[root@dogtag-ext1 fedora]# pkispawn -s CA -f deployment.cfg -v Loading deployment configuration from deployment.cfg. Installing CA into /var/lib/pki/pki-tomcat. pkispawn : INFO BEGIN spawning subsystem 'CA' of instance 'pki-tomcat' . . . pkispawn : INFO ... initializing 'pki.deployment.initialization' pkispawn : INFO ....... adding GID 'pkiuser' for group '17' . . . pkispawn : INFO ....... adding UID 'pkiuser' for user '17' . . . pkispawn : ERROR ....... Selinux is disabled. Not checking port contexts pkispawn : INFO ... populating 'pki.deployment.infrastructure_layout' pkispawn : INFO ....... mkdir -p /etc/sysconfig/pki pkispawn : INFO ....... mkdir -p /etc/sysconfig/pki/tomcat pkispawn : INFO ....... mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat pkispawn : INFO ....... mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca pkispawn : INFO ....... cp -p /etc/pki/default.cfg /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg. pkispawn : INFO ....... mkdir -p /var/lib/pki pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/ca pkispawn : INFO ....... ln -s /etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat/ca/registry pkispawn : INFO ... populating 'pki.deployment.instance_layout' pkispawn : INFO ....... mkdir -p /var/log/pki/pki-tomcat pkispawn : INFO ....... mkdir -p /etc/pki/pki-tomcat pkispawn : INFO ....... cp -rp /usr/share/pki/server/conf /etc/pki/pki-tomcat pkispawn : INFO ....... setting ownerships, permissions, and acls on '/etc/pki/pki-tomcat' pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/common pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/common/lib pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/lib pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-i18n-ja.jar /var/lib/pki/pki-tomcat/lib/tomcat-i18n-ja.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-api.jar /var/lib/pki/pki-tomcat/lib/tomcat-api.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/catalina-ant.jar /var/lib/pki/pki-tomcat/lib/catalina-ant.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/commons-collections.jar /var/lib/pki/pki-tomcat/lib/commons-collections.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/catalina-tribes.jar /var/lib/pki/pki-tomcat/lib/catalina-tribes.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/annotations-api.jar /var/lib/pki/pki-tomcat/lib/annotations-api.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-el-2.2-api.jar /var/lib/pki/pki-tomcat/lib/tomcat-el-2.2-api.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/jasper.jar /var/lib/pki/pki-tomcat/lib/jasper.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-i18n-es.jar /var/lib/pki/pki-tomcat/lib/tomcat-i18n-es.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/commons-pool.jar /var/lib/pki/pki-tomcat/lib/commons-pool.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-servlet-3.0-api.jar /var/lib/pki/pki-tomcat/lib/tomcat-servlet-3.0-api.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-juli.jar /var/lib/pki/pki-tomcat/lib/tomcat-juli.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-jdbc.jar /var/lib/pki/pki-tomcat/lib/tomcat-jdbc.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-coyote.jar /var/lib/pki/pki-tomcat/lib/tomcat-coyote.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-jsp-2.2-api.jar /var/lib/pki/pki-tomcat/lib/tomcat-jsp-2.2-api.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/commons-dbcp.jar /var/lib/pki/pki-tomcat/lib/commons-dbcp.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-i18n-fr.jar /var/lib/pki/pki-tomcat/lib/tomcat-i18n-fr.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/log4j.jar /var/lib/pki/pki-tomcat/lib/log4j.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/jasper-el.jar /var/lib/pki/pki-tomcat/lib/jasper-el.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-util.jar /var/lib/pki/pki-tomcat/lib/tomcat-util.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/catalina-ha.jar /var/lib/pki/pki-tomcat/lib/catalina-ha.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/catalina.jar /var/lib/pki/pki-tomcat/lib/catalina.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/jasper-jdt.jar /var/lib/pki/pki-tomcat/lib/jasper-jdt.jar pkispawn : INFO ....... ln -s /etc/pki/pki-tomcat/log4j.properties /var/lib/pki/pki-tomcat/lib/log4j.properties pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/temp pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work/Catalina pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca pkispawn : INFO ....... ln -s /usr/share/tomcat/bin /var/lib/pki/pki-tomcat/bin pkispawn : INFO ....... ln -s /usr/sbin/tomcat-sysd /var/lib/pki/pki-tomcat/pki-tomcat pkispawn : INFO ....... ln -s /usr/share/java/apache-commons-collections.jar /var/lib/pki/pki-tomcat/common/lib/apache-commons-collections.jar pkispawn : INFO ....... ln -s /usr/share/java/apache-commons-io.jar /var/lib/pki/pki-tomcat/common/lib/apache-commons-io.jar pkispawn : INFO ....... ln -s /usr/share/java/apache-commons-lang.jar /var/lib/pki/pki-tomcat/common/lib/apache-commons-lang.jar pkispawn : INFO ....... ln -s /usr/share/java/apache-commons-logging.jar /var/lib/pki/pki-tomcat/common/lib/apache-commons-logging.jar pkispawn : INFO ....... ln -s /usr/share/java/commons-codec.jar /var/lib/pki/pki-tomcat/common/lib/apache-commons-codec.jar pkispawn : INFO ....... ln -s /usr/share/java/httpcomponents/httpclient.jar /var/lib/pki/pki-tomcat/common/lib/httpclient.jar pkispawn : INFO ....... ln -s /usr/share/java/httpcomponents/httpcore.jar /var/lib/pki/pki-tomcat/common/lib/httpcore.jar pkispawn : INFO ....... ln -s /usr/share/java/javassist.jar /var/lib/pki/pki-tomcat/common/lib/javassist.jar pkispawn : INFO ....... ln -s /usr/share/java/resteasy/jaxrs-api.jar /var/lib/pki/pki-tomcat/common/lib/jaxrs-api.jar pkispawn : INFO ....... ln -s /usr/share/java/jettison.jar /var/lib/pki/pki-tomcat/common/lib/jettison.jar pkispawn : INFO ....... ln -s /usr/lib/java/jss4.jar /var/lib/pki/pki-tomcat/common/lib/jss4.jar pkispawn : INFO ....... ln -s /usr/share/java/ldapjdk.jar /var/lib/pki/pki-tomcat/common/lib/ldapjdk.jar pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-tomcat.jar /var/lib/pki/pki-tomcat/common/lib/pki-tomcat.jar pkispawn : INFO ....... ln -s /usr/share/java/resteasy/resteasy-atom-provider.jar /var/lib/pki/pki-tomcat/common/lib/resteasy-atom-provider.jar pkispawn : INFO ....... ln -s /usr/share/java/resteasy/resteasy-jaxb-provider.jar /var/lib/pki/pki-tomcat/common/lib/resteasy-jaxb-provider.jar pkispawn : INFO ....... ln -s /usr/share/java/resteasy/resteasy-jaxrs.jar /var/lib/pki/pki-tomcat/common/lib/resteasy-jaxrs.jar pkispawn : INFO ....... ln -s /usr/share/java/resteasy/resteasy-jettison-provider.jar /var/lib/pki/pki-tomcat/common/lib/resteasy-jettison-provider.jar pkispawn : INFO ....... ln -s /usr/share/java/scannotation.jar /var/lib/pki/pki-tomcat/common/lib/scannotation.jar pkispawn : INFO ....... ln -s /usr/share/java/tomcatjss.jar /var/lib/pki/pki-tomcat/common/lib/tomcatjss.jar pkispawn : INFO ....... ln -s /usr/share/java/velocity.jar /var/lib/pki/pki-tomcat/common/lib/velocity.jar pkispawn : INFO ....... ln -s /usr/share/java/xerces-j2.jar /var/lib/pki/pki-tomcat/common/lib/xerces-j2.jar pkispawn : INFO ....... ln -s /usr/share/java/xml-commons-apis.jar /var/lib/pki/pki-tomcat/common/lib/xml-commons-apis.jar pkispawn : INFO ....... ln -s /usr/share/java/xml-commons-resolver.jar /var/lib/pki/pki-tomcat/common/lib/xml-commons-resolver.jar pkispawn : INFO ....... mkdir -p /etc/pki/pki-tomcat/alias pkispawn : INFO ....... ln -s /etc/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/alias pkispawn : INFO ....... ln -s /etc/pki/pki-tomcat /var/lib/pki/pki-tomcat/conf pkispawn : INFO ....... ln -s /var/log/pki/pki-tomcat /var/lib/pki/pki-tomcat/logs pkispawn : INFO ... populating 'pki.deployment.subsystem_layout' pkispawn : INFO ....... mkdir -p /var/log/pki/pki-tomcat/ca pkispawn : INFO ....... mkdir -p /var/log/pki/pki-tomcat/ca/archive pkispawn : INFO ....... mkdir -p /var/log/pki/pki-tomcat/ca/signedAudit pkispawn : INFO ....... mkdir -p /etc/pki/pki-tomcat/ca pkispawn : INFO ....... cp -rp /usr/share/pki/ca/emails /var/lib/pki/pki-tomcat/ca/emails pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/ca/emails' pkispawn : INFO ....... cp -rp /usr/share/pki/ca/profiles /var/lib/pki/pki-tomcat/ca/profiles pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/ca/profiles' pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/flatfile.txt /etc/pki/pki-tomcat/ca/flatfile.txt pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/registry.cfg /etc/pki/pki-tomcat/ca/registry.cfg pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/adminCert.profile /etc/pki/pki-tomcat/ca/adminCert.profile pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/caAuditSigningCert.profile /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/caCert.profile /etc/pki/pki-tomcat/ca/caCert.profile pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/caOCSPCert.profile /etc/pki/pki-tomcat/ca/caOCSPCert.profile pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/serverCert.profile /etc/pki/pki-tomcat/ca/serverCert.profile pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/subsystemCert.profile /etc/pki/pki-tomcat/ca/subsystemCert.profile pkispawn : INFO ....... ln -s /var/lib/pki/pki-tomcat/webapps /var/lib/pki/pki-tomcat/ca/webapps pkispawn : INFO ....... ln -s /var/lib/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/ca/alias pkispawn : INFO ....... ln -s /etc/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/conf pkispawn : INFO ....... ln -s /var/log/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/logs pkispawn : INFO ... selinux disabled. skipping labelling 'pki.deployment.selinux_setup' pkispawn : INFO ... deploying 'pki.deployment.webapp_deployment' pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/ROOT pkispawn : INFO ....... cp -rp /usr/share/pki/server/webapps/ROOT /var/lib/pki/pki-tomcat/webapps/ROOT pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/ROOT' pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/pki pkispawn : INFO ....... cp -rp /usr/share/pki