuthz.ldap.basedn authz.instance.DirAclAuthz.ldap.ldapconn.host authz.instance.DirAclAuthz.ldap.ldapconn.port Also authz.instance.DirAclAuthz.ldap.ldapauth.bindDN does not set = the DN that I entered during interactive setup. My question is: why do these variables in the CS.cfg fail to get = set during both interactinve and non-interactive installations? Regards --===============9166277211282821775==-- From alee at redhat.com Mon May 6 10:08:11 2013 Content-Type: multipart/mixed; boundary="===============4106681199228629701==" MIME-Version: 1.0 From: Ade Lee To: users at lists.dogtagpki.org Subject: Re: [Pki-users] Addendum: 10.0.2 CA Instllation failed on LDAP and CA chain Date: Mon, 06 May 2013 10:08:10 -0400 Message-ID: <1367849290.17532.5.camel@aleeredhat.laptop> In-Reply-To: 20130506125018.68BD110E2C8@smtp.hushmail.com --===============4106681199228629701== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Those values should have been set during installation. To debug this, I need to see: rpm -q pki-server rpm -qa |grep pki cat etc/redhat-release getenforce logs under /var/log/pki/pki-tomcat I'm a little confused that you got as far as being able to start installing the TPS with the CA not installed correctly. To install a TPS, you must install a TKS first. Also, you may also install a KRA if you plan to use server side key generation. Please note also, there is currently an selinux bug that will require you to have selinux in permissive mode when installing a TPS or RA. Ade On Mon, 2013-05-06 at 14:50 +0200, Buckingham wrote: > Hello, > = > After further investigation into the failing setup/configuration, I = > found that /etc/pki/pki-tomcat/ca/CS.cfg has no values set for the = > following: > authz.instance.DirAclAuthz.ldap.basedn > authz.instance.DirAclAuthz.ldap.ldapconn.host > authz.instance.DirAclAuthz.ldap.ldapconn.port > = > Also authz.instance.DirAclAuthz.ldap.ldapauth.bindDN does not set = > the DN that I entered during interactive setup. > = > My question is: why do these variables in the CS.cfg fail to get = > set during both interactinve and non-interactive installations? > = > Regards > = > _______________________________________________ > Pki-users mailing list > Pki-users(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-users --===============4106681199228629701==-- From alee at redhat.com Mon May 6 10:25:29 2013 Content-Type: multipart/mixed; boundary="===============2005698630655878143==" MIME-Version: 1.0 From: Ade Lee To: users at lists.dogtagpki.org Subject: Re: [Pki-users] 10.0.2 CA Instllation failed on LDAP and CA chain Date: Mon, 06 May 2013 10:25:28 -0400 Message-ID: <1367850328.17532.13.camel@aleeredhat.laptop> In-Reply-To: 20130505104636.42EEA6F443@smtp.hushmail.com --===============2005698630655878143== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable On Sun, 2013-05-05 at 12:46 +0200, pkiadmin(a)nym.hush.com wrote: > Hello list memebers, > = > I have been trying to get Dogtag 10.0.2 on fc18 running but = > pkispawn concludes with Installation Failed. > = > Here is what I see: > pkispawn -s CA -f /home/pkiadmin/CA.cfg = > Loading deployment configuration from /home/pkiadmin/CA.cfg. > Installing CA into /var/lib/pki/pki-tomcat. > Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki- > tomcat/ca/deployment.cfg. > Installation failed. > = > The interactive pkispawn was also tried but this gives the same = > fail results. > = > In /var/log/pki/pki-tomcat/ca/system I see the following: > 6650.localhost-startStop-1 - [05/May/2013:10:33:53 CEST] [3] [3] = > Cannot build CA chain. Error = > java.security.cert.CertificateException: Certificate is not a = > PKCS#11 certificate > = > 6650.localhost-startStop-1 - [05/May/2013:10:33:53 CEST] [13] [3] = > authz instance DirAclAuthz initialization failed and skipped, = > error=3DProperty internaldb.ldapconn.port missing value > = > In /var/log/pki/pki-tomcat/catalina.out I see the above 2 errors = > preceded by CMS WARNING: FAILURE: > = The errors above are benign, in that they always occur on a new installation. > In /etc/pki/default.cfg I put pki_ds_hostname=3Dhostname and made = > sure the pki_ds_port was correct. Oh yes, the remote DS389 was = > running and accessible. > = OK, so /etc/pki/default.cfg is not supposed to be edited. Instead, a brand new file is supposed to be created with the relevant overrides. This is because default.cfg can be overwritten in updates to pki-server. Its hard to tell what is going on based on what you have described. Please provide the following: rpm -q pki-server rpm -qa |grep pki getenforce cat /etc/redhat-release latest installation log in /var/log/pki/pkispawn-* logs in /var/log/pki/pki-tomcat You might also want to re-do the installation with the -vvv option so that there is much more debug output. Make sure to pkidestroy the old instance. = > When I look at services there is a pki-tomcatd(a)pki-tomcat running = > and I can restart it without problems. I can alo get to the "End = > USer Services" page on 8080. None of the other ports connect. > = > Thanks in advance. > = > = > = > = > = > _______________________________________________ > Pki-users mailing list > Pki-users(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-users --===============2005698630655878143==-- From jmagne at redhat.com Mon May 13 19:44:51 2013 Content-Type: multipart/mixed; boundary="===============8784946904307625192==" MIME-Version: 1.0 From: John Magne To: users at lists.dogtagpki.org Subject: Re: [Pki-users] End-Of-Life Gemalto TOP IM FIPS CY2 (Cyberflex Access 64k v2) Date: Mon, 13 May 2013 19:44:51 -0400 Message-ID: <1152290648.819654.1368488691243.JavaMail.root@redhat.com> In-Reply-To: CADEEoScnBc-v56M_-XbaO-NFgdYgWE=qwuH4h-zzJf5=ZBgcag@mail.gmail.com --===============8784946904307625192== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sorry for skipping over this. We also support the Safenet 330J SC650 for official support as of this time. ----- Original Message ----- From: "Fabian Bertholm" To: "pki-users" Sent: Monday, May 6, 2013 12:33:53 AM Subject: [Pki-users] End-Of-Life Gemalto TOP IM FIPS CY2 (Cyberflex Access = 64k v2) Hi, = I got a message from my smartard dealer that the Gemalto TOP IM FIPS CY2 (C= yberflex Access 64k v2) ist now EOL. = Which other smartcard is officially supported? I need something with at lea= st 64k. Anyone with an idea? = best regards = Fabian = _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-users --===============8784946904307625192==-- From Chris.Grijalva at soteradefense.com Thu May 16 14:22:44 2013 Content-Type: multipart/mixed; boundary="===============8857542596370856813==" MIME-Version: 1.0 From: Chris Grijalva To: users at lists.dogtagpki.org Subject: [Pki-users] Dogtag User Certs setup and OCSP Signing Date: Thu, 16 May 2013 13:22:40 -0500 Message-ID: <688D8B269DCBDE44A466DC43D403624C077419AF42@pfi-mail> --===============8857542596370856813== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable So far attempts to setup user certs using Dogtag CA fail, while self-signed= Client Certificates work fine. The end goal is to have tomcat pass a user cert to an application, which wi= ll authenticate and bypass the initial login screen. The details, Dogtag 9.0 installed on a CentOS 6.4 server Server cert is set up correctly in the local keystore and the tomcat server= .xml is configured This works correctly with a self-signed user cert, the browser requests a u= ser cert before displaying the initial login screen. The next step is to create a truststore entry referencing Dogtag's CA certi= ficate and user cert. Searching the web for dogtag user certs, openssl and Fedora/user documentat= ion has not yielded any detailed User Guides or user notes. Both the Admin and Agent Guide were useful for defining admin and agent usa= ge, but did not provide detailed information on importing a cert authority into a truststore or using the truststore to sign an X509 client = certificate. Once the client certificate handshake is established, can tomcat parse the = certificate or would apache mod_SSL be a better choice? Finally can/should the application use an openssl ocsp call to validate the= certificate? At this point, I'm not knowledgeable enough with PKI and Dogtag to define a= workable solution. Have I missed some essential documentation? Has anyone found or written any Dogtag User Notes or have references to Dog= tag usage? Any recommendations would be appreciated. Chris Grijalva Configuration Management | Data Fusion & Analytics Sotera Defense Solutions, Inc. o: 512.814.0186 c: 713.291.2215 f: 512.814.0308 e: chris.grijalva(a)soteradefense.com w: www.soteradefense.com Potomac Fusion, LLC is now the Data Fusion & Analytics business of Sotera D= efense Solutions --===============8857542596370856813== Content-Type: text/html MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.html" PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu dD0idGV4dC9odG1sOyBjaGFyc2V0PXVzLWFzY2lpIj48bWV0YSBuYW1lPUdlbmVyYXRvciBjb250 ZW50PSJNaWNyb3NvZnQgV29yZCAxMiAoZmlsdGVyZWQgbWVkaXVtKSI+PHN0eWxlPjwhLS0KLyog Rm9udCBEZWZpbml0aW9ucyAqLwpAZm9udC1mYWNlCgl7Zm9udC1mYW1pbHk6IkNhbWJyaWEgTWF0 aCI7CglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMgMiA0O30KQGZvbnQtZmFjZQoJe2ZvbnQtZmFt aWx5OkNhbGlicmk7CglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9Ci8qIFN0eWxlIERl ZmluaXRpb25zICovCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwKCXtt YXJnaW46MGluOwoJbWFyZ2luLWJvdHRvbTouMDAwMXB0OwoJZm9udC1zaXplOjExLjBwdDsKCWZv bnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7fQphOmxpbmssIHNwYW4uTXNvSHlwZXJs aW5rCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5OwoJY29sb3I6Ymx1ZTsKCXRleHQtZGVjb3JhdGlv bjp1bmRlcmxpbmU7fQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQKCXttc28t c3R5bGUtcHJpb3JpdHk6OTk7Cgljb2xvcjpwdXJwbGU7Cgl0ZXh0LWRlY29yYXRpb246dW5kZXJs aW5lO30Kc3Bhbi5FbWFpbFN0eWxlMTcKCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1jb21wb3Nl OwoJZm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjsKCWNvbG9yOndpbmRvd3RleHQ7 fQouTXNvQ2hwRGVmYXVsdAoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5O30KQHBhZ2UgV29y ZFNlY3Rpb24xCgl7c2l6ZTo4LjVpbiAxMS4waW47CgltYXJnaW46MS4waW4gMS4waW4gMS4waW4g MS4waW47fQpkaXYuV29yZFNlY3Rpb24xCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQotLT48L3N0eWxl PjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPgo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBz cGlkbWF4PSIxMDI2IiAvPgo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHht bD4KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPgo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0 YT0iMSIgLz4KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPjwvaGVhZD48Ym9keSBs YW5nPUVOLVVTIGxpbms9Ymx1ZSB2bGluaz1wdXJwbGU+PGRpdiBjbGFzcz1Xb3JkU2VjdGlvbjE+ PHAgY2xhc3M9TXNvTm9ybWFsPlNvIGZhciBhdHRlbXB0cyB0byBzZXR1cCB1c2VyIGNlcnRzIHVz aW5nIERvZ3RhZyBDQSBmYWlsLCB3aGlsZSBzZWxmLXNpZ25lZCBDbGllbnQgQ2VydGlmaWNhdGVz IHdvcmsgZmluZS48bzpwPjwvbzpwPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+VGhlIGVuZCBnb2Fs IGlzIHRvIGhhdmUgdG9tY2F0IHBhc3MgYSB1c2VyIGNlcnQgdG8gYW4gYXBwbGljYXRpb24sIHdo aWNoIHdpbGwgYXV0aGVudGljYXRlIGFuZCBieXBhc3MgdGhlIGluaXRpYWwgbG9naW4gc2NyZWVu LjxvOnA+PC9vOnA+PC9wPjxwIGNsYXNzPU1zb05vcm1hbD48bzpwPiZuYnNwOzwvbzpwPjwvcD48 cCBjbGFzcz1Nc29Ob3JtYWw+VGhlIGRldGFpbHMsPG86cD48L286cD48L3A+PHAgY2xhc3M9TXNv Tm9ybWFsPkRvZ3RhZyA5LjAgaW5zdGFsbGVkIG9uIGEgQ2VudE9TIDYuNCBzZXJ2ZXI8bzpwPjwv bzpwPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+U2VydmVyIGNlcnQgaXMgc2V0IHVwIGNvcnJlY3Rs eSBpbiB0aGUgbG9jYWwga2V5c3RvcmUgYW5kIHRoZSB0b21jYXQgc2VydmVyLnhtbCBpcyBjb25m aWd1cmVkPG86cD48L286cD48L3A+PHAgY2xhc3M9TXNvTm9ybWFsPjxvOnA+Jm5ic3A7PC9vOnA+ PC9wPjxwIGNsYXNzPU1zb05vcm1hbD4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsgJmx0O0Nvbm5lY3RvciBTU0xFbmFibGVkPSZxdW90O3RydWUmcXVvdDs8bzpwPjwv bzpwPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+PG86cD4mbmJzcDs8L286cD48L3A+PHAgY2xhc3M9 TXNvTm9ybWFsPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyBtYXhUaHJlYWRzPSZxdW90OzE1MCZxdW90OzxvOnA+PC9vOnA+PC9wPjxwIGNsYXNzPU1z b05vcm1hbD4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsgbWF4U3BhcmVUaHJlYWRzPSZxdW90Ozc1JnF1b3Q7PG86cD48L286cD48L3A+PHAgY2xhc3M9 TXNvTm9ybWFsPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyAmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDttaW5TcGFyZVRocmVhZHM9JnF1b3Q7MjUmcXVvdDs8bzpwPjwvbzpwPjwvcD48cCBjbGFz cz1Nc29Ob3JtYWw+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7IGFjY2VwdENvdW50PSZxdW90OzEwMCZxdW90OzxvOnA+PC9vOnA+PC9wPjxwIGNsYXNz PU1zb05vcm1hbD4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsgY2xpZW50QXV0aD0mcXVvdDt0cnVlJnF1b3Q7PG86cD48L286cD48L3A+PHAgY2xhc3M9 TXNvTm9ybWFsPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyBkaXNhYmxlVXBsb2FkVGltZW91dD0mcXVvdDt0cnVlJnF1b3Q7PG86cD48L286cD48L3A+ PHAgY2xhc3M9TXNvTm9ybWFsPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPjxwIGNsYXNzPU1zb05vcm1h bD4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgZW5h YmxlTG9va3Vwcz0mcXVvdDtmYWxzZSZxdW90OzxvOnA+PC9vOnA+PC9wPjxwIGNsYXNzPU1zb05v cm1hbD4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsg bWF4SHR0cEhlYWRlclNpemU9JnF1b3Q7ODE5MiZxdW90OzxvOnA+PC9vOnA+PC9wPjxwIGNsYXNz PU1zb05vcm1hbD4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsgVVJJRW5jb2Rpbmc9JnF1b3Q7VVRGLTgmcXVvdDs8bzpwPjwvbzpwPjwvcD48cCBjbGFz cz1Nc29Ob3JtYWw+PG86cD4mbmJzcDs8L286cD48L3A+PHAgY2xhc3M9TXNvTm9ybWFsPiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBrZXlBbGlhcz0m cXVvdDt0b21jYXQmcXVvdDs8bzpwPjwvbzpwPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IGtleXN0b3JlRmls ZT0mcXVvdDsvb3B0L1NTTC1rZXlzdG9yZS5qa3MmcXVvdDs8bzpwPjwvbzpwPjwvcD48cCBjbGFz cz1Nc29Ob3JtYWw+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7IGtleXN0b3JlUGFzcz0mcXVvdDtQS0ktc2VydmVyLWNlcnQmcXVvdDs8bzpwPjwvbzpw PjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7IGtleXN0b3JlVHlwZT0mcXVvdDtKS1MmcXVvdDs8bzpwPjwvbzpw PjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7IHRydXN0c3RvcmVGaWxlPSZxdW90Oy9vcHQvU1NMLXRydXN0c3Rv cmUucDEyJnF1b3Q7PG86cD48L286cD48L3A+PHAgY2xhc3M9TXNvTm9ybWFsPiZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB0cnVzdHN0b3JlUGFzcz0m cXVvdDtQS0ktQ0EtY2VydCZxdW90OzxvOnA+PC9vOnA+PC9wPjxwIGNsYXNzPU1zb05vcm1hbD4m bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgdHJ1c3Rz dG9yZVR5cGU9JnF1b3Q7UEtDUzEyJnF1b3Q7PG86cD48L286cD48L3A+PHAgY2xhc3M9TXNvTm9y bWFsPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBw b3J0PSZxdW90Ozg0NDMmcXVvdDs8bzpwPjwvbzpwPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHNjaGVtZT0m cXVvdDtodHRwcyZxdW90OzxvOnA+PC9vOnA+PC9wPjxwIGNsYXNzPU1zb05vcm1hbD4mbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgc2VjdXJlPSZxdW90 O3RydWUmcXVvdDs8bzpwPjwvbzpwPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHNzbFByb3RvY29sPSZxdW90 O1RMUyZxdW90Oy8mZ3Q7PG86cD48L286cD48L3A+PHAgY2xhc3M9TXNvTm9ybWFsPjxvOnA+Jm5i c3A7PC9vOnA+PC9wPjxwIGNsYXNzPU1zb05vcm1hbD5UaGlzIHdvcmtzIGNvcnJlY3RseSB3aXRo IGEgc2VsZi1zaWduZWQgdXNlciBjZXJ0LCB0aGUgYnJvd3NlciByZXF1ZXN0cyBhIHVzZXIgY2Vy dCBiZWZvcmUgZGlzcGxheWluZyB0aGUgaW5pdGlhbCBsb2dpbiBzY3JlZW4uPG86cD48L286cD48 L3A+PHAgY2xhc3M9TXNvTm9ybWFsPlRoZSBuZXh0IHN0ZXAgaXMgdG8gY3JlYXRlIGEgdHJ1c3Rz dG9yZSBlbnRyeSByZWZlcmVuY2luZyBEb2d0YWcncyBDQSBjZXJ0aWZpY2F0ZSBhbmQgdXNlciBj ZXJ0LiA8bzpwPjwvbzpwPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+PG86cD4mbmJzcDs8L286cD48 L3A+PHAgY2xhc3M9TXNvTm9ybWFsPlNlYXJjaGluZyB0aGUgd2ViIGZvciBkb2d0YWcgdXNlciBj ZXJ0cywgb3BlbnNzbCBhbmQgRmVkb3JhL3VzZXIgZG9jdW1lbnRhdGlvbiBoYXMgbm90IHlpZWxk ZWQgYW55IGRldGFpbGVkIFVzZXIgR3VpZGVzIG9yIHVzZXIgbm90ZXMuPG86cD48L286cD48L3A+ PHAgY2xhc3M9TXNvTm9ybWFsPkJvdGggdGhlIEFkbWluIGFuZCBBZ2VudCBHdWlkZSB3ZXJlIHVz ZWZ1bCBmb3IgZGVmaW5pbmcgYWRtaW4gYW5kIGFnZW50IHVzYWdlLCBidXQgZGlkIG5vdCBwcm92 aWRlIGRldGFpbGVkIGluZm9ybWF0aW9uIG9uIGltcG9ydGluZyBhIGNlcnQ8bzpwPjwvbzpwPjwv cD48cCBjbGFzcz1Nc29Ob3JtYWw+YXV0aG9yaXR5IGludG8gYSB0cnVzdHN0b3JlIG9yIHVzaW5n IHRoZSB0cnVzdHN0b3JlIHRvIHNpZ24gYW4gWDUwOSBjbGllbnQgY2VydGlmaWNhdGUuPG86cD48 L286cD48L3A+PHAgY2xhc3M9TXNvTm9ybWFsPk9uY2UgdGhlIGNsaWVudCBjZXJ0aWZpY2F0ZSBo YW5kc2hha2UgaXMgZXN0YWJsaXNoZWQsIGNhbiB0b21jYXQgcGFyc2UgdGhlIGNlcnRpZmljYXRl IG9yIHdvdWxkIGFwYWNoZSBtb2RfU1NMIGJlIGEgYmV0dGVyIGNob2ljZT8gPG86cD48L286cD48 L3A+PHAgY2xhc3M9TXNvTm9ybWFsPkZpbmFsbHkgY2FuL3Nob3VsZCB0aGUgYXBwbGljYXRpb24g dXNlIGFuIG9wZW5zc2wgb2NzcCBjYWxsIHRvIHZhbGlkYXRlIHRoZSBjZXJ0aWZpY2F0ZT88bzpw PjwvbzpwPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+PG86cD4mbmJzcDs8L286cD48L3A+PHAgY2xh c3M9TXNvTm9ybWFsPkF0IHRoaXMgcG9pbnQsIEknbSBub3Qga25vd2xlZGdlYWJsZSBlbm91Z2gg d2l0aCBQS0kgYW5kIERvZ3RhZyB0byBkZWZpbmUgYSB3b3JrYWJsZSBzb2x1dGlvbi48bzpwPjwv bzpwPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+SGF2ZSBJIG1pc3NlZCBzb21lIGVzc2VudGlhbCBk b2N1bWVudGF0aW9uPyA8bzpwPjwvbzpwPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+SGFzIGFueW9u ZSBmb3VuZCBvciB3cml0dGVuIGFueSBEb2d0YWcgVXNlciBOb3RlcyBvciBoYXZlIHJlZmVyZW5j ZXMgdG8gRG9ndGFnIHVzYWdlPzxvOnA+PC9vOnA+PC9wPjxwIGNsYXNzPU1zb05vcm1hbD48bzpw PiZuYnNwOzwvbzpwPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+QW55IHJlY29tbWVuZGF0aW9ucyB3 b3VsZCBiZSBhcHByZWNpYXRlZC48bzpwPjwvbzpwPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+PG86 cD4mbmJzcDs8L286cD48L3A+PHAgY2xhc3M9TXNvTm9ybWFsPjxzcGFuIHN0eWxlPSdmb250LXNp emU6MTAuMHB0O2ZvbnQtZmFtaWx5OiJBcmlhbCIsInNhbnMtc2VyaWYiO2NvbG9yOiMxRjQ5N0Qn PkNocmlzIEdyaWphbHZhPGJyPjwvc3Bhbj48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDtm b250LWZhbWlseToiQXJpYWwiLCJzYW5zLXNlcmlmIjtjb2xvcjojMUY0OTdEJz5Db25maWd1cmF0 aW9uIE1hbmFnZW1lbnQ8L3NwYW4+PGI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMi4wcHQ7Zm9u dC1mYW1pbHk6IkFyaWFsIiwic2Fucy1zZXJpZiI7Y29sb3I6IzFGNDk3RCc+IDwvc3Bhbj48L2I+ PGI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6IkFyaWFsIiwic2Fu cy1zZXJpZiI7Y29sb3I6IzFGNDk3RCc+fDwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6 ZToxMC4wcHQ7Zm9udC1mYW1pbHk6IkFyaWFsIiwic2Fucy1zZXJpZiI7Y29sb3I6IzFGNDk3RCc+ IERhdGEgRnVzaW9uICZhbXA7IEFuYWx5dGljczwvc3Bhbj48c3BhbiBzdHlsZT0nZm9udC1zaXpl OjEwLjBwdDtmb250LWZhbWlseToiQXJpYWwiLCJzYW5zLXNlcmlmIjtjb2xvcjojMUY0OTdEJz48 bzpwPjwvbzpwPjwvc3Bhbj48L3A+PHAgY2xhc3M9TXNvTm9ybWFsPjxiPjxzcGFuIHN0eWxlPSdm b250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OiJBcmlhbCIsInNhbnMtc2VyaWYiO2NvbG9yOiMx RjQ5N0QnPlNvdGVyYSBEZWZlbnNlIFNvbHV0aW9ucywgSW5jPC9zcGFuPjwvYj48Yj48c3BhbiBz dHlsZT0nZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseToiQXJpYWwiLCJzYW5zLXNlcmlmIjtj b2xvcjojMUY0OTdEJz4uPG86cD48L286cD48L3NwYW4+PC9iPjwvcD48cCBjbGFzcz1Nc29Ob3Jt YWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6IkFyaWFsIiwic2Fu cy1zZXJpZiI7Y29sb3I6IzE3MzY1RCc+bzogNTEyLjgxNC4wMTg2IDxvOnA+PC9vOnA+PC9zcGFu PjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7Zm9u dC1mYW1pbHk6IkFyaWFsIiwic2Fucy1zZXJpZiI7Y29sb3I6IzE3MzY1RCc+YzogNzEzLjI5MS4y MjE1PG86cD48L286cD48L3NwYW4+PC9wPjxwIGNsYXNzPU1zb05vcm1hbD48c3BhbiBzdHlsZT0n Zm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseToiQXJpYWwiLCJzYW5zLXNlcmlmIjtjb2xvcjoj MTczNjVEJz5mOiZuYnNwOyA1MTIuODE0LjAzMDg8YnI+ZTogPC9zcGFuPjxhIGhyZWY9Im1haWx0 bzpmaXJzdGluaXRpYWxzdXJuYW1lQHBvdG9tYWNmdXNpb24uY29tIj48c3BhbiBzdHlsZT0nZm9u dC1zaXplOjEwLjBwdDtmb250LWZhbWlseToiQXJpYWwiLCJzYW5zLXNlcmlmIjtjb2xvcjpibHVl Jz5jaHJpcy5ncmlqYWx2YUBzb3RlcmFkZWZlbnNlLmNvbTwvc3Bhbj48L2E+PHNwYW4gc3R5bGU9 J2ZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6IkFyaWFsIiwic2Fucy1zZXJpZiI7Y29sb3I6 IzE3MzY1RCc+IDxicj53OiA8L3NwYW4+PGEgaHJlZj0iaHR0cDovL3d3dy5zb3RlcmFkZWZlbnNl LmNvbSI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6IkFyaWFsIiwi c2Fucy1zZXJpZiI7Y29sb3I6Ymx1ZSc+d3d3LnNvdGVyYWRlZmVuc2UuY29tPC9zcGFuPjwvYT48 bzpwPjwvbzpwPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+PGI+PGk+PHNwYW4gc3R5bGU9J2ZvbnQt c2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6IkFyaWFsIiwic2Fucy1zZXJpZiI7Y29sb3I6IzFGNDk3 RCc+UG90b21hYyBGdXNpb24sIExMQyBpcyBub3cgdGhlIERhdGEgRnVzaW9uICZhbXA7IEFuYWx5 dGljcyBidXNpbmVzcyBvZiBTb3RlcmEgRGVmZW5zZSBTb2x1dGlvbnM8L3NwYW4+PC9pPjwvYj48 c3BhbiBzdHlsZT0nY29sb3I6YmxhY2snPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD48cCBjbGFzcz1N c29Ob3JtYWw+PG86cD4mbmJzcDs8L286cD48L3A+PC9kaXY+PC9ib2R5PjwvaHRtbD4= --===============8857542596370856813==-- From marine64 at gmail.com Wed May 29 00:46:21 2013 Content-Type: multipart/mixed; boundary="===============8313721081203605213==" MIME-Version: 1.0 From: Brian Henson To: users at lists.dogtagpki.org Subject: [Pki-users] (Fedora 17) PKI-RA fails to start after install Date: Wed, 29 May 2013 00:46:19 -0400 Message-ID: --===============8313721081203605213== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Hello all, When I try to configure the RA subsystem after installing it I get this error. Installation information recorded in /var/log/pki-ra-install.log. [debug] run_command(/bin/systemctl restart pki-rad(a)pki-ra.service) [error] FAILED run_command("/bin/systemctl restart pki-rad(a)pki-ra.service= "), exit status=3D1 output=3D"Job failed. See system journal and 'systemctl sta= tus' for details." Before proceeding with the configuration, make sure the firewall settings of this machine permit proper access to this subsystem. Please start the configuration by accessing: https:// (someaddress):12890/ra/admin/console/config/login?pin=3DXWdsV1oDtx9qQFcybzAr After configuration, the server can be operated by the command: /bin/systemctl restart pki-rad(a)pki-ra.service Anyone know how to fix this? I get it for the TPS module as well. Thanks Brian Henson --===============8313721081203605213== Content-Type: text/html MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.html" PGRpdiBkaXI9Imx0ciI+SGVsbG8gYWxsLKA8ZGl2Pjxicj48L2Rpdj48ZGl2PldoZW4gSSB0cnkg dG8gY29uZmlndXJlIHRoZSBSQSBzdWJzeXN0ZW0gYWZ0ZXIgaW5zdGFsbGluZyBpdCBJIGdldCB0 aGlzIGVycm9yLjwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+PGRpdj5JbnN0YWxsYXRpb24gaW5m b3JtYXRpb24gcmVjb3JkZWQgaW4gL3Zhci9sb2cvcGtpLXJhLWluc3RhbGwubG9nLjwvZGl2Pgo8 ZGl2PltkZWJ1Z10gcnVuX2NvbW1hbmQoL2Jpbi9zeXN0ZW1jdGwgcmVzdGFydCBwa2ktcmFkQHBr aS1yYS5zZXJ2aWNlKTwvZGl2PjxkaXY+W2Vycm9yXSBGQUlMRUQgcnVuX2NvbW1hbmQoJnF1b3Q7 L2Jpbi9zeXN0ZW1jdGwgcmVzdGFydCBwa2ktcmFkQHBraS1yYS5zZXJ2aWNlJnF1b3Q7KSwgZXhp dCBzdGF0dXM9MSBvdXRwdXQ9JnF1b3Q7Sm9iIGZhaWxlZC4gU2VlIHN5c3RlbSBqb3VybmFsIGFu ZCAmIzM5O3N5c3RlbWN0bCBzdGF0dXMmIzM5OyBmb3IgZGV0YWlscy4mcXVvdDs8L2Rpdj4KPGRp dj5CZWZvcmUgcHJvY2VlZGluZyB3aXRoIHRoZSBjb25maWd1cmF0aW9uLCBtYWtlIHN1cmU8L2Rp dj48ZGl2PnRoZSBmaXJld2FsbCBzZXR0aW5ncyBvZiB0aGlzIG1hY2hpbmUgcGVybWl0IHByb3Bl cjwvZGl2PjxkaXY+YWNjZXNzIHRvIHRoaXMgc3Vic3lzdGVtLjwvZGl2PjxkaXY+PGJyPjwvZGl2 PjxkaXY+UGxlYXNlIHN0YXJ0IHRoZSBjb25maWd1cmF0aW9uIGJ5IGFjY2Vzc2luZzo8L2Rpdj4K PGRpdj48YnI+PC9kaXY+PGRpdj5odHRwczovLyhzb21lYWRkcmVzcyk6MTI4OTAvcmEvYWRtaW4v Y29uc29sZS9jb25maWcvbG9naW4/cGluPVhXZHNWMW9EdHg5cVFGY3liekFyPC9kaXY+PGRpdj48 YnI+PC9kaXY+PGRpdj5BZnRlciBjb25maWd1cmF0aW9uLCB0aGUgc2VydmVyIGNhbiBiZSBvcGVy YXRlZCBieSB0aGUgY29tbWFuZDo8L2Rpdj48ZGl2Pjxicj48L2Rpdj48ZGl2PqAgoCAvYmluL3N5 c3RlbWN0bCByZXN0YXJ0IHBraS1yYWRAcGtpLXJhLnNlcnZpY2U8L2Rpdj4KPC9kaXY+PGRpdj48 YnI+PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdiBzdHlsZT5BbnlvbmUga25vdyBob3cgdG8gZml4 IHRoaXM/IEkgZ2V0IGl0IGZvciB0aGUgVFBTIG1vZHVsZSBhcyB3ZWxsLqA8L2Rpdj48ZGl2IHN0 eWxlPjxicj48L2Rpdj48ZGl2IHN0eWxlPlRoYW5rczwvZGl2PjxkaXYgc3R5bGU+PGJyPjwvZGl2 PjxkaXYgc3R5bGU+QnJpYW4gSGVuc29uPC9kaXY+PC9kaXY+Cg== --===============8313721081203605213==-- From awnuk at redhat.com Wed May 29 12:01:57 2013 Content-Type: multipart/mixed; boundary="===============5929659309109408930==" MIME-Version: 1.0 From: Andrew Wnuk To: users at lists.dogtagpki.org Subject: Re: [Pki-users] (Fedora 17) PKI-RA fails to start after install Date: Wed, 29 May 2013 09:00:35 -0700 Message-ID: <51A62623.8020309@redhat.com> In-Reply-To: CAE_vMvdCkVHe=LGZo1tb1e7w=qPisucYqP3VCUG5kV+EPsZo4w@mail.gmail.com --===============5929659309109408930== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable On 05/28/2013 09:46 PM, Brian Henson wrote: > Hello all, > > When I try to configure the RA subsystem after installing it I get = > this error. > > Installation information recorded in /var/log/pki-ra-install.log. > [debug] run_command(/bin/systemctl restart pki-rad(a)pki-ra.service) > [error] FAILED run_command("/bin/systemctl restart = > pki-rad(a)pki-ra.service"), exit status=3D1 output=3D"Job failed. See sys= tem = > journal and 'systemctl status' for details." > Before proceeding with the configuration, make sure > the firewall settings of this machine permit proper > access to this subsystem. > > Please start the configuration by accessing: > > https://(someaddress):12890/ra/admin/console/config/login?pin=3DXWdsV1oDt= x9qQFcybzAr > > After configuration, the server can be operated by the command: > > /bin/systemctl restart pki-rad(a)pki-ra.service > > > Anyone know how to fix this? I get it for the TPS module as well. > > Thanks > > Brian Henson > > Brian, Could you provide OS and server versions? Thank you, Andrew --===============5929659309109408930== Content-Type: text/html MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.html" PGh0bWw+CiAgPGhlYWQ+CiAgICA8bWV0YSBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9SVNP LTg4NTktMSIKICAgICAgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIj4KICA8L2hlYWQ+CiAgPGJv ZHkgYmdjb2xvcj0iI0ZGRkZGRiIgdGV4dD0iIzAwMDAwMCI+CiAgICA8ZGl2IGNsYXNzPSJtb3ot Y2l0ZS1wcmVmaXgiPjxicj4KICAgICAgT24gMDUvMjgvMjAxMyAwOTo0NiBQTSwgQnJpYW4gSGVu c29uIHdyb3RlOjxicj4KICAgIDwvZGl2PgogICAgPGJsb2NrcXVvdGUKY2l0ZT0ibWlkOkNBRV92 TXZkQ2tWSGU9TEdabzF0YjFlN3c9cVBpc3VjWXFQM1ZDVUc1a1YrRVBzWm80d0BtYWlsLmdtYWls LmNvbSIKICAgICAgdHlwZT0iY2l0ZSI+CiAgICAgIDxkaXYgZGlyPSJsdHIiPkhlbGxvIGFsbCwm bmJzcDsKICAgICAgICA8ZGl2Pjxicj4KICAgICAgICA8L2Rpdj4KICAgICAgICA8ZGl2PldoZW4g SSB0cnkgdG8gY29uZmlndXJlIHRoZSBSQSBzdWJzeXN0ZW0gYWZ0ZXIgaW5zdGFsbGluZwogICAg ICAgICAgaXQgSSBnZXQgdGhpcyBlcnJvci48L2Rpdj4KICAgICAgICA8ZGl2Pjxicj4KICAgICAg ICA8L2Rpdj4KICAgICAgICA8ZGl2PgogICAgICAgICAgPGRpdj5JbnN0YWxsYXRpb24gaW5mb3Jt YXRpb24gcmVjb3JkZWQgaW4KICAgICAgICAgICAgL3Zhci9sb2cvcGtpLXJhLWluc3RhbGwubG9n LjwvZGl2PgogICAgICAgICAgPGRpdj5bZGVidWddIHJ1bl9jb21tYW5kKC9iaW4vc3lzdGVtY3Rs IHJlc3RhcnQKICAgICAgICAgICAgPGEgY2xhc3M9Im1vei10eHQtbGluay1hYmJyZXZpYXRlZCIg aHJlZj0ibWFpbHRvOnBraS1yYWRAcGtpLXJhLnNlcnZpY2UiPnBraS1yYWRAcGtpLXJhLnNlcnZp Y2U8L2E+KTwvZGl2PgogICAgICAgICAgPGRpdj5bZXJyb3JdIEZBSUxFRCBydW5fY29tbWFuZCgi L2Jpbi9zeXN0ZW1jdGwgcmVzdGFydAogICAgICAgICAgICA8YSBjbGFzcz0ibW96LXR4dC1saW5r LWFiYnJldmlhdGVkIiBocmVmPSJtYWlsdG86cGtpLXJhZEBwa2ktcmEuc2VydmljZSI+cGtpLXJh ZEBwa2ktcmEuc2VydmljZTwvYT4iKSwgZXhpdCBzdGF0dXM9MSBvdXRwdXQ9IkpvYiBmYWlsZWQu CiAgICAgICAgICAgIFNlZSBzeXN0ZW0gam91cm5hbCBhbmQgJ3N5c3RlbWN0bCBzdGF0dXMnIGZv ciBkZXRhaWxzLiI8L2Rpdj4KICAgICAgICAgIDxkaXY+QmVmb3JlIHByb2NlZWRpbmcgd2l0aCB0 aGUgY29uZmlndXJhdGlvbiwgbWFrZSBzdXJlPC9kaXY+CiAgICAgICAgICA8ZGl2PnRoZSBmaXJl d2FsbCBzZXR0aW5ncyBvZiB0aGlzIG1hY2hpbmUgcGVybWl0IHByb3BlcjwvZGl2PgogICAgICAg ICAgPGRpdj5hY2Nlc3MgdG8gdGhpcyBzdWJzeXN0ZW0uPC9kaXY+CiAgICAgICAgICA8ZGl2Pjxi cj4KICAgICAgICAgIDwvZGl2PgogICAgICAgICAgPGRpdj5QbGVhc2Ugc3RhcnQgdGhlIGNvbmZp Z3VyYXRpb24gYnkgYWNjZXNzaW5nOjwvZGl2PgogICAgICAgICAgPGRpdj48YnI+CiAgICAgICAg ICA8L2Rpdj4KICAgICAgICAgIDxkaXY+PGEgY2xhc3M9Im1vei10eHQtbGluay1mcmVldGV4dCIg aHJlZj0iaHR0cHM6Ly8oc29tZWFkZHJlc3MpOjEyODkwL3JhL2FkbWluL2NvbnNvbGUvY29uZmln L2xvZ2luP3Bpbj1YV2RzVjFvRHR4OXFRRmN5YnpBciI+aHR0cHM6Ly8oc29tZWFkZHJlc3MpOjEy ODkwL3JhL2FkbWluL2NvbnNvbGUvY29uZmlnL2xvZ2luP3Bpbj1YV2RzVjFvRHR4OXFRRmN5YnpB cjwvYT48L2Rpdj4KICAgICAgICAgIDxkaXY+PGJyPgogICAgICAgICAgPC9kaXY+CiAgICAgICAg ICA8ZGl2PkFmdGVyIGNvbmZpZ3VyYXRpb24sIHRoZSBzZXJ2ZXIgY2FuIGJlIG9wZXJhdGVkIGJ5 IHRoZQogICAgICAgICAgICBjb21tYW5kOjwvZGl2PgogICAgICAgICAgPGRpdj48YnI+CiAgICAg ICAgICA8L2Rpdj4KICAgICAgICAgIDxkaXY+Jm5ic3A7ICZuYnNwOyAvYmluL3N5c3RlbWN0bCBy ZXN0YXJ0IDxhIGNsYXNzPSJtb3otdHh0LWxpbmstYWJicmV2aWF0ZWQiIGhyZWY9Im1haWx0bzpw a2ktcmFkQHBraS1yYS5zZXJ2aWNlIj5wa2ktcmFkQHBraS1yYS5zZXJ2aWNlPC9hPjwvZGl2Pgog ICAgICAgIDwvZGl2PgogICAgICAgIDxkaXY+PGJyPgogICAgICAgIDwvZGl2PgogICAgICAgIDxk aXY+PGJyPgogICAgICAgIDwvZGl2PgogICAgICAgIDxkaXYgc3R5bGU9IiI+QW55b25lIGtub3cg aG93IHRvIGZpeCB0aGlzPyBJIGdldCBpdCBmb3IgdGhlIFRQUwogICAgICAgICAgbW9kdWxlIGFz IHdlbGwuJm5ic3A7PC9kaXY+CiAgICAgICAgPGRpdiBzdHlsZT0iIj48YnI+CiAgICAgICAgPC9k aXY+CiAgICAgICAgPGRpdiBzdHlsZT0iIj5UaGFua3M8L2Rpdj4KICAgICAgICA8ZGl2IHN0eWxl PSIiPjxicj4KICAgICAgICA8L2Rpdj4KICAgICAgICA8ZGl2IHN0eWxlPSIiPkJyaWFuIEhlbnNv bjwvZGl2PgogICAgICA8L2Rpdj4KICAgICAgPGJyPgogICAgICA8ZmllbGRzZXQgY2xhc3M9Im1p bWVBdHRhY2htZW50SGVhZGVyIj48L2ZpZWxkc2V0PgogICAgICA8YnI+CiAgICA8L2Jsb2NrcXVv dGU+CiAgICA8YnI+CiAgICBCcmlhbiw8YnI+CiAgICA8YnI+CiAgICBDb3VsZCB5b3UgcHJvdmlk ZSBPUyBhbmQgc2VydmVyIHZlcnNpb25zPzxicj4KICAgIDxicj4KICAgIFRoYW5rIHlvdSw8YnI+ CiAgICBBbmRyZXc8YnI+CiAgPC9ib2R5Pgo8L2h0bWw+Cg== --===============5929659309109408930==-- From marine64 at gmail.com Wed May 29 13:24:47 2013 Content-Type: multipart/mixed; boundary="===============4336710836287337790==" MIME-Version: 1.0 From: Brian Henson To: users at lists.dogtagpki.org Subject: Re: [Pki-users] (Fedora 17) PKI-RA fails to start after install Date: Wed, 29 May 2013 13:24:45 -0400 Message-ID: In-Reply-To: 51A62623.8020309@redhat.com --===============4336710836287337790== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Fedora 17 and dogtag 9 via yum On May 29, 2013 12:01 PM, "Andrew Wnuk" wrote: > > On 05/28/2013 09:46 PM, Brian Henson wrote: > > Hello all, > > When I try to configure the RA subsystem after installing it I get this > error. > > Installation information recorded in /var/log/pki-ra-install.log. > [debug] run_command(/bin/systemctl restart pki-rad(a)pki-ra.service) > [error] FAILED run_command("/bin/systemctl restart pki-rad(a)pki-ra.servi= ce"), > exit status=3D1 output=3D"Job failed. See system journal and 'systemctl s= tatus' > for details." > Before proceeding with the configuration, make sure > the firewall settings of this machine permit proper > access to this subsystem. > > Please start the configuration by accessing: > > > https://(someaddress):12890/ra/admin/console/config/login?pin=3DXWdsV1oDt= x9qQFcybzAr > > After configuration, the server can be operated by the command: > > /bin/systemctl restart pki-rad(a)pki-ra.service > > > Anyone know how to fix this? I get it for the TPS module as well. > > Thanks > > Brian Henson > > > > Brian, > > Could you provide OS and server versions? > > Thank you, > Andrew > --===============4336710836287337790== Content-Type: text/html MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.html" PHA+RmVkb3JhIDE3IGFuZCBkb2d0YWcgOSB2aWEgeXVtPC9wPgo8ZGl2IGNsYXNzPSJnbWFpbF9x dW90ZSI+T24gTWF5IDI5LCAyMDEzIDEyOjAxIFBNLCAmcXVvdDtBbmRyZXcgV251ayZxdW90OyAm bHQ7PGEgaHJlZj0ibWFpbHRvOmF3bnVrQHJlZGhhdC5jb20iPmF3bnVrQHJlZGhhdC5jb208L2E+ Jmd0OyB3cm90ZTo8YnIgdHlwZT0iYXR0cmlidXRpb24iPjxibG9ja3F1b3RlIGNsYXNzPSJnbWFp bF9xdW90ZSIgc3R5bGU9Im1hcmdpbjowIDAgMCAuOGV4O2JvcmRlci1sZWZ0OjFweCAjY2NjIHNv bGlkO3BhZGRpbmctbGVmdDoxZXgiPgoKICAKICAgIAogIAogIDxkaXYgYmdjb2xvcj0iI0ZGRkZG RiIgdGV4dD0iIzAwMDAwMCI+CiAgICA8ZGl2Pjxicj4KICAgICAgT24gMDUvMjgvMjAxMyAwOTo0 NiBQTSwgQnJpYW4gSGVuc29uIHdyb3RlOjxicj4KICAgIDwvZGl2PgogICAgPGJsb2NrcXVvdGUg dHlwZT0iY2l0ZSI+CiAgICAgIDxkaXYgZGlyPSJsdHIiPkhlbGxvIGFsbCygCiAgICAgICAgPGRp dj48YnI+CiAgICAgICAgPC9kaXY+CiAgICAgICAgPGRpdj5XaGVuIEkgdHJ5IHRvIGNvbmZpZ3Vy ZSB0aGUgUkEgc3Vic3lzdGVtIGFmdGVyIGluc3RhbGxpbmcKICAgICAgICAgIGl0IEkgZ2V0IHRo aXMgZXJyb3IuPC9kaXY+CiAgICAgICAgPGRpdj48YnI+CiAgICAgICAgPC9kaXY+CiAgICAgICAg PGRpdj4KICAgICAgICAgIDxkaXY+SW5zdGFsbGF0aW9uIGluZm9ybWF0aW9uIHJlY29yZGVkIGlu CiAgICAgICAgICAgIC92YXIvbG9nL3BraS1yYS1pbnN0YWxsLmxvZy48L2Rpdj4KICAgICAgICAg IDxkaXY+W2RlYnVnXSBydW5fY29tbWFuZCgvYmluL3N5c3RlbWN0bCByZXN0YXJ0CiAgICAgICAg ICAgIDxhIGhyZWY9Im1haWx0bzpwa2ktcmFkQHBraS1yYS5zZXJ2aWNlIiB0YXJnZXQ9Il9ibGFu ayI+cGtpLXJhZEBwa2ktcmEuc2VydmljZTwvYT4pPC9kaXY+CiAgICAgICAgICA8ZGl2PltlcnJv cl0gRkFJTEVEIHJ1bl9jb21tYW5kKCZxdW90Oy9iaW4vc3lzdGVtY3RsIHJlc3RhcnQKICAgICAg ICAgICAgPGEgaHJlZj0ibWFpbHRvOnBraS1yYWRAcGtpLXJhLnNlcnZpY2UiIHRhcmdldD0iX2Js YW5rIj5wa2ktcmFkQHBraS1yYS5zZXJ2aWNlPC9hPiZxdW90OyksIGV4aXQgc3RhdHVzPTEgb3V0 cHV0PSZxdW90O0pvYiBmYWlsZWQuCiAgICAgICAgICAgIFNlZSBzeXN0ZW0gam91cm5hbCBhbmQg JiMzOTtzeXN0ZW1jdGwgc3RhdHVzJiMzOTsgZm9yIGRldGFpbHMuJnF1b3Q7PC9kaXY+CiAgICAg ICAgICA8ZGl2PkJlZm9yZSBwcm9jZWVkaW5nIHdpdGggdGhlIGNvbmZpZ3VyYXRpb24sIG1ha2Ug c3VyZTwvZGl2PgogICAgICAgICAgPGRpdj50aGUgZmlyZXdhbGwgc2V0dGluZ3Mgb2YgdGhpcyBt YWNoaW5lIHBlcm1pdCBwcm9wZXI8L2Rpdj4KICAgICAgICAgIDxkaXY+YWNjZXNzIHRvIHRoaXMg c3Vic3lzdGVtLjwvZGl2PgogICAgICAgICAgPGRpdj48YnI+CiAgICAgICAgICA8L2Rpdj4KICAg ICAgICAgIDxkaXY+UGxlYXNlIHN0YXJ0IHRoZSBjb25maWd1cmF0aW9uIGJ5IGFjY2Vzc2luZzo8 L2Rpdj4KICAgICAgICAgIDxkaXY+PGJyPgogICAgICAgICAgPC9kaXY+CiAgICAgICAgICA8ZGl2 PjxhIGhyZWY9Imh0dHBzOi8vKHNvbWVhZGRyZXNzKToxMjg5MC9yYS9hZG1pbi9jb25zb2xlL2Nv bmZpZy9sb2dpbj9waW49WFdkc1Yxb0R0eDlxUUZjeWJ6QXIiIHRhcmdldD0iX2JsYW5rIj5odHRw czovLyhzb21lYWRkcmVzcyk6MTI4OTAvcmEvYWRtaW4vY29uc29sZS9jb25maWcvbG9naW4/cGlu PVhXZHNWMW9EdHg5cVFGY3liekFyPC9hPjwvZGl2PgogICAgICAgICAgPGRpdj48YnI+CiAgICAg ICAgICA8L2Rpdj4KICAgICAgICAgIDxkaXY+QWZ0ZXIgY29uZmlndXJhdGlvbiwgdGhlIHNlcnZl ciBjYW4gYmUgb3BlcmF0ZWQgYnkgdGhlCiAgICAgICAgICAgIGNvbW1hbmQ6PC9kaXY+CiAgICAg ICAgICA8ZGl2Pjxicj4KICAgICAgICAgIDwvZGl2PgogICAgICAgICAgPGRpdj6gIKAgL2Jpbi9z eXN0ZW1jdGwgcmVzdGFydCA8YSBocmVmPSJtYWlsdG86cGtpLXJhZEBwa2ktcmEuc2VydmljZSIg dGFyZ2V0PSJfYmxhbmsiPnBraS1yYWRAcGtpLXJhLnNlcnZpY2U8L2E+PC9kaXY+CiAgICAgICAg PC9kaXY+CiAgICAgICAgPGRpdj48YnI+CiAgICAgICAgPC9kaXY+CiAgICAgICAgPGRpdj48YnI+ CiAgICAgICAgPC9kaXY+CiAgICAgICAgPGRpdj5BbnlvbmUga25vdyBob3cgdG8gZml4IHRoaXM/ IEkgZ2V0IGl0IGZvciB0aGUgVFBTCiAgICAgICAgICBtb2R1bGUgYXMgd2VsbC6gPC9kaXY+CiAg ICAgICAgPGRpdj48YnI+CiAgICAgICAgPC9kaXY+CiAgICAgICAgPGRpdj5UaGFua3M8L2Rpdj4K ICAgICAgICA8ZGl2Pjxicj4KICAgICAgICA8L2Rpdj4KICAgICAgICA8ZGl2PkJyaWFuIEhlbnNv bjwvZGl2PgogICAgICA8L2Rpdj4KICAgICAgPGJyPgogICAgICA8ZmllbGRzZXQ+PC9maWVsZHNl dD4KICAgICAgPGJyPgogICAgPC9ibG9ja3F1b3RlPgogICAgPGJyPgogICAgQnJpYW4sPGJyPgog ICAgPGJyPgogICAgQ291bGQgeW91IHByb3ZpZGUgT1MgYW5kIHNlcnZlciB2ZXJzaW9ucz88YnI+ CiAgICA8YnI+CiAgICBUaGFuayB5b3UsPGJyPgogICAgQW5kcmV3PGJyPgogIDwvZGl2PgoKPC9i bG9ja3F1b3RlPjwvZGl2Pgo= --===============4336710836287337790==-- From marine64 at gmail.com Thu May 30 14:34:50 2013 Content-Type: multipart/mixed; boundary="===============8716516051073422028==" MIME-Version: 1.0 From: Brian Henson To: users at lists.dogtagpki.org Subject: Re: [Pki-users] (Fedora 17) PKI-RA fails to start after install Date: Thu, 30 May 2013 14:34:48 -0400 Message-ID: In-Reply-To: CAE_vMveNkMsR6iiM391FwdpuUJ776T3oP7u5KW2hmxrB7HPo_g@mail.gmail.com --===============8716516051073422028== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Any Ideas on this? I need the TPS for the smartcard support. On Wed, May 29, 2013 at 1:24 PM, Brian Henson wrote: > Fedora 17 and dogtag 9 via yum > On May 29, 2013 12:01 PM, "Andrew Wnuk" wrote: > >> >> On 05/28/2013 09:46 PM, Brian Henson wrote: >> >> Hello all, >> >> When I try to configure the RA subsystem after installing it I get this >> error. >> >> Installation information recorded in /var/log/pki-ra-install.log. >> [debug] run_command(/bin/systemctl restart pki-rad(a)pki-ra.service) >> [error] FAILED run_command("/bin/systemctl restart pki-rad(a)pki-ra.serv= ice"), >> exit status=3D1 output=3D"Job failed. See system journal and 'systemctl = status' >> for details." >> Before proceeding with the configuration, make sure >> the firewall settings of this machine permit proper >> access to this subsystem. >> >> Please start the configuration by accessing: >> >> >> https://(someaddress):12890/ra/admin/console/config/login?pin=3DXWdsV1oD= tx9qQFcybzAr >> >> After configuration, the server can be operated by the command: >> >> /bin/systemctl restart pki-rad(a)pki-ra.service >> >> >> Anyone know how to fix this? I get