Ebbe:
You can leave your current directory instance. When you re-do the
config wizard, you will just have to give unique names for the new
directory trees it will have to create. Removing instances is a great
idea for us to work on.
thanks,
jack
Ebbe Hansen wrote:
Thanks for the advice -- so far I have
created three CA instances using
different names (pki-ca, pki-ca1, and pki-ca2) -- I will remove all
three and start all over!
With respect to directory server instance(s) - should I also remove
them?
If yes -- what command(s) should I use?
Ebbe
"This message and any attached documents contain SPYRUS confidential
and/or proprietary information and may be subject to privilege or
exempt
from disclosure under applicable law. These materials are intended only
for the use of the intended recipient. If you are not the intended
recipient of this electronic message, you are hereby notified that any
use of this message is strictly prohibited. Delivery of this message to
any person other than the intended recipient shall not constitute any
waiver of any privilege. If you have received this message in error,
please delete this message from your system and notify the sender
immediately. Thank you."
-----Original Message-----
From: Jack Magne [mailto:jmagne@redhat.com] Sent: Friday, April 25,
2008 4:20 PM
To: Ebbe Hansen; pki-users@redhat.com
Subject: Re: [Pki-users] Invalid Credential / User not found
Ebbe:
Thanks for trying out Dogtag. A few tips to help out below.
During the wizard when you saw the message "This certificate can't be
verified and will not be imported. The certificate issuer might be
unknown or untrusted, the certificate might have expired or been
revoked, or the certificate might not have been approved.", you most
probably had your agent certificate imported OK. We have a bug for this
that we are working on. This message shows up despite an actual
successful import.
The "preop.pin" you speak of is used in the case that one has not yet
completed the installation wizard.
Here are few things you can try:
1. If you have already finished the wizard, you should be able to
simply
proceed to the agent interface URL without any pin, provided you have
successfully imported the Admin cert. Simply go to
"https://host.example.com:9443" and see if you can proceed using the
agent interface.
2. If the nasty error message from above scared you off of actually
finishing the configuration wizard, go back and do so. This is done
with
the URL that gets printed when the instance is installed. It looks
something like:
http://host.example.com:9080/ca/admin/console/config/login?<preop.pin>
3. If everything is too confused, you can start the process over by
using our "pkiremove" tool which removes an existing instance. Try
something like, as root:
pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca
The "pki-ca" at the end is the name of the instance you are trying to
remove. The very first instance that is installed when you install the
RPM is in fact "pki-ca".
From here you can try again by doing the following as root:
rpm -ev pki-ca
yum install pki-ca
This will reinstall your RPM for the CA and create a brand new
instance.
Note: Make sure you have used "pkiremove" to remove all instances you
may have created before trying this.
4. If the above is too confusing, we can hash it out on the
"#dogtag-pi"
IRC channel.
thanks,
jack
Ebbe Hansen wrote:
After using the DogTag WEB Agent client
once (based upon "preop.pin" value) the WEB Agent fail to continue to
operate with error message= "Invalid Credential" .
The "/var/lib/<instance>/logs/system" file reports an "User not
found"
error.
NOTE: During the CA configuration setup the following Alert is
displayed when the administrator certificate is installed:
"This certificate can't be verified and will not be imported. The
certificate issuer might be unknown or untrusted, the certificate might
have expired or been revoked, or the certificate might not have been
approved."
Suggestions on what to try next will be appreciated?
Ebbe Hansen @ SPYRUS
"This message and any attached documents contain SPYRUS confidential
and/or proprietary information and may be subject to privilege or
exempt from disclosure under applicable law. These materials are
intended only for the use of the intended recipient. If you are not the
intended recipient of this electronic message, you are hereby notified
that any use of this message is strictly prohibited. Delivery
of this message to any person other than
the intended recipient shall not constitute any waiver of any
privilege. If you have received this message in error, please delete
this message from your system and notify the sender immediately. Thank
you."
------------------------------------------------------------------------
_______________________________________________
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
_______________________________________________
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users