Thanks Christina
I checked out the master branch and built it. Now i can see the added extensions in the CSR generated, however i am getting the same error as earlier.
This time again, I tried the supply the certificate chain with and without the headers. The chain is in a valid pkcs7 format.
Following is how the extensions look in the certificate signed by openssl for dogtag:
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
1.3.6.1.4.1.311.20.2:
.
.S.u.b.C.A
The error i get in step 2 of pkispawn is as follows:
pkispawn : INFO ....... BtoA /root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin /root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin.asc
pkispawn : INFO ....... loading external CA signing certificate from file: '/home/kjhawar/dogtag/dg_ca.cert'
pkispawn : INFO ....... loading external CA signing certificate chain from file: '/home/kjhawar/dogtag/dg_chain.cert'
pkispawn : INFO ....... configuring PKI configuration data.
pkispawn : INFO ....... AtoB /root/.dogtag/pki-tomcat/ca_admin.cert /root/.dogtag/pki-tomcat/ca_admin.cert.der
pkispawn : INFO ....... certutil -A -d /root/.dogtag/pki-tomcat/ca/alias -n PKI Administrator -t u,u,u -i /root/.dogtag/pki-tomcat/ca_admin.cert.der -f /root/.dogtag/pki-tomcat/ca/password.conf
Notice: Trust flag u is set automatically if the private key is present.
pkispawn : INFO ....... pk12util -d /root/.dogtag/pki-tomcat/ca/alias -o /root/.dogtag/pki-tomcat/ca_admin_cert.p12 -n PKI Administrator -w /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf -k /root/.dogtag/pki-tomcat/ca/password.conf
pkispawn : INFO ... finalizing 'pki.server.deployment.scriptlets.finalization'
pkispawn : INFO ....... cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20141101020655
pkispawn : INFO ....... generating manifest file called '/etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest'
pkispawn : INFO ....... cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20141101020655
pkispawn : INFO ....... executing 'systemctl daemon-reload'
pkispawn : INFO ....... executing 'systemctl restart pki-tomcatd@pki-tomcat.service'
Job for pki-tomcatd@pki-tomcat.service canceled.
pkispawn : ERROR ....... subprocess.CalledProcessError: Command '['systemctl', 'restart', 'pki-tomcatd@pki-tomcat.service']' returned non-zero exit status 1!
Installation failed.
Kindly let me know if any specific configuration has to be done in my openssl CA. Attaching the config file i am using currently