Re: [Pki-users] Invalid Credential / User not found

Ebbe: You can leave your current directory instance. When you re-do the config wizard, you will just have to give unique names for the new directory trees it will have to create. Removing instances is a great idea for us to work on. thanks, jack Ebbe Hansen wrote: > Thanks for the advice -- so far I have created three CA instances using > different names (pki-ca, pki-ca1, and pki-ca2) -- I will remove all > three and start all over! > > With respect to directory server instance(s) - should I also remove > them? > > If yes -- what command(s) should I use? > > Ebbe > > "This message and any attached documents contain SPYRUS confidential > and/or proprietary information and may be subject to privilege or exempt > from disclosure under applicable law. These materials are intended only > for the use of the intended recipient. If you are not the intended > recipient of this electronic message, you are hereby notified that any > use of this message is strictly prohibited. Delivery of this message to > any person other than the intended recipient shall not constitute any > waiver of any privilege. If you have received this message in error, > please delete this message from your system and notify the sender > immediately. Thank you." > > -----Original Message----- > From: Jack Magne [mailto:jmagne@redhat.com] Sent: Friday, April 25, > 2008 4:20 PM > To: Ebbe Hansen; pki-users(a)redhat.com > Subject: Re: [Pki-users] Invalid Credential / User not found > > Ebbe: > > Thanks for trying out Dogtag. A few tips to help out below. > > During the wizard when you saw the message "This certificate can't be > verified and will not be imported. The certificate issuer might be > unknown or untrusted, the certificate might have expired or been > revoked, or the certificate might not have been approved.", you most > probably had your agent certificate imported OK. We have a bug for > this that we are working on. This message shows up despite an actual > successful import. > > The "preop.pin" you speak of is used in the case that one has not yet > completed the installation wizard. > > Here are few things you can try: > > 1. If you have already finished the wizard, you should be able to simply > > proceed to the agent interface URL without any pin, provided you have > successfully imported the Admin cert. Simply go to > "https://host.example.com:9443" and see if you can proceed using the > agent interface. > > 2. If the nasty error message from above scared you off of actually > finishing the configuration wizard, go back and do so. This is done with > > the URL that gets printed when the instance is installed. It looks > something like: > > http://host.example.com:9080/ca/admin/console/config/login?<preop.pin> > > 3. If everything is too confused, you can start the process over by > using our "pkiremove" tool which removes an existing instance. Try > something like, as root: > > pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca > > The "pki-ca" at the end is the name of the instance you are trying to > remove. The very first instance that is installed when you install > the RPM is in fact "pki-ca". > > From here you can try again by doing the following as root: > > rpm -ev pki-ca > yum install pki-ca > > This will reinstall your RPM for the CA and create a brand new instance. > > Note: Make sure you have used "pkiremove" to remove all instances you > may have created before trying this. > > 4. If the above is too confusing, we can hash it out on the "#dogtag-pi" > > IRC channel. > > thanks, > jack > > > Ebbe Hansen wrote: > >> After using the DogTag WEB Agent client once (based upon "preop.pin" >> value) the WEB Agent fail to continue to operate with error message= >> "Invalid Credential" . >> >> The "/var/lib/<instance>/logs/system" file reports an "User not found" >> > > >> error. >> >> NOTE: During the CA configuration setup the following Alert is >> displayed when the administrator certificate is installed: >> >> "This certificate can't be verified and will not be imported. The >> certificate issuer might be unknown or untrusted, the certificate >> might have expired or been revoked, or the certificate might not >> have been approved." >> >> Suggestions on what to try next will be appreciated? >> >> Ebbe Hansen @ SPYRUS >> >> "This message and any attached documents contain SPYRUS confidential >> and/or proprietary information and may be subject to privilege or >> exempt from disclosure under applicable law. These materials are >> intended only for the use of the intended recipient. If you are not >> the intended recipient of this electronic message, you are hereby >> notified that any use of this message is strictly prohibited. Delivery >> > > >> of this message to any person other than the intended recipient >> shall not constitute any waiver of any privilege. If you have >> received this message in error, please delete this message from your >> system and notify the sender immediately. Thank you." >> >> >> > ------------------------------------------------------------------------ > >> _______________________________________________ >> Pki-users mailing list >> Pki-users(a)redhat.com >> https://www.redhat.com/mailman/listinfo/pki-users >> > > ------------------------------------------------------------------------ _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-users