it for the TPS module as well. >> >> Thanks >> >> Brian Henson >> >> >> >> Brian, >> >> Could you provide OS and server versions? >> >> Thank you, >> Andrew >> > --===============8716516051073422028== Content-Type: text/html MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.html" PGRpdiBkaXI9Imx0ciI+QW55IElkZWFzIG9uIHRoaXM/IEkgbmVlZCB0aGUgVFBTIGZvciB0aGUg c21hcnRjYXJkIHN1cHBvcnQuIDwvZGl2PjxkaXYgY2xhc3M9ImdtYWlsX2V4dHJhIj48YnI+PGJy PjxkaXYgY2xhc3M9ImdtYWlsX3F1b3RlIj5PbiBXZWQsIE1heSAyOSwgMjAxMyBhdCAxOjI0IFBN LCBCcmlhbiBIZW5zb24gPHNwYW4gZGlyPSJsdHIiPiZsdDs8YSBocmVmPSJtYWlsdG86bWFyaW5l NjRAZ21haWwuY29tIiB0YXJnZXQ9Il9ibGFuayI+bWFyaW5lNjRAZ21haWwuY29tPC9hPiZndDs8 L3NwYW4+IHdyb3RlOjxicj4KPGJsb2NrcXVvdGUgY2xhc3M9ImdtYWlsX3F1b3RlIiBzdHlsZT0i bWFyZ2luOjAgMCAwIC44ZXg7Ym9yZGVyLWxlZnQ6MXB4ICNjY2Mgc29saWQ7cGFkZGluZy1sZWZ0 OjFleCI+PHA+RmVkb3JhIDE3IGFuZCBkb2d0YWcgOSB2aWEgeXVtPC9wPjxkaXYgY2xhc3M9IkhP RW5aYiI+PGRpdiBjbGFzcz0iaDUiPgo8ZGl2IGNsYXNzPSJnbWFpbF9xdW90ZSI+T24gTWF5IDI5 LCAyMDEzIDEyOjAxIFBNLCAmcXVvdDtBbmRyZXcgV251ayZxdW90OyAmbHQ7PGEgaHJlZj0ibWFp bHRvOmF3bnVrQHJlZGhhdC5jb20iIHRhcmdldD0iX2JsYW5rIj5hd251a0ByZWRoYXQuY29tPC9h PiZndDsgd3JvdGU6PGJyIHR5cGU9ImF0dHJpYnV0aW9uIj48YmxvY2txdW90ZSBzdHlsZT0ibWFy Z2luOjBweCAwcHggMHB4IDAuOGV4O3BhZGRpbmctbGVmdDoxZXg7Ym9yZGVyLWxlZnQtY29sb3I6 cmdiKDIwNCwyMDQsMjA0KTtib3JkZXItbGVmdC13aWR0aDoxcHg7Ym9yZGVyLWxlZnQtc3R5bGU6 c29saWQiIGNsYXNzPSJnbWFpbF9xdW90ZSI+CgoKICAKICAgIAogIAogIDxkaXYgYmdjb2xvcj0i I0ZGRkZGRiIgdGV4dD0iIzAwMDAwMCI+CiAgICA8ZGl2Pjxicj4KICAgICAgT24gMDUvMjgvMjAx MyAwOTo0NiBQTSwgQnJpYW4gSGVuc29uIHdyb3RlOjxicj4KICAgIDwvZGl2PgogICAgPGJsb2Nr cXVvdGUgdHlwZT0iY2l0ZSI+CiAgICAgIDxkaXYgZGlyPSJsdHIiPkhlbGxvIGFsbCygCiAgICAg ICAgPGRpdj48YnI+CiAgICAgICAgPC9kaXY+CiAgICAgICAgPGRpdj5XaGVuIEkgdHJ5IHRvIGNv bmZpZ3VyZSB0aGUgUkEgc3Vic3lzdGVtIGFmdGVyIGluc3RhbGxpbmcKICAgICAgICAgIGl0IEkg Z2V0IHRoaXMgZXJyb3IuPC9kaXY+CiAgICAgICAgPGRpdj48YnI+CiAgICAgICAgPC9kaXY+CiAg ICAgICAgPGRpdj4KICAgICAgICAgIDxkaXY+SW5zdGFsbGF0aW9uIGluZm9ybWF0aW9uIHJlY29y ZGVkIGluCiAgICAgICAgICAgIC92YXIvbG9nL3BraS1yYS1pbnN0YWxsLmxvZy48L2Rpdj4KICAg ICAgICAgIDxkaXY+W2RlYnVnXSBydW5fY29tbWFuZCgvYmluL3N5c3RlbWN0bCByZXN0YXJ0CiAg ICAgICAgICAgIDxhIGhyZWY9Im1haWx0bzpwa2ktcmFkQHBraS1yYS5zZXJ2aWNlIiB0YXJnZXQ9 Il9ibGFuayI+cGtpLXJhZEBwa2ktcmEuc2VydmljZTwvYT4pPC9kaXY+CiAgICAgICAgICA8ZGl2 PltlcnJvcl0gRkFJTEVEIHJ1bl9jb21tYW5kKCZxdW90Oy9iaW4vc3lzdGVtY3RsIHJlc3RhcnQK ICAgICAgICAgICAgPGEgaHJlZj0ibWFpbHRvOnBraS1yYWRAcGtpLXJhLnNlcnZpY2UiIHRhcmdl dD0iX2JsYW5rIj5wa2ktcmFkQHBraS1yYS5zZXJ2aWNlPC9hPiZxdW90OyksIGV4aXQgc3RhdHVz PTEgb3V0cHV0PSZxdW90O0pvYiBmYWlsZWQuCiAgICAgICAgICAgIFNlZSBzeXN0ZW0gam91cm5h bCBhbmQgJiMzOTtzeXN0ZW1jdGwgc3RhdHVzJiMzOTsgZm9yIGRldGFpbHMuJnF1b3Q7PC9kaXY+ CiAgICAgICAgICA8ZGl2PkJlZm9yZSBwcm9jZWVkaW5nIHdpdGggdGhlIGNvbmZpZ3VyYXRpb24s IG1ha2Ugc3VyZTwvZGl2PgogICAgICAgICAgPGRpdj50aGUgZmlyZXdhbGwgc2V0dGluZ3Mgb2Yg dGhpcyBtYWNoaW5lIHBlcm1pdCBwcm9wZXI8L2Rpdj4KICAgICAgICAgIDxkaXY+YWNjZXNzIHRv IHRoaXMgc3Vic3lzdGVtLjwvZGl2PgogICAgICAgICAgPGRpdj48YnI+CiAgICAgICAgICA8L2Rp dj4KICAgICAgICAgIDxkaXY+UGxlYXNlIHN0YXJ0IHRoZSBjb25maWd1cmF0aW9uIGJ5IGFjY2Vz c2luZzo8L2Rpdj4KICAgICAgICAgIDxkaXY+PGJyPgogICAgICAgICAgPC9kaXY+CiAgICAgICAg ICA8ZGl2PjxhIGhyZWY9Imh0dHBzOi8vKHNvbWVhZGRyZXNzKToxMjg5MC9yYS9hZG1pbi9jb25z b2xlL2NvbmZpZy9sb2dpbj9waW49WFdkc1Yxb0R0eDlxUUZjeWJ6QXIiIHRhcmdldD0iX2JsYW5r Ij5odHRwczovLyhzb21lYWRkcmVzcyk6MTI4OTAvcmEvYWRtaW4vY29uc29sZS9jb25maWcvbG9n aW4/cGluPVhXZHNWMW9EdHg5cVFGY3liekFyPC9hPjwvZGl2PgogICAgICAgICAgPGRpdj48YnI+ CiAgICAgICAgICA8L2Rpdj4KICAgICAgICAgIDxkaXY+QWZ0ZXIgY29uZmlndXJhdGlvbiwgdGhl IHNlcnZlciBjYW4gYmUgb3BlcmF0ZWQgYnkgdGhlCiAgICAgICAgICAgIGNvbW1hbmQ6PC9kaXY+ CiAgICAgICAgICA8ZGl2Pjxicj4KICAgICAgICAgIDwvZGl2PgogICAgICAgICAgPGRpdj6gIKAg L2Jpbi9zeXN0ZW1jdGwgcmVzdGFydCA8YSBocmVmPSJtYWlsdG86cGtpLXJhZEBwa2ktcmEuc2Vy dmljZSIgdGFyZ2V0PSJfYmxhbmsiPnBraS1yYWRAcGtpLXJhLnNlcnZpY2U8L2E+PC9kaXY+CiAg ICAgICAgPC9kaXY+CiAgICAgICAgPGRpdj48YnI+CiAgICAgICAgPC9kaXY+CiAgICAgICAgPGRp dj48YnI+CiAgICAgICAgPC9kaXY+CiAgICAgICAgPGRpdj5BbnlvbmUga25vdyBob3cgdG8gZml4 IHRoaXM/IEkgZ2V0IGl0IGZvciB0aGUgVFBTCiAgICAgICAgICBtb2R1bGUgYXMgd2VsbC6gPC9k aXY+CiAgICAgICAgPGRpdj48YnI+CiAgICAgICAgPC9kaXY+CiAgICAgICAgPGRpdj5UaGFua3M8 L2Rpdj4KICAgICAgICA8ZGl2Pjxicj4KICAgICAgICA8L2Rpdj4KICAgICAgICA8ZGl2PkJyaWFu IEhlbnNvbjwvZGl2PgogICAgICA8L2Rpdj4KICAgICAgPGJyPgogICAgICA8ZmllbGRzZXQ+PC9m aWVsZHNldD4KICAgICAgPGJyPgogICAgPC9ibG9ja3F1b3RlPgogICAgPGJyPgogICAgQnJpYW4s PGJyPgogICAgPGJyPgogICAgQ291bGQgeW91IHByb3ZpZGUgT1MgYW5kIHNlcnZlciB2ZXJzaW9u cz88YnI+CiAgICA8YnI+CiAgICBUaGFuayB5b3UsPGJyPgogICAgQW5kcmV3PGJyPgogIDwvZGl2 PgoKPC9ibG9ja3F1b3RlPjwvZGl2Pgo8L2Rpdj48L2Rpdj48L2Jsb2NrcXVvdGU+PC9kaXY+PGJy PjwvZGl2Pgo= --===============8716516051073422028==-- From awnuk at redhat.com Thu May 30 15:59:35 2013 Content-Type: multipart/mixed; boundary="===============4778959931465143599==" MIME-Version: 1.0 From: Andrew Wnuk To: users at lists.dogtagpki.org Subject: Re: [Pki-users] (Fedora 17) PKI-RA fails to start after install Date: Thu, 30 May 2013 13:01:28 -0700 Message-ID: <51A7B018.6050206@redhat.com> In-Reply-To: CAE_vMvdki6E4jss=wd9RHjt-dDS9=w5_T=q7a=5m+=mR2eBGew@mail.gmail.com --===============4778959931465143599== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Is there anything in the log files pointing to your failure? If yes, could you provide these log entries? On 05/30/2013 11:34 AM, Brian Henson wrote: > Any Ideas on this? I need the TPS for the smartcard support. > > > On Wed, May 29, 2013 at 1:24 PM, Brian Henson > wrote: > > Fedora 17 and dogtag 9 via yum > > On May 29, 2013 12:01 PM, "Andrew Wnuk" > wrote: > > > On 05/28/2013 09:46 PM, Brian Henson wrote: >> Hello all, >> >> When I try to configure the RA subsystem after installing it >> I get this error. >> >> Installation information recorded in /var/log/pki-ra-install.log. >> [debug] run_command(/bin/systemctl restart >> pki-rad(a)pki-ra.service ) >> [error] FAILED run_command("/bin/systemctl restart >> pki-rad(a)pki-ra.service "), >> exit status=3D1 output=3D"Job failed. See system journal and >> 'systemctl status' for details." >> Before proceeding with the configuration, make sure >> the firewall settings of this machine permit proper >> access to this subsystem. >> >> Please start the configuration by accessing: >> >> https://(someaddress):12890/ra/admin/console/config/login?pin=3D= XWdsV1oDtx9qQFcybzAr >> >> >> After configuration, the server can be operated by the command: >> >> /bin/systemctl restart pki-rad(a)pki-ra.service >> >> >> >> Anyone know how to fix this? I get it for the TPS module as >> well. >> >> Thanks >> >> Brian Henson >> >> > > Brian, > > Could you provide OS and server versions? > > Thank you, > Andrew > > --===============4778959931465143599== Content-Type: text/html MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.html" PGh0bWw+CiAgPGhlYWQ+CiAgICA8bWV0YSBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9SVNP LTg4NTktMSIKICAgICAgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIj4KICA8L2hlYWQ+CiAgPGJv ZHkgYmdjb2xvcj0iI0ZGRkZGRiIgdGV4dD0iIzAwMDAwMCI+CiAgICA8ZGl2IGNsYXNzPSJtb3ot Y2l0ZS1wcmVmaXgiPiZuYnNwOzxicj4KICAgICAgSXMgdGhlcmUgYW55dGhpbmcgaW4gdGhlIGxv ZyBmaWxlcyBwb2ludGluZyB0byB5b3VyIGZhaWx1cmU/PGJyPgogICAgICBJZiB5ZXMsIGNvdWxk IHlvdSBwcm92aWRlIHRoZXNlIGxvZyBlbnRyaWVzPyA8YnI+CiAgICAgIDxicj4KICAgICAgT24g MDUvMzAvMjAxMyAxMTozNCBBTSwgQnJpYW4gSGVuc29uIHdyb3RlOjxicj4KICAgIDwvZGl2Pgog ICAgPGJsb2NrcXVvdGUKY2l0ZT0ibWlkOkNBRV92TXZka2k2RTRqc3M9d2Q5UkhqdC1kRFM5PXc1 X1Q9cTdhPTVtKz1tUjJlQkdld0BtYWlsLmdtYWlsLmNvbSIKICAgICAgdHlwZT0iY2l0ZSI+CiAg ICAgIDxkaXYgZGlyPSJsdHIiPkFueSBJZGVhcyBvbiB0aGlzPyBJIG5lZWQgdGhlIFRQUyBmb3Ig dGhlIHNtYXJ0Y2FyZAogICAgICAgIHN1cHBvcnQuIDwvZGl2PgogICAgICA8ZGl2IGNsYXNzPSJn bWFpbF9leHRyYSI+PGJyPgogICAgICAgIDxicj4KICAgICAgICA8ZGl2IGNsYXNzPSJnbWFpbF9x dW90ZSI+T24gV2VkLCBNYXkgMjksIDIwMTMgYXQgMToyNCBQTSwgQnJpYW4KICAgICAgICAgIEhl bnNvbiA8c3BhbiBkaXI9Imx0ciI+Jmx0OzxhIG1vei1kby1ub3Qtc2VuZD0idHJ1ZSIKICAgICAg ICAgICAgICBocmVmPSJtYWlsdG86bWFyaW5lNjRAZ21haWwuY29tIiB0YXJnZXQ9Il9ibGFuayI+ bWFyaW5lNjRAZ21haWwuY29tPC9hPiZndDs8L3NwYW4+CiAgICAgICAgICB3cm90ZTo8YnI+CiAg ICAgICAgICA8YmxvY2txdW90ZSBjbGFzcz0iZ21haWxfcXVvdGUiIHN0eWxlPSJtYXJnaW46MCAw IDAKICAgICAgICAgICAgLjhleDtib3JkZXItbGVmdDoxcHggI2NjYyBzb2xpZDtwYWRkaW5nLWxl ZnQ6MWV4Ij4KICAgICAgICAgICAgPHA+RmVkb3JhIDE3IGFuZCBkb2d0YWcgOSB2aWEgeXVtPC9w PgogICAgICAgICAgICA8ZGl2IGNsYXNzPSJIT0VuWmIiPgogICAgICAgICAgICAgIDxkaXYgY2xh c3M9Img1Ij4KICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9ImdtYWlsX3F1b3RlIj5PbiBNYXkg MjksIDIwMTMgMTI6MDEgUE0sCiAgICAgICAgICAgICAgICAgICJBbmRyZXcgV251ayIgJmx0Ozxh IG1vei1kby1ub3Qtc2VuZD0idHJ1ZSIKICAgICAgICAgICAgICAgICAgICBocmVmPSJtYWlsdG86 YXdudWtAcmVkaGF0LmNvbSIgdGFyZ2V0PSJfYmxhbmsiPmF3bnVrQHJlZGhhdC5jb208L2E+Jmd0 OwogICAgICAgICAgICAgICAgICB3cm90ZTo8YnIgdHlwZT0iYXR0cmlidXRpb24iPgogICAgICAg ICAgICAgICAgICA8YmxvY2txdW90ZSBzdHlsZT0ibWFyZ2luOjBweCAwcHggMHB4CjAuOGV4O3Bh ZGRpbmctbGVmdDoxZXg7Ym9yZGVyLWxlZnQtY29sb3I6cmdiKDIwNCwyMDQsMjA0KTtib3JkZXIt bGVmdC13aWR0aDoxcHg7Ym9yZGVyLWxlZnQtc3R5bGU6c29saWQiCiAgICAgICAgICAgICAgICAg ICAgY2xhc3M9ImdtYWlsX3F1b3RlIj4KICAgICAgICAgICAgICAgICAgICA8ZGl2IGJnY29sb3I9 IiNGRkZGRkYiIHRleHQ9IiMwMDAwMDAiPgogICAgICAgICAgICAgICAgICAgICAgPGRpdj48YnI+ CiAgICAgICAgICAgICAgICAgICAgICAgIE9uIDA1LzI4LzIwMTMgMDk6NDYgUE0sIEJyaWFuIEhl bnNvbiB3cm90ZTo8YnI+CiAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAg ICAgICAgICAgIDxibG9ja3F1b3RlIHR5cGU9ImNpdGUiPgogICAgICAgICAgICAgICAgICAgICAg ICA8ZGl2IGRpcj0ibHRyIj5IZWxsbyBhbGwsJm5ic3A7CiAgICAgICAgICAgICAgICAgICAgICAg ICAgPGRpdj48YnI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAg ICAgICAgICAgICAgICAgPGRpdj5XaGVuIEkgdHJ5IHRvIGNvbmZpZ3VyZSB0aGUgUkEgc3Vic3lz dGVtCiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZnRlciBpbnN0YWxsaW5nIGl0IEkgZ2V0 IHRoaXMgZXJyb3IuPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj48YnI+CiAg ICAgICAgICAgICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAg PGRpdj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXY+SW5zdGFsbGF0aW9uIGluZm9y bWF0aW9uIHJlY29yZGVkIGluCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC92YXIvbG9n L3BraS1yYS1pbnN0YWxsLmxvZy48L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxk aXY+W2RlYnVnXSBydW5fY29tbWFuZCgvYmluL3N5c3RlbWN0bAogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICByZXN0YXJ0IDxhIG1vei1kby1ub3Qtc2VuZD0idHJ1ZSIKICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICBocmVmPSJtYWlsdG86cGtpLXJhZEBwa2ktcmEuc2VydmljZSIK ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0YXJnZXQ9Il9ibGFuayI+cGtpLXJhZEBw a2ktcmEuc2VydmljZTwvYT4pPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2 PltlcnJvcl0gRkFJTEVECiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJ1bl9jb21tYW5k KCIvYmluL3N5c3RlbWN0bCByZXN0YXJ0IDxhCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGhyZWY9Im1haWx0bzpwa2ktcmFkQHBraS1yYS5zZXJ2aWNlIgogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIHRhcmdldD0iX2JsYW5rIj5wa2ktcmFkQHBraS1yYS5zZXJ2aWNlPC9hPiIp LAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICBleGl0IHN0YXR1cz0xIG91dHB1dD0iSm9i IGZhaWxlZC4gU2VlCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN5c3RlbSBqb3VybmFs IGFuZCAnc3lzdGVtY3RsIHN0YXR1cycgZm9yCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGRldGFpbHMuIjwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj5CZWZvcmUg cHJvY2VlZGluZyB3aXRoIHRoZQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25maWd1 cmF0aW9uLCBtYWtlIHN1cmU8L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXY+ dGhlIGZpcmV3YWxsIHNldHRpbmdzIG9mIHRoaXMgbWFjaGluZQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICBwZXJtaXQgcHJvcGVyPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8ZGl2PmFjY2VzcyB0byB0aGlzIHN1YnN5c3RlbS48L2Rpdj4KICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDxkaXY+PGJyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9kaXY+CiAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2PlBsZWFzZSBzdGFydCB0aGUgY29uZmlndXJh dGlvbiBieQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhY2Nlc3Npbmc6PC9kaXY+CiAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2Pjxicj4KICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj48YSBtb3otZG8t bm90LXNlbmQ9InRydWUiCmhyZWY9Imh0dHBzOi8vJTI4c29tZWFkZHJlc3MlMjk6MTI4OTAvcmEv YWRtaW4vY29uc29sZS9jb25maWcvbG9naW4/cGluPVhXZHNWMW9EdHg5cVFGY3liekFyIgogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRhcmdldD0iX2JsYW5rIj5odHRwczovLyhzb21l YWRkcmVzcyk6MTI4OTAvcmEvYWRtaW4vY29uc29sZS9jb25maWcvbG9naW4/cGluPVhXZHNWMW9E dHg5cVFGY3liekFyPC9hPjwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj48 YnI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDxkaXY+QWZ0ZXIgY29uZmlndXJhdGlvbiwgdGhlIHNlcnZlciBjYW4gYmUKICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgb3BlcmF0ZWQgYnkgdGhlIGNvbW1hbmQ6PC9kaXY+ CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2Pjxicj4KICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj4mbmJzcDsg Jm5ic3A7IC9iaW4vc3lzdGVtY3RsIHJlc3RhcnQgPGEKICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICBtb3otZG8tbm90LXNlbmQ9InRydWUiCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgaHJlZj0ibWFpbHRvOnBraS1yYWRAcGtpLXJhLnNlcnZpY2UiCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgdGFyZ2V0PSJfYmxhbmsiPnBraS1yYWRAcGtpLXJhLnNlcnZpY2U8 L2E+PC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAg ICAgICAgICAgICAgPGRpdj48YnI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgPC9kaXY+CiAg ICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj48YnI+CiAgICAgICAgICAgICAgICAgICAgICAg ICAgPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj5BbnlvbmUga25vdyBob3cg dG8gZml4IHRoaXM/IEkgZ2V0IGl0IGZvcgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhl IFRQUyBtb2R1bGUgYXMgd2VsbC4mbmJzcDs8L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAg ICA8ZGl2Pjxicj4KICAgICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAg ICAgICAgICAgICAgICA8ZGl2PlRoYW5rczwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAg IDxkaXY+PGJyPgogICAgICAgICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAg ICAgICAgICAgICAgIDxkaXY+QnJpYW4gSGVuc29uPC9kaXY+CiAgICAgICAgICAgICAgICAgICAg ICAgIDwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICA8YnI+CiAgICAgICAgICAgICAgICAg ICAgICAgIDxmaWVsZHNldD48L2ZpZWxkc2V0PgogICAgICAgICAgICAgICAgICAgICAgICA8YnI+ CiAgICAgICAgICAgICAgICAgICAgICA8L2Jsb2NrcXVvdGU+CiAgICAgICAgICAgICAgICAgICAg ICA8YnI+CiAgICAgICAgICAgICAgICAgICAgICBCcmlhbiw8YnI+CiAgICAgICAgICAgICAgICAg ICAgICA8YnI+CiAgICAgICAgICAgICAgICAgICAgICBDb3VsZCB5b3UgcHJvdmlkZSBPUyBhbmQg c2VydmVyIHZlcnNpb25zPzxicj4KICAgICAgICAgICAgICAgICAgICAgIDxicj4KICAgICAgICAg ICAgICAgICAgICAgIFRoYW5rIHlvdSw8YnI+CiAgICAgICAgICAgICAgICAgICAgICBBbmRyZXc8 YnI+CiAgICAgICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICAgIDwvYmxvY2tx dW90ZT4KICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgIDwvZGl2PgogICAgICAg ICAgICA8L2Rpdj4KICAgICAgICAgIDwvYmxvY2txdW90ZT4KICAgICAgICA8L2Rpdj4KICAgICAg ICA8YnI+CiAgICAgIDwvZGl2PgogICAgPC9ibG9ja3F1b3RlPgogICAgPGJyPgogIDwvYm9keT4K PC9odG1sPgo= --===============4778959931465143599==-- From marine64 at gmail.com Fri May 31 10:53:58 2013 Content-Type: multipart/mixed; boundary="===============6849919758928970217==" MIME-Version: 1.0 From: Brian Henson To: users at lists.dogtagpki.org Subject: Re: [Pki-users] (Fedora 17) PKI-RA fails to start after install Date: Fri, 31 May 2013 10:53:55 -0400 Message-ID: In-Reply-To: 51A7B018.6050206@redhat.com --===============6849919758928970217== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable I don't mean to sound dumb but where is the logfiles? I am using the wiki install page as a guide. On Thu, May 30, 2013 at 4:01 PM, Andrew Wnuk wrote: > > Is there anything in the log files pointing to your failure? > If yes, could you provide these log entries? > > On 05/30/2013 11:34 AM, Brian Henson wrote: > > Any Ideas on this? I need the TPS for the smartcard support. > > > On Wed, May 29, 2013 at 1:24 PM, Brian Henson wrot= e: > >> Fedora 17 and dogtag 9 via yum >> On May 29, 2013 12:01 PM, "Andrew Wnuk" wrote: >> >>> >>> On 05/28/2013 09:46 PM, Brian Henson wrote: >>> >>> Hello all, >>> >>> When I try to configure the RA subsystem after installing it I get >>> this error. >>> >>> Installation information recorded in /var/log/pki-ra-install.log. >>> [debug] run_command(/bin/systemctl restart pki-rad(a)pki-ra.service) >>> [error] FAILED run_command("/bin/systemctl restart >>> pki-rad(a)pki-ra.service"), exit status=3D1 output=3D"Job failed. See s= ystem >>> journal and 'systemctl status' for details." >>> Before proceeding with the configuration, make sure >>> the firewall settings of this machine permit proper >>> access to this subsystem. >>> >>> Please start the configuration by accessing: >>> >>> >>> https://(someaddress):12890/ra/admin/console/config/login?pin=3DXWdsV1o= Dtx9qQFcybzAr >>> >>> After configuration, the server can be operated by the command: >>> >>> /bin/systemctl restart pki-rad(a)pki-ra.service >>> >>> >>> Anyone know how to fix this? I get it for the TPS module as well. >>> >>> Thanks >>> >>> Brian Henson >>> >>> >>> >>> Brian, >>> >>> Could you provide OS and server versions? >>> >>> Thank you, >>> Andrew >>> >> > > --===============6849919758928970217== Content-Type: text/html MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.html" PGRpdiBkaXI9Imx0ciI+SSBkb24mIzM5O3QgbWVhbiB0byBzb3VuZCBkdW1iIGJ1dCB3aGVyZSBp cyB0aGUgbG9nZmlsZXM/IEkgYW0gdXNpbmcgdGhlIHdpa2kgaW5zdGFsbCBwYWdlIGFzIGEgZ3Vp ZGUuIDwvZGl2PjxkaXYgY2xhc3M9ImdtYWlsX2V4dHJhIj48YnI+PGJyPjxkaXYgY2xhc3M9Imdt YWlsX3F1b3RlIj5PbiBUaHUsIE1heSAzMCwgMjAxMyBhdCA0OjAxIFBNLCBBbmRyZXcgV251ayA8 c3BhbiBkaXI9Imx0ciI+Jmx0OzxhIGhyZWY9Im1haWx0bzphd251a0ByZWRoYXQuY29tIiB0YXJn ZXQ9Il9ibGFuayI+YXdudWtAcmVkaGF0LmNvbTwvYT4mZ3Q7PC9zcGFuPiB3cm90ZTo8YnI+Cjxi bG9ja3F1b3RlIGNsYXNzPSJnbWFpbF9xdW90ZSIgc3R5bGU9Im1hcmdpbjowIDAgMCAuOGV4O2Jv cmRlci1sZWZ0OjFweCAjY2NjIHNvbGlkO3BhZGRpbmctbGVmdDoxZXgiPgogIAogICAgCiAgCiAg PGRpdiB0ZXh0PSIjMDAwMDAwIiBiZ2NvbG9yPSIjRkZGRkZGIj4KICAgIDxkaXY+oDxicj4KICAg ICAgSXMgdGhlcmUgYW55dGhpbmcgaW4gdGhlIGxvZyBmaWxlcyBwb2ludGluZyB0byB5b3VyIGZh aWx1cmU/PGJyPgogICAgICBJZiB5ZXMsIGNvdWxkIHlvdSBwcm92aWRlIHRoZXNlIGxvZyBlbnRy aWVzPyA8YnI+PGRpdj48ZGl2IGNsYXNzPSJoNSI+CiAgICAgIDxicj4KICAgICAgT24gMDUvMzAv MjAxMyAxMTozNCBBTSwgQnJpYW4gSGVuc29uIHdyb3RlOjxicj4KICAgIDwvZGl2PjwvZGl2Pjwv ZGl2PjxkaXY+PGRpdiBjbGFzcz0iaDUiPgogICAgPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSI+CiAg ICAgIDxkaXYgZGlyPSJsdHIiPkFueSBJZGVhcyBvbiB0aGlzPyBJIG5lZWQgdGhlIFRQUyBmb3Ig dGhlIHNtYXJ0Y2FyZAogICAgICAgIHN1cHBvcnQuIDwvZGl2PgogICAgICA8ZGl2IGNsYXNzPSJn bWFpbF9leHRyYSI+PGJyPgogICAgICAgIDxicj4KICAgICAgICA8ZGl2IGNsYXNzPSJnbWFpbF9x dW90ZSI+T24gV2VkLCBNYXkgMjksIDIwMTMgYXQgMToyNCBQTSwgQnJpYW4KICAgICAgICAgIEhl bnNvbiA8c3BhbiBkaXI9Imx0ciI+Jmx0OzxhIGhyZWY9Im1haWx0bzptYXJpbmU2NEBnbWFpbC5j b20iIHRhcmdldD0iX2JsYW5rIj5tYXJpbmU2NEBnbWFpbC5jb208L2E+Jmd0Ozwvc3Bhbj4KICAg ICAgICAgIHdyb3RlOjxicj4KICAgICAgICAgIDxibG9ja3F1b3RlIHN0eWxlPSJtYXJnaW46MHB4 IDBweCAwcHggMC44ZXg7cGFkZGluZy1sZWZ0OjFleDtib3JkZXItbGVmdC1jb2xvcjpyZ2IoMjA0 LDIwNCwyMDQpO2JvcmRlci1sZWZ0LXdpZHRoOjFweDtib3JkZXItbGVmdC1zdHlsZTpzb2xpZCIg Y2xhc3M9ImdtYWlsX3F1b3RlIj4KICAgICAgICAgICAgPHA+RmVkb3JhIDE3IGFuZCBkb2d0YWcg OSB2aWEgeXVtPC9wPgogICAgICAgICAgICA8ZGl2PgogICAgICAgICAgICAgIDxkaXY+CiAgICAg ICAgICAgICAgICA8ZGl2IGNsYXNzPSJnbWFpbF9xdW90ZSI+T24gTWF5IDI5LCAyMDEzIDEyOjAx IFBNLAogICAgICAgICAgICAgICAgICAmcXVvdDtBbmRyZXcgV251ayZxdW90OyAmbHQ7PGEgaHJl Zj0ibWFpbHRvOmF3bnVrQHJlZGhhdC5jb20iIHRhcmdldD0iX2JsYW5rIj5hd251a0ByZWRoYXQu Y29tPC9hPiZndDsKICAgICAgICAgICAgICAgICAgd3JvdGU6PGJyIHR5cGU9ImF0dHJpYnV0aW9u Ij4KICAgICAgICAgICAgICAgICAgPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdpbjowcHggMHB4IDBw eCAwLjhleDtwYWRkaW5nLWxlZnQ6MWV4O2JvcmRlci1sZWZ0LWNvbG9yOnJnYigyMDQsMjA0LDIw NCk7Ym9yZGVyLWxlZnQtd2lkdGg6MXB4O2JvcmRlci1sZWZ0LXN0eWxlOnNvbGlkIiBjbGFzcz0i Z21haWxfcXVvdGUiPgogICAgICAgICAgICAgICAgICAgIDxkaXYgdGV4dD0iIzAwMDAwMCIgYmdj b2xvcj0iI0ZGRkZGRiI+CiAgICAgICAgICAgICAgICAgICAgICA8ZGl2Pjxicj4KICAgICAgICAg ICAgICAgICAgICAgICAgT24gMDUvMjgvMjAxMyAwOTo0NiBQTSwgQnJpYW4gSGVuc29uIHdyb3Rl Ojxicj4KICAgICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgICAgICAg PGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSI+CiAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgZGly PSJsdHIiPkhlbGxvIGFsbCygCiAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj48YnI+CiAg ICAgICAgICAgICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAg PGRpdj5XaGVuIEkgdHJ5IHRvIGNvbmZpZ3VyZSB0aGUgUkEgc3Vic3lzdGVtCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICBhZnRlciBpbnN0YWxsaW5nIGl0IEkgZ2V0IHRoaXMgZXJyb3IuPC9k aXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj48YnI+CiAgICAgICAgICAgICAgICAg ICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj4KICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDxkaXY+SW5zdGFsbGF0aW9uIGluZm9ybWF0aW9uIHJlY29yZGVk IGluCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC92YXIvbG9nL3BraS1yYS1pbnN0YWxs LmxvZy48L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXY+W2RlYnVnXSBydW5f Y29tbWFuZCgvYmluL3N5c3RlbWN0bAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICByZXN0 YXJ0IDxhIGhyZWY9Im1haWx0bzpwa2ktcmFkQHBraS1yYS5zZXJ2aWNlIiB0YXJnZXQ9Il9ibGFu ayI+cGtpLXJhZEBwa2ktcmEuc2VydmljZTwvYT4pPC9kaXY+CiAgICAgICAgICAgICAgICAgICAg ICAgICAgICA8ZGl2PltlcnJvcl0gRkFJTEVECiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHJ1bl9jb21tYW5kKCZxdW90Oy9iaW4vc3lzdGVtY3RsIHJlc3RhcnQgPGEgaHJlZj0ibWFpbHRv OnBraS1yYWRAcGtpLXJhLnNlcnZpY2UiIHRhcmdldD0iX2JsYW5rIj5wa2ktcmFkQHBraS1yYS5z ZXJ2aWNlPC9hPiZxdW90OyksCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV4aXQgc3Rh dHVzPTEgb3V0cHV0PSZxdW90O0pvYiBmYWlsZWQuIFNlZQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICBzeXN0ZW0gam91cm5hbCBhbmQgJiMzOTtzeXN0ZW1jdGwgc3RhdHVzJiMzOTsgZm9y CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRldGFpbHMuJnF1b3Q7PC9kaXY+CiAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8ZGl2PkJlZm9yZSBwcm9jZWVkaW5nIHdpdGggdGhlCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNvbmZpZ3VyYXRpb24sIG1ha2Ugc3VyZTwvZGl2 PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj50aGUgZmlyZXdhbGwgc2V0dGluZ3Mg b2YgdGhpcyBtYWNoaW5lCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHBlcm1pdCBwcm9w ZXI8L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXY+YWNjZXNzIHRvIHRoaXMg c3Vic3lzdGVtLjwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj48YnI+CiAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAg ICAgIDxkaXY+UGxlYXNlIHN0YXJ0IHRoZSBjb25maWd1cmF0aW9uIGJ5CiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIGFjY2Vzc2luZzo8L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAg ICAgIDxkaXY+PGJyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8ZGl2PjxhIGhyZWY9Imh0dHBzOi8vJTI4c29tZWFkZHJlc3Ml Mjk6MTI4OTAvcmEvYWRtaW4vY29uc29sZS9jb25maWcvbG9naW4/cGluPVhXZHNWMW9EdHg5cVFG Y3liekFyIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly8oc29tZWFkZHJlc3MpOjEyODkwL3JhL2Fk bWluL2NvbnNvbGUvY29uZmlnL2xvZ2luP3Bpbj1YV2RzVjFvRHR4OXFRRmN5YnpBcjwvYT48L2Rp dj4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2Pjxicj4KICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj5BZnRl ciBjb25maWd1cmF0aW9uLCB0aGUgc2VydmVyIGNhbiBiZQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICBvcGVyYXRlZCBieSB0aGUgY29tbWFuZDo8L2Rpdj4KICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDxkaXY+PGJyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9kaXY+CiAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2PqAgoCAvYmluL3N5c3RlbWN0bCByZXN0YXJ0 IDxhIGhyZWY9Im1haWx0bzpwa2ktcmFkQHBraS1yYS5zZXJ2aWNlIiB0YXJnZXQ9Il9ibGFuayI+ cGtpLXJhZEBwa2ktcmEuc2VydmljZTwvYT48L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAg ICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2Pjxicj4KICAgICAgICAgICAg ICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2Pjxicj4K ICAgICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAg ICA8ZGl2PkFueW9uZSBrbm93IGhvdyB0byBmaXggdGhpcz8gSSBnZXQgaXQgZm9yCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICB0aGUgVFBTIG1vZHVsZSBhcyB3ZWxsLqA8L2Rpdj4KICAgICAg ICAgICAgICAgICAgICAgICAgICA8ZGl2Pjxicj4KICAgICAgICAgICAgICAgICAgICAgICAgICA8 L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2PlRoYW5rczwvZGl2PgogICAgICAg ICAgICAgICAgICAgICAgICAgIDxkaXY+PGJyPgogICAgICAgICAgICAgICAgICAgICAgICAgIDwv ZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXY+QnJpYW4gSGVuc29uPC9kaXY+CiAg ICAgICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICA8YnI+ CiAgICAgICAgICAgICAgICAgICAgICAgIDxmaWVsZHNldD48L2ZpZWxkc2V0PgogICAgICAgICAg ICAgICAgICAgICAgICA8YnI+CiAgICAgICAgICAgICAgICAgICAgICA8L2Jsb2NrcXVvdGU+CiAg ICAgICAgICAgICAgICAgICAgICA8YnI+CiAgICAgICAgICAgICAgICAgICAgICBCcmlhbiw8YnI+ CiAgICAgICAgICAgICAgICAgICAgICA8YnI+CiAgICAgICAgICAgICAgICAgICAgICBDb3VsZCB5 b3UgcHJvdmlkZSBPUyBhbmQgc2VydmVyIHZlcnNpb25zPzxicj4KICAgICAgICAgICAgICAgICAg ICAgIDxicj4KICAgICAgICAgICAgICAgICAgICAgIFRoYW5rIHlvdSw8YnI+CiAgICAgICAgICAg ICAgICAgICAgICBBbmRyZXc8YnI+CiAgICAgICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAg ICAgICAgICAgIDwvYmxvY2txdW90ZT4KICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAg ICAgIDwvZGl2PgogICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgIDwvYmxvY2txdW90ZT4KICAg ICAgICA8L2Rpdj4KICAgICAgICA8YnI+CiAgICAgIDwvZGl2PgogICAgPC9ibG9ja3F1b3RlPgog ICAgPGJyPgogIDwvZGl2PjwvZGl2PjwvZGl2PgoKPC9ibG9ja3F1b3RlPjwvZGl2Pjxicj48L2Rp dj4K --===============6849919758928970217==-- From awnuk at redhat.com Fri May 31 17:15:33 2013 Content-Type: multipart/mixed; boundary="===============5385451053834835578==" MIME-Version: 1.0 From: Andrew Wnuk To: users at lists.dogtagpki.org Subject: Re: [Pki-users] (Fedora 17) PKI-RA fails to start after install Date: Fri, 31 May 2013 14:14:06 -0700 Message-ID: <51A9129E.1020809@redhat.com> In-Reply-To: CAE_vMvcUMrqG5GYmP7cjFtXyp3SSsBC1iTtgV6fOWgepMcgpNA@mail.gmail.com --===============5385451053834835578== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable On 05/31/2013 07:53 AM, Brian Henson wrote: > I don't mean to sound dumb but where is the logfiles? I am using the = > wiki install page as a guide. Installation logs are under /var/log with names referring to subsystems = like: pki-ca-install.log, pki-kra-install.log, pki-tks-install.log, = pki-tks-install.log, . . . Each subsystem has its logs located under subsystem directory. For example * CA logs by default are located in /var/log/pki-ca * TPS logs by default are located in /var/log/pki-tps * . . . > > > On Thu, May 30, 2013 at 4:01 PM, Andrew Wnuk >wrote: > > > Is there anything in the log files pointing to your failure? > If yes, could you provide these log entries? > > On 05/30/2013 11:34 AM, Brian Henson wrote: >> Any Ideas on this? I need the TPS for the smartcard support. >> >> >> On Wed, May 29, 2013 at 1:24 PM, Brian Henson > >wrote: >> >> Fedora 17 and dogtag 9 via yum >> >> On May 29, 2013 12:01 PM, "Andrew Wnuk" > > wrote: >> >> >> On 05/28/2013 09:46 PM, Brian Henson wrote: >>> Hello all, >>> >>> When I try to configure the RA subsystem after >>> installing it I get this error. >>> >>> Installation information recorded in >>> /var/log/pki-ra-install.log. >>> [debug] run_command(/bin/systemctl restart >>> pki-rad(a)pki-ra.service ) >>> [error] FAILED run_command("/bin/systemctl restart >>> pki-rad(a)pki-ra.service >>> "), exit status=3D1 >>> output=3D"Job failed. See system journal and 'systemctl >>> status' for details." >>> Before proceeding with the configuration, make sure >>> the firewall settings of this machine permit proper >>> access to this subsystem. >>> >>> Please start the configuration by accessing: >>> >>> https://(someaddress):12890/ra/admin/console/config/login?p= in=3DXWdsV1oDtx9qQFcybzAr >>> >>> >>> After configuration, the server can be operated by the >>> command: >>> >>> /bin/systemctl restart pki-rad(a)pki-ra.service >>> >>> >>> >>> Anyone know how to fix this? I get it for the TPS module >>> as well. >>> >>> Thanks >>> >>> Brian Henson >>> >>> >> >> Brian, >> >> Could you provide OS and server versions? >> >> Thank you, >> Andrew >> >> > > --===============5385451053834835578== Content-Type: text/html MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.html" PGh0bWw+CiAgPGhlYWQ+CiAgICA8bWV0YSBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9SVNP LTg4NTktMSIKICAgICAgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIj4KICA8L2hlYWQ+CiAgPGJv ZHkgYmdjb2xvcj0iI0ZGRkZGRiIgdGV4dD0iIzAwMDAwMCI+CiAgICA8ZGl2IGNsYXNzPSJtb3ot Y2l0ZS1wcmVmaXgiPjx0dD5PbiAwNS8zMS8yMDEzIDA3OjUzIEFNLCBCcmlhbgogICAgICAgIEhl bnNvbiB3cm90ZTo8L3R0Pjx0dD48YnI+CiAgICAgIDwvdHQ+PC9kaXY+CiAgICA8YmxvY2txdW90 ZQpjaXRlPSJtaWQ6Q0FFX3ZNdmNVTXJxRzVHWW1QN2NqRnRYeXAzU1NzQkMxaVR0Z1Y2Zk9XZ2Vw TWNncE5BQG1haWwuZ21haWwuY29tIgogICAgICB0eXBlPSJjaXRlIj4KICAgICAgPGRpdiBkaXI9 Imx0ciI+PHR0PkkgZG9uJ3QgbWVhbiB0byBzb3VuZCBkdW1iIGJ1dCB3aGVyZSBpcyB0aGUKICAg ICAgICAgIGxvZ2ZpbGVzPyBJIGFtIHVzaW5nIHRoZSB3aWtpIGluc3RhbGwgcGFnZSBhcyBhIGd1 aWRlLiA8L3R0PjwvZGl2PgogICAgPC9ibG9ja3F1b3RlPgogICAgPHR0Pjxicj4KICAgIDwvdHQ+ PHR0Pkluc3RhbGxhdGlvbiBsb2dzIGFyZSB1bmRlciAvdmFyL2xvZyB3aXRoIG5hbWVzIHJlZmVy cmluZwogICAgICB0byBzdWJzeXN0ZW1zIGxpa2U6IHBraS1jYS1pbnN0YWxsLmxvZywgPC90dD48 dHQ+cGtpLWtyYS1pbnN0YWxsLmxvZywKICAgIDwvdHQ+PHR0PnBraS10a3MtaW5zdGFsbC5sb2cs IDwvdHQ+PHR0PnBraS10a3MtaW5zdGFsbC5sb2csIC4gLiAuPC90dD48dHQ+PGJyPgogICAgPC90 dD48dHQ+PGJyPgogICAgPC90dD48dHQ+RWFjaCBzdWJzeXN0ZW0gaGFzIGl0cyBsb2dzIGxvY2F0 ZWQgdW5kZXIgc3Vic3lzdGVtCiAgICAgIGRpcmVjdG9yeS48L3R0Pjx0dD48YnI+CiAgICA8L3R0 Pjx0dD5Gb3IgZXhhbXBsZTwvdHQ+PHR0Pjxicj4KICAgIDwvdHQ+CiAgICA8dWw+CiAgICAgIDxs aT48dHQ+Jm5ic3A7Q0EgbG9ncyBieSBkZWZhdWx0IGFyZSBsb2NhdGVkIGluIC92YXIvbG9nL3Br aS1jYTwvdHQ+PC9saT4KICAgICAgPGxpPjx0dD4mbmJzcDtUUFMgbG9ncyBieSBkZWZhdWx0IGFy ZSBsb2NhdGVkIGluIC92YXIvbG9nL3BraS10cHM8L3R0PjwvbGk+CiAgICAgIDxsaT48dHQ+Jm5i c3A7LiAuIC48L3R0Pjx0dD48YnI+CiAgICAgICAgPC90dD48L2xpPgogICAgPC91bD4KICAgIDx0 dD48YnI+CiAgICA8L3R0PgogICAgPGJsb2NrcXVvdGUKY2l0ZT0ibWlkOkNBRV92TXZjVU1ycUc1 R1ltUDdjakZ0WHlwM1NTc0JDMWlUdGdWNmZPV2dlcE1jZ3BOQUBtYWlsLmdtYWlsLmNvbSIKICAg ICAgdHlwZT0iY2l0ZSI+CiAgICAgIDxkaXYgY2xhc3M9ImdtYWlsX2V4dHJhIj48dHQ+PGJyPgog ICAgICAgIDwvdHQ+PHR0Pjxicj4KICAgICAgICA8L3R0PgogICAgICAgIDxkaXYgY2xhc3M9Imdt YWlsX3F1b3RlIj48dHQ+T24gVGh1LCBNYXkgMzAsIDIwMTMgYXQgNDowMSBQTSwKICAgICAgICAg ICAgQW5kcmV3IFdudWsgPC90dD48dHQ+PHNwYW4gZGlyPSJsdHIiPiZsdDs8YQogICAgICAgICAg ICAgICAgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIiBocmVmPSJtYWlsdG86YXdudWtAcmVkaGF0LmNv bSIKICAgICAgICAgICAgICAgIHRhcmdldD0iX2JsYW5rIj5hd251a0ByZWRoYXQuY29tPC9hPiZn dDs8L3NwYW4+PC90dD48dHQ+CiAgICAgICAgICAgIHdyb3RlOjwvdHQ+PHR0Pjxicj4KICAgICAg ICAgIDwvdHQ+CiAgICAgICAgICA8YmxvY2txdW90ZSBjbGFzcz0iZ21haWxfcXVvdGUiIHN0eWxl PSJtYXJnaW46MCAwIDAKICAgICAgICAgICAgLjhleDtib3JkZXItbGVmdDoxcHggI2NjYyBzb2xp ZDtwYWRkaW5nLWxlZnQ6MWV4Ij4KICAgICAgICAgICAgPGRpdiB0ZXh0PSIjMDAwMDAwIiBiZ2Nv bG9yPSIjRkZGRkZGIj4KICAgICAgICAgICAgICA8ZGl2Pjx0dD4mbmJzcDs8L3R0Pjx0dD48YnI+ CiAgICAgICAgICAgICAgICA8L3R0Pjx0dD4gSXMgdGhlcmUgYW55dGhpbmcgaW4gdGhlIGxvZyBm aWxlcyBwb2ludGluZyB0bwogICAgICAgICAgICAgICAgICB5b3VyIGZhaWx1cmU/PC90dD48dHQ+ PGJyPgogICAgICAgICAgICAgICAgPC90dD48dHQ+IElmIHllcywgY291bGQgeW91IHByb3ZpZGUg dGhlc2UgbG9nIGVudHJpZXM/IDwvdHQ+PHR0Pjxicj4KICAgICAgICAgICAgICAgIDwvdHQ+CiAg ICAgICAgICAgICAgICA8ZGl2PgogICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJoNSI+IDx0 dD48YnI+CiAgICAgICAgICAgICAgICAgICAgPC90dD48dHQ+IE9uIDA1LzMwLzIwMTMgMTE6MzQg QU0sIEJyaWFuIEhlbnNvbgogICAgICAgICAgICAgICAgICAgICAgd3JvdGU6PC90dD48dHQ+PGJy PgogICAgICAgICAgICAgICAgICAgIDwvdHQ+IDwvZGl2PgogICAgICAgICAgICAgICAgPC9kaXY+ CiAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgPGRpdj4KICAgICAgICAgICAgICAg IDxkaXYgY2xhc3M9Img1Ij4KICAgICAgICAgICAgICAgICAgPGJsb2NrcXVvdGUgdHlwZT0iY2l0 ZSI+CiAgICAgICAgICAgICAgICAgICAgPGRpdiBkaXI9Imx0ciI+PHR0PkFueSBJZGVhcyBvbiB0 aGlzPyBJIG5lZWQgdGhlIFRQUwogICAgICAgICAgICAgICAgICAgICAgICBmb3IgdGhlIHNtYXJ0 Y2FyZCBzdXBwb3J0LiA8L3R0PjwvZGl2PgogICAgICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9 ImdtYWlsX2V4dHJhIj48dHQ+PGJyPgogICAgICAgICAgICAgICAgICAgICAgPC90dD4gPHR0Pjxi cj4KICAgICAgICAgICAgICAgICAgICAgIDwvdHQ+CiAgICAgICAgICAgICAgICAgICAgICA8ZGl2 IGNsYXNzPSJnbWFpbF9xdW90ZSI+PHR0Pk9uIFdlZCwgTWF5IDI5LCAyMDEzCiAgICAgICAgICAg ICAgICAgICAgICAgICAgYXQgMToyNCBQTSwgQnJpYW4gSGVuc29uIDwvdHQ+PHR0PjxzcGFuCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICBkaXI9Imx0ciI+Jmx0OzxhIG1vei1kby1ub3Qtc2Vu ZD0idHJ1ZSIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaHJlZj0ibWFpbHRvOm1hcmlu ZTY0QGdtYWlsLmNvbSIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGFyZ2V0PSJfYmxh bmsiPm1hcmluZTY0QGdtYWlsLmNvbTwvYT4mZ3Q7PC9zcGFuPjwvdHQ+PHR0PgogICAgICAgICAg ICAgICAgICAgICAgICAgIHdyb3RlOjwvdHQ+PHR0Pjxicj4KICAgICAgICAgICAgICAgICAgICAg ICAgPC90dD4KICAgICAgICAgICAgICAgICAgICAgICAgPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdp bjowcHggMHB4IDBweAowLjhleDtwYWRkaW5nLWxlZnQ6MWV4O2JvcmRlci1sZWZ0LWNvbG9yOnJn YigyMDQsMjA0LDIwNCk7Ym9yZGVyLWxlZnQtd2lkdGg6MXB4O2JvcmRlci1sZWZ0LXN0eWxlOnNv bGlkIgogICAgICAgICAgICAgICAgICAgICAgICAgIGNsYXNzPSJnbWFpbF9xdW90ZSI+CiAgICAg ICAgICAgICAgICAgICAgICAgICAgPHA+PHR0PkZlZG9yYSAxNyBhbmQgZG9ndGFnIDkgdmlhIHl1 bTwvdHQ+PC9wPgogICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXY+CiAgICAgICAgICAgICAg ICAgICAgICAgICAgICA8ZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2IGNs YXNzPSJnbWFpbF9xdW90ZSI+PHR0Pk9uIE1heSAyOSwKICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDIwMTMgMTI6MDEgUE0sICJBbmRyZXcgV251ayIgJmx0OzwvdHQ+PHR0PjxhCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1vei1kby1ub3Qtc2VuZD0idHJ1ZSIK ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaHJlZj0ibWFpbHRvOmF3bnVrQHJl ZGhhdC5jb20iCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRhcmdldD0iX2Js YW5rIj5hd251a0ByZWRoYXQuY29tPC9hPjwvdHQ+PHR0PiZndDsKCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICB3cm90ZTo8L3R0Pjx0dD48YnIgdHlwZT0iYXR0cmlidXRpb24iPgog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHQ+CiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdpbjowcHggMHB4IDBweAowLjhleDtw YWRkaW5nLWxlZnQ6MWV4O2JvcmRlci1sZWZ0LWNvbG9yOnJnYigyMDQsMjA0LDIwNCk7Ym9yZGVy LWxlZnQtd2lkdGg6MXB4O2JvcmRlci1sZWZ0LXN0eWxlOnNvbGlkIgogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgY2xhc3M9ImdtYWlsX3F1b3RlIj4KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIDxkaXYgdGV4dD0iIzAwMDAwMCIgYmdjb2xvcj0iI0ZGRkZGRiI+CiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXY+PHR0Pjxicj4KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3R0Pjx0dD4gT24gMDUvMjgvMjAxMyAwOTo0 NiBQTSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEJyaWFuIEhlbnNv biB3cm90ZTo8L3R0Pjx0dD48YnI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPC90dD4gPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxibG9j a3F1b3RlIHR5cGU9ImNpdGUiPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IDxkaXYgZGlyPSJsdHIiPjx0dD5IZWxsbyBhbGwsJm5ic3A7IDwvdHQ+CiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2Pjx0dD48YnI+CiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHQ+IDwvZGl2PgogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgPGRpdj48dHQ+V2hlbiBJIHRyeSB0byBjb25maWd1cmUKICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0aGUgUkEgc3Vic3lzdGVt IGFmdGVyCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5zdGFs bGluZyBpdCBJIGdldCB0aGlzCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgZXJyb3IuPC90dD48L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDxkaXY+PHR0Pjxicj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgPC90dD4gPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8ZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2Pjx0 dD5JbnN0YWxsYXRpb24KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIGluZm9ybWF0aW9uIHJlY29yZGVkIGluCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAvdmFyL2xvZy9wa2ktcmEtaW5zdGFsbC5sb2cuPC90dD48L2Rpdj4K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj48dHQ+W2RlYnVn XQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcnVuX2NvbW1h bmQoL2Jpbi9zeXN0ZW1jdGwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHJlc3RhcnQgPC90dD48dHQ+PGEKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIgogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBocmVmPSJtYWlsdG86cGtpLXJhZEBwa2kt cmEuc2VydmljZSIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgdGFyZ2V0PSJfYmxhbmsiPnBraS1yYWRAcGtpLXJhLnNlcnZpY2U8L2E+PC90dD48dHQ+KTwv dHQ+PC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXY+ PHR0PltlcnJvcl0gRkFJTEVECiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICBydW5fY29tbWFuZCgiL2Jpbi9zeXN0ZW1jdGwKICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3RhcnQgPC90dD48dHQ+PGEKICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbW96LWRvLW5vdC1zZW5kPSJ0cnVl IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBocmVmPSJt YWlsdG86cGtpLXJhZEBwa2ktcmEuc2VydmljZSIKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgdGFyZ2V0PSJfYmxhbmsiPnBraS1yYWRAcGtpLXJhLnNlcnZp Y2U8L2E+PC90dD48dHQ+IiksCgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgZXhpdCBzdGF0dXM9MSBvdXRwdXQ9IkpvYgogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgZmFpbGVkLiBTZWUgc3lzdGVtIGpvdXJuYWwKICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuZCAnc3lzdGVtY3RsIHN0 YXR1cycgZm9yCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBk ZXRhaWxzLiI8L3R0PjwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8ZGl2Pjx0dD5CZWZvcmUgcHJvY2VlZGluZwogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgd2l0aCB0aGUgY29uZmlndXJhdGlvbiwKICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1ha2Ugc3VyZTwvdHQ+PC9kaXY+CiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXY+PHR0PnRoZSBmaXJl d2FsbCBzZXR0aW5ncwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgb2YgdGhpcyBtYWNoaW5lIHBlcm1pdAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgcHJvcGVyPC90dD48L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgPGRpdj48dHQ+YWNjZXNzIHRvIHRoaXMKICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1YnN5c3RlbS48L3R0PjwvZGl2PgogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2Pjx0dD48YnI+CiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90dD4gPC9kaXY+CiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXY+PHR0PlBsZWFzZSBzdGFy dCB0aGUKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNvbmZp Z3VyYXRpb24gYnkKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGFjY2Vzc2luZzo8L3R0PjwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICA8ZGl2Pjx0dD48YnI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgPC90dD4gPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDxkaXY+PHR0PjxhCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIG1vei1kby1ub3Qtc2VuZD0idHJ1ZSIKaHJlZj0iaHR0cHM6Ly8lMjhzb21lYWRk cmVzcyUyOToxMjg5MC9yYS9hZG1pbi9jb25zb2xlL2NvbmZpZy9sb2dpbj9waW49WFdkc1Yxb0R0 eDlxUUZjeWJ6QXIiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIHRhcmdldD0iX2JsYW5rIj5odHRwczovLyhzb21lYWRkcmVzcyk6MTI4OTAvcmEvYWRtaW4v Y29uc29sZS9jb25maWcvbG9naW4/cGluPVhXZHNWMW9EdHg5cVFGY3liekFyPC9hPjwvdHQ+PC9k aXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXY+PHR0Pjxi cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3R0PiA8L2Rp dj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj48dHQ+QWZ0 ZXIgY29uZmlndXJhdGlvbiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHRoZSBzZXJ2ZXIgY2FuIGJlIG9wZXJhdGVkCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICBieSB0aGUgY29tbWFuZDo8L3R0PjwvZGl2PgogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2Pjx0dD48YnI+CiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90dD4gPC9kaXY+CiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXY+PHR0PiZuYnNwOyAmbmJzcDsg L2Jpbi9zeXN0ZW1jdGwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIHJlc3RhcnQgPC90dD48dHQ+PGEKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIgogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBocmVmPSJtYWlsdG86cGtpLXJhZEBwa2ktcmEu c2VydmljZSIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg dGFyZ2V0PSJfYmxhbmsiPnBraS1yYWRAcGtpLXJhLnNlcnZpY2U8L2E+PC90dD48L2Rpdj4KICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj48dHQ+PGJyPgogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8L3R0PiA8L2Rpdj4KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDxkaXY+PHR0Pjxicj4KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgPC90dD4gPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8ZGl2Pjx0dD5BbnlvbmUga25vdyBob3cgdG8gZml4CiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhpcz8gSSBnZXQgaXQgZm9yIHRo ZSBUUFMKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtb2R1bGUg YXMgd2VsbC4mbmJzcDs8L3R0PjwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgPGRpdj48dHQ+PGJyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICA8L3R0PiA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIDxkaXY+PHR0PlRoYW5rczwvdHQ+PC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICA8ZGl2Pjx0dD48YnI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDwvdHQ+IDwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgPGRpdj48dHQ+QnJpYW4gSGVuc29uPC90dD48L2Rpdj4KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8dHQ+PGJyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IDwvdHQ+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGZpZWxkc2V0Pjwv ZmllbGRzZXQ+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHR0Pjxicj4K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3R0PiA8L2Jsb2NrcXVvdGU+ CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0dD48YnI+CiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHQ+PHR0PiBCcmlhbiw8L3R0Pjx0dD48YnI+CiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHQ+IDx0dD48YnI+CiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHQ+PHR0PiBDb3VsZCB5b3UgcHJvdmlkZSBP UyBhbmQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzZXJ2ZXIgdmVyc2lv bnM/PC90dD48dHQ+PGJyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3R0 PiA8dHQ+PGJyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3R0Pjx0dD4g VGhhbmsgeW91LDwvdHQ+PHR0Pjxicj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPC90dD48dHQ+IEFuZHJldzwvdHQ+PHR0Pjxicj4KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgPC90dD4gPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PC9ibG9ja3F1b3RlPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgIDwv ZGl2PgogICAgICAgICAgICAgICAgICAgICAgICA8L2Jsb2NrcXVvdGU+CiAgICAgICAgICAgICAg ICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgIDx0dD48YnI+CiAgICAgICAgICAg ICAgICAgICAgICA8L3R0PiA8L2Rpdj4KICAgICAgICAgICAgICAgICAgPC9ibG9ja3F1b3RlPgog ICAgICAgICAgICAgICAgICA8dHQ+PGJyPgogICAgICAgICAgICAgICAgICA8L3R0PiA8L2Rpdj4K ICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICA8L2Jsb2Nr cXVvdGU+CiAgICAgICAgPC9kaXY+CiAgICAgICAgPHR0Pjxicj4KICAgICAgICA8L3R0PjwvZGl2 PgogICAgPC9ibG9ja3F1b3RlPgogICAgPHR0Pjxicj4KICAgIDwvdHQ+CiAgPC9ib2R5Pgo8L2h0 bWw+Cg== --===============5385451053834835578==-- From marine64 at gmail.com Fri May 31 17:46:20 2013 Content-Type: multipart/mixed; boundary="===============8633085188276107654==" MIME-Version: 1.0 From: Brian Henson To: users at lists.dogtagpki.org Subject: Re: [Pki-users] (Fedora 17) PKI-RA fails to start after install Date: Fri, 31 May 2013 17:46:17 -0400 Message-ID: In-Reply-To: 51A9129E.1020809@redhat.com --===============8633085188276107654== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable This is the only error i see in the TPS install log [2013-05-29 03:37:20] [error] FAILED run_command("/bin/systemctl restart pki-tpsd(a)pki-tps.servi= ce"), exit status=3D1 output=3D"Job failed. See system journal and 'systemctl sta= tus' for details." and the same error(minus service name on the other service) On Fri, May 31, 2013 at 5:14 PM, Andrew Wnuk wrote: > On 05/31/2013 07:53 AM, Brian Henson wrote: > > I don't mean to sound dumb but where is the logfiles? I am using the wiki > install page as a guide. > > > Installation logs are under /var/log with names referring to subsystems > like: pki-ca-install.log, pki-kra-install.log, pki-tks-install.log, pki-t= ks-install.log, > . . . > > Each subsystem has its logs located under subsystem directory. > For example > > - CA logs by default are located in /var/log/pki-ca > - TPS logs by default are located in /var/log/pki-tps > - . . . > > > > > On Thu, May 30, 2013 at 4:01 PM, Andrew Wnuk wrote: > >> >> Is there anything in the log files pointing to your failure? >> If yes, could you provide these log entries? >> >> On 05/30/2013 11:34 AM, Brian Henson wrote: >> >> Any Ideas on this? I need the TPS for the smartcard support. >> >> >> On Wed, May 29, 2013 at 1:24 PM, Brian Henson wro= te: >> >>> Fedora 17 and dogtag 9 via yum >>> On May 29, 2013 12:01 PM, "Andrew Wnuk" wrote: >>> >>>> >>>> On 05/28/2013 09:46 PM, Brian Henson wrote: >>>> >>>> Hello all, >>>> >>>> When I try to configure the RA subsystem after installing it I get >>>> this error. >>>> >>>> Installation information recorded in /var/log/pki-ra-install.log. >>>> [debug] run_command(/bin/systemctl restart pki-rad(a)pki-ra.service) >>>> [error] FAILED run_command("/bin/systemctl restart >>>> pki-rad(a)pki-ra.service"), exit status=3D1 output=3D"Job failed. See = system >>>> journal and 'systemctl status' for details." >>>> Before proceeding with the configuration, make sure >>>> the firewall settings of this machine permit proper >>>> access to this subsystem. >>>> >>>> Please start the configuration by accessing: >>>> >>>> >>>> https://(someaddress):12890/ra/admin/console/config/login?pin=3DXWdsV1= oDtx9qQFcybzAr >>>> >>>> After configuration, the server can be operated by the command: >>>> >>>> /bin/systemctl restart pki-rad(a)pki-ra.service >>>> >>>> >>>> Anyone know how to fix this? I get it for the TPS module as well. >>>> >>>> Thanks >>>> >>>> Brian Henson >>>> >>>> >>>> >>>> Brian, >>>> >>>> Could you provide OS and server versions? >>>> >>>> Thank you, >>>> Andrew >>>> >>> >> >> > > --===============8633085188276107654== Content-Type: text/html MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.html" PGRpdiBkaXI9Imx0ciI+VGhpcyBpcyB0aGUgb25seSBlcnJvciBpIHNlZSBpbiB0aGUgVFBTIGlu c3RhbGwgbG9noFsyMDEzLTA1LTI5IDAzOjM3OjIwXSBbZXJyb3JdIEZBSUxFRCBydW5fY29tbWFu ZCgmcXVvdDsvYmluL3N5c3RlbWN0bCByZXN0YXJ0IHBraS10cHNkQHBraS10cHMuc2VydmljZSZx dW90OyksIGV4aXQgc3RhdHVzPTEgb3V0cHV0PSZxdW90O0pvYiBmYWlsZWQuIFNlZSBzeXN0ZW0g am91cm5hbCBhbmQgJiMzOTtzeXN0ZW1jdGwgc3RhdHVzJiMzOTsgZm9yIGRldGFpbHMuJnF1b3Q7 IGFuZCB0aGUgc2FtZSBlcnJvcihtaW51cyBzZXJ2aWNlIG5hbWUgb24gdGhlIG90aGVyIHNlcnZp Y2UpPC9kaXY+CjxkaXYgY2xhc3M9ImdtYWlsX2V4dHJhIj48YnI+PGJyPjxkaXYgY2xhc3M9Imdt YWlsX3F1b3RlIj5PbiBGcmksIE1heSAzMSwgMjAxMyBhdCA1OjE0IFBNLCBBbmRyZXcgV251ayA8 c3BhbiBkaXI9Imx0ciI+Jmx0OzxhIGhyZWY9Im1haWx0bzphd251a0ByZWRoYXQuY29tIiB0YXJn ZXQ9Il9ibGFuayI+YXdudWtAcmVkaGF0LmNvbTwvYT4mZ3Q7PC9zcGFuPiB3cm90ZTo8YnI+PGJs b2NrcXVvdGUgY2xhc3M9ImdtYWlsX3F1b3RlIiBzdHlsZT0ibWFyZ2luOjAgMCAwIC44ZXg7Ym9y ZGVyLWxlZnQ6MXB4ICNjY2Mgc29saWQ7cGFkZGluZy1sZWZ0OjFleCI+CgogIAogICAgCiAgCiAg PGRpdiBiZ2NvbG9yPSIjRkZGRkZGIiB0ZXh0PSIjMDAwMDAwIj48ZGl2IGNsYXNzPSJpbSI+CiAg ICA8ZGl2Pjx0dD5PbiAwNS8zMS8yMDEzIDA3OjUzIEFNLCBCcmlhbgogICAgICAgIEhlbnNvbiB3 cm90ZTo8L3R0Pjx0dD48YnI+CiAgICAgIDwvdHQ+PC9kaXY+CiAgICA8YmxvY2txdW90ZSB0eXBl PSJjaXRlIj4KICAgICAgPGRpdiBkaXI9Imx0ciI+PHR0PkkgZG9uJiMzOTt0IG1lYW4gdG8gc291 bmQgZHVtYiBidXQgd2hlcmUgaXMgdGhlCiAgICAgICAgICBsb2dmaWxlcz8gSSBhbSB1c2luZyB0 aGUgd2lraSBpbnN0YWxsIHBhZ2UgYXMgYSBndWlkZS4gPC90dD48L2Rpdj4KICAgIDwvYmxvY2tx dW90ZT4KICAgIDx0dD48YnI+CiAgICA8L3R0PjwvZGl2Pjx0dD5JbnN0YWxsYXRpb24gbG9ncyBh cmUgdW5kZXIgL3Zhci9sb2cgd2l0aCBuYW1lcyByZWZlcnJpbmcKICAgICAgdG8gc3Vic3lzdGVt cyBsaWtlOiBwa2ktY2EtaW5zdGFsbC5sb2csIDwvdHQ+PHR0PnBraS1rcmEtaW5zdGFsbC5sb2cs CiAgICA8L3R0Pjx0dD5wa2ktdGtzLWluc3RhbGwubG9nLCA8L3R0Pjx0dD5wa2ktdGtzLWluc3Rh bGwubG9nLCAuIC4gLjwvdHQ+PHR0Pjxicj4KICAgIDwvdHQ+PHR0Pjxicj4KICAgIDwvdHQ+PHR0 PkVhY2ggc3Vic3lzdGVtIGhhcyBpdHMgbG9ncyBsb2NhdGVkIHVuZGVyIHN1YnN5c3RlbQogICAg ICBkaXJlY3RvcnkuPC90dD48dHQ+PGJyPgogICAgPC90dD48dHQ+Rm9yIGV4YW1wbGU8L3R0Pjx0 dD48YnI+CiAgICA8L3R0PgogICAgPHVsPgogICAgICA8bGk+PHR0PqBDQSBsb2dzIGJ5IGRlZmF1 bHQgYXJlIGxvY2F0ZWQgaW4gL3Zhci9sb2cvcGtpLWNhPC90dD48L2xpPgogICAgICA8bGk+PHR0 PqBUUFMgbG9ncyBieSBkZWZhdWx0IGFyZSBsb2NhdGVkIGluIC92YXIvbG9nL3BraS10cHM8L3R0 PjwvbGk+CiAgICAgIDxsaT48dHQ+oC4gLiAuPC90dD48dHQ+PGJyPgogICAgICAgIDwvdHQ+PC9s aT4KICAgIDwvdWw+PGRpdj48ZGl2IGNsYXNzPSJoNSI+CiAgICA8dHQ+PGJyPgogICAgPC90dD4K ICAgIDxibG9ja3F1b3RlIHR5cGU9ImNpdGUiPgogICAgICA8ZGl2IGNsYXNzPSJnbWFpbF9leHRy YSI+PHR0Pjxicj4KICAgICAgICA8L3R0Pjx0dD48YnI+CiAgICAgICAgPC90dD4KICAgICAgICA8 ZGl2IGNsYXNzPSJnbWFpbF9xdW90ZSI+PHR0Pk9uIFRodSwgTWF5IDMwLCAyMDEzIGF0IDQ6MDEg UE0sCiAgICAgICAgICAgIEFuZHJldyBXbnVrIDwvdHQ+PHR0PjxzcGFuIGRpcj0ibHRyIj4mbHQ7 PGEgaHJlZj0ibWFpbHRvOmF3bnVrQHJlZGhhdC5jb20iIHRhcmdldD0iX2JsYW5rIj5hd251a0By ZWRoYXQuY29tPC9hPiZndDs8L3NwYW4+PC90dD48dHQ+CiAgICAgICAgICAgIHdyb3RlOjwvdHQ+ PHR0Pjxicj4KICAgICAgICAgIDwvdHQ+CiAgICAgICAgICA8YmxvY2txdW90ZSBjbGFzcz0iZ21h aWxfcXVvdGUiIHN0eWxlPSJtYXJnaW46MCAwIDAgLjhleDtib3JkZXItbGVmdDoxcHggI2NjYyBz b2xpZDtwYWRkaW5nLWxlZnQ6MWV4Ij4KICAgICAgICAgICAgPGRpdiB0ZXh0PSIjMDAwMDAwIiBi Z2NvbG9yPSIjRkZGRkZGIj4KICAgICAgICAgICAgICA8ZGl2Pjx0dD6gPC90dD48dHQ+PGJyPgog ICAgICAgICAgICAgICAgPC90dD48dHQ+IElzIHRoZXJlIGFueXRoaW5nIGluIHRoZSBsb2cgZmls ZXMgcG9pbnRpbmcgdG8KICAgICAgICAgICAgICAgICAgeW91ciBmYWlsdXJlPzwvdHQ+PHR0Pjxi cj4KICAgICAgICAgICAgICAgIDwvdHQ+PHR0PiBJZiB5ZXMsIGNvdWxkIHlvdSBwcm92aWRlIHRo ZXNlIGxvZyBlbnRyaWVzPyA8L3R0Pjx0dD48YnI+CiAgICAgICAgICAgICAgICA8L3R0PgogICAg ICAgICAgICAgICAgPGRpdj4KICAgICAgICAgICAgICAgICAgPGRpdj4gPHR0Pjxicj4KICAgICAg ICAgICAgICAgICAgICA8L3R0Pjx0dD4gT24gMDUvMzAvMjAxMyAxMTozNCBBTSwgQnJpYW4gSGVu c29uCiAgICAgICAgICAgICAgICAgICAgICB3cm90ZTo8L3R0Pjx0dD48YnI+CiAgICAgICAgICAg ICAgICAgICAgPC90dD4gPC9kaXY+CiAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAg ICA8L2Rpdj4KICAgICAgICAgICAgICA8ZGl2PgogICAgICAgICAgICAgICAgPGRpdj4KICAgICAg ICAgICAgICAgICAgPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSI+CiAgICAgICAgICAgICAgICAgICAg PGRpdiBkaXI9Imx0ciI+PHR0PkFueSBJZGVhcyBvbiB0aGlzPyBJIG5lZWQgdGhlIFRQUwogICAg ICAgICAgICAgICAgICAgICAgICBmb3IgdGhlIHNtYXJ0Y2FyZCBzdXBwb3J0LiA8L3R0PjwvZGl2 PgogICAgICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9ImdtYWlsX2V4dHJhIj48dHQ+PGJyPgog ICAgICAgICAgICAgICAgICAgICAgPC90dD4gPHR0Pjxicj4KICAgICAgICAgICAgICAgICAgICAg IDwvdHQ+CiAgICAgICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJnbWFpbF9xdW90ZSI+PHR0 Pk9uIFdlZCwgTWF5IDI5LCAyMDEzCiAgICAgICAgICAgICAgICAgICAgICAgICAgYXQgMToyNCBQ TSwgQnJpYW4gSGVuc29uIDwvdHQ+PHR0PjxzcGFuIGRpcj0ibHRyIj4mbHQ7PGEgaHJlZj0ibWFp bHRvOm1hcmluZTY0QGdtYWlsLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPm1hcmluZTY0QGdtYWlsLmNv bTwvYT4mZ3Q7PC9zcGFuPjwvdHQ+PHR0PgogICAgICAgICAgICAgICAgICAgICAgICAgIHdyb3Rl OjwvdHQ+PHR0Pjxicj4KICAgICAgICAgICAgICAgICAgICAgICAgPC90dD4KICAgICAgICAgICAg ICAgICAgICAgICAgPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdpbjowcHggMHB4IDBweCAwLjhleDtw YWRkaW5nLWxlZnQ6MWV4O2JvcmRlci1sZWZ0LWNvbG9yOnJnYigyMDQsMjA0LDIwNCk7Ym9yZGVy LWxlZnQtd2lkdGg6MXB4O2JvcmRlci1sZWZ0LXN0eWxlOnNvbGlkIiBjbGFzcz0iZ21haWxfcXVv dGUiPgogICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjx0dD5GZWRvcmEgMTcgYW5kIGRvZ3Rh ZyA5IHZpYSB5dW08L3R0PjwvcD4KICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2PgogICAg ICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPGRpdiBjbGFzcz0iZ21haWxfcXVvdGUiPjx0dD5PbiBNYXkgMjksCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAyMDEzIDEyOjAxIFBNLCAmcXVvdDtBbmRyZXcgV251ayZxdW90 OyAmbHQ7PC90dD48dHQ+PGEgaHJlZj0ibWFpbHRvOmF3bnVrQHJlZGhhdC5jb20iIHRhcmdldD0i X2JsYW5rIj5hd251a0ByZWRoYXQuY29tPC9hPjwvdHQ+PHR0PiZndDsKCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICB3cm90ZTo8L3R0Pjx0dD48YnIgdHlwZT0iYXR0cmlidXRpb24i PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHQ+CiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdpbjowcHggMHB4IDBweCAwLjhl eDtwYWRkaW5nLWxlZnQ6MWV4O2JvcmRlci1sZWZ0LWNvbG9yOnJnYigyMDQsMjA0LDIwNCk7Ym9y ZGVyLWxlZnQtd2lkdGg6MXB4O2JvcmRlci1sZWZ0LXN0eWxlOnNvbGlkIiBjbGFzcz0iZ21haWxf cXVvdGUiPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdiB0ZXh0PSIjMDAw MDAwIiBiZ2NvbG9yPSIjRkZGRkZGIj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPGRpdj48dHQ+PGJyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwv dHQ+PHR0PiBPbiAwNS8yOC8yMDEzIDA5OjQ2IFBNLAogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgQnJpYW4gSGVuc29uIHdyb3RlOjwvdHQ+PHR0Pjxicj4KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3R0PiA8L2Rpdj4KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSI+CiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdiBkaXI9Imx0ciI+PHR0PkhlbGxvIGFsbCyg IDwvdHQ+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2Pjx0dD48 YnI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHQ+IDwvZGl2 PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj48dHQ+V2hlbiBJ IHRyeSB0byBjb25maWd1cmUKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICB0aGUgUkEgc3Vic3lzdGVtIGFmdGVyCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgaW5zdGFsbGluZyBpdCBJIGdldCB0aGlzCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgZXJyb3IuPC90dD48L2Rpdj4KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXY+PHR0Pjxicj4KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90dD4gPC9kaXY+CiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8ZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICA8ZGl2Pjx0dD5JbnN0YWxsYXRpb24KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIGluZm9ybWF0aW9uIHJlY29yZGVkIGluCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAvdmFyL2xvZy9wa2ktcmEtaW5z dGFsbC5sb2cuPC90dD48L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgPGRpdj48dHQ+W2RlYnVnXQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgcnVuX2NvbW1hbmQoL2Jpbi9zeXN0ZW1jdGwKICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3RhcnQgPC90dD48dHQ+PGEgaHJlZj0ibWFp bHRvOnBraS1yYWRAcGtpLXJhLnNlcnZpY2UiIHRhcmdldD0iX2JsYW5rIj5wa2ktcmFkQHBraS1y YS5zZXJ2aWNlPC9hPjwvdHQ+PHR0Pik8L3R0PjwvZGl2PgogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8ZGl2Pjx0dD5bZXJyb3JdIEZBSUxFRAogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcnVuX2NvbW1hbmQoJnF1b3Q7L2Jpbi9z eXN0ZW1jdGwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJl c3RhcnQgPC90dD48dHQ+PGEgaHJlZj0ibWFpbHRvOnBraS1yYWRAcGtpLXJhLnNlcnZpY2UiIHRh cmdldD0iX2JsYW5rIj5wa2ktcmFkQHBraS1yYS5zZXJ2aWNlPC9hPjwvdHQ+PHR0PiZxdW90Oyks CgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZXhpdCBzdGF0 dXM9MSBvdXRwdXQ9JnF1b3Q7Sm9iCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICBmYWlsZWQuIFNlZSBzeXN0ZW0gam91cm5hbAogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgYW5kICYjMzk7c3lzdGVtY3RsIHN0YXR1cyYjMzk7 IGZvcgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZGV0YWls cy4mcXVvdDs8L3R0PjwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8ZGl2Pjx0dD5CZWZvcmUgcHJvY2VlZGluZwogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgd2l0aCB0aGUgY29uZmlndXJhdGlvbiwKICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1ha2Ugc3VyZTwvdHQ+PC9kaXY+CiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXY+PHR0PnRoZSBmaXJl d2FsbCBzZXR0aW5ncwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgb2YgdGhpcyBtYWNoaW5lIHBlcm1pdAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgcHJvcGVyPC90dD48L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgPGRpdj48dHQ+YWNjZXNzIHRvIHRoaXMKICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1YnN5c3RlbS48L3R0PjwvZGl2PgogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2Pjx0dD48YnI+CiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90dD4gPC9kaXY+CiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXY+PHR0PlBsZWFzZSBzdGFy dCB0aGUKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNvbmZp Z3VyYXRpb24gYnkKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGFjY2Vzc2luZzo8L3R0PjwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICA8ZGl2Pjx0dD48YnI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgPC90dD4gPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDxkaXY+PHR0PjxhIGhyZWY9Imh0dHBzOi8vJTI4c29tZWFkZHJlc3MlMjk6MTI4OTAv cmEvYWRtaW4vY29uc29sZS9jb25maWcvbG9naW4/cGluPVhXZHNWMW9EdHg5cVFGY3liekFyIiB0 YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly8oc29tZWFkZHJlc3MpOjEyODkwL3JhL2FkbWluL2NvbnNv bGUvY29uZmlnL2xvZ2luP3Bpbj1YV2RzVjFvRHR4OXFRRmN5YnpBcjwvYT48L3R0PjwvZGl2PgoK ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj48dHQ+PGJyPgog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHQ+IDwvZGl2Pgog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2Pjx0dD5BZnRlciBj b25maWd1cmF0aW9uLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgdGhlIHNlcnZlciBjYW4gYmUgb3BlcmF0ZWQKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIGJ5IHRoZSBjb21tYW5kOjwvdHQ+PC9kaXY+CiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXY+PHR0Pjxicj4KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3R0PiA8L2Rpdj4KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj48dHQ+oCCgIC9iaW4vc3lzdGVtY3Rs CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICByZXN0YXJ0IDwv dHQ+PHR0PjxhIGhyZWY9Im1haWx0bzpwa2ktcmFkQHBraS1yYS5zZXJ2aWNlIiB0YXJnZXQ9Il9i bGFuayI+cGtpLXJhZEBwa2ktcmEuc2VydmljZTwvYT48L3R0PjwvZGl2PgogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8ZGl2Pjx0dD48YnI+CiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIDwvdHQ+IDwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgPGRpdj48dHQ+PGJyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8L3R0PiA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDxkaXY+PHR0PkFueW9uZSBrbm93IGhvdyB0byBmaXgKICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICB0aGlzPyBJIGdldCBpdCBmb3IgdGhlIFRQUwogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1vZHVsZSBhcyB3ZWxsLqA8 L3R0PjwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj48 dHQ+PGJyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3R0PiA8 L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXY+PHR0PlRo YW5rczwvdHQ+PC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8 ZGl2Pjx0dD48YnI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwv dHQ+IDwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdj48 dHQ+QnJpYW4gSGVuc29uPC90dD48L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHQ+ PGJyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHQ+CiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGZpZWxkc2V0PjwvZmllbGRzZXQ+CiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHR0Pjxicj4KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8L3R0PiA8L2Jsb2NrcXVvdGU+CiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDx0dD48YnI+CiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDwvdHQ+PHR0PiBCcmlhbiw8L3R0Pjx0dD48YnI+CiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDwvdHQ+IDx0dD48YnI+CiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDwvdHQ+PHR0PiBDb3VsZCB5b3UgcHJvdmlkZSBPUyBhbmQKICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzZXJ2ZXIgdmVyc2lvbnM/PC90dD48dHQ+PGJy PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3R0PiA8dHQ+PGJyPgogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3R0Pjx0dD4gVGhhbmsgeW91LDwvdHQ+ PHR0Pjxicj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90dD48dHQ+IEFu ZHJldzwvdHQ+PHR0Pjxicj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90 dD4gPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9ibG9ja3F1b3RlPgog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAg ICAgICAgICAgICAgICA8L2Jsb2NrcXVvdGU+CiAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4K ICAgICAgICAgICAgICAgICAgICAgIDx0dD48YnI+CiAgICAgICAgICAgICAgICAgICAgICA8L3R0 PiA8L2Rpdj4KICAgICAgICAgICAgICAgICAgPC9ibG9ja3F1b3RlPgogICAgICAgICAgICAgICAg ICA8dHQ+PGJyPgogICAgICAgICAgICAgICAgICA8L3R0PiA8L2Rpdj4KICAgICAgICAgICAgICA8 L2Rpdj4KICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICA8L2Jsb2NrcXVvdGU+CiAgICAgICAg PC9kaXY+CiAgICAgICAgPHR0Pjxicj4KICAgICAgICA8L3R0PjwvZGl2PgogICAgPC9ibG9ja3F1 b3RlPgogICAgPHR0Pjxicj4KICAgIDwvdHQ+CiAgPC9kaXY+PC9kaXY+PC9kaXY+Cgo8L2Jsb2Nr cXVvdGU+PC9kaXY+PGJyPjwvZGl2Pgo= --===============8633085188276107654==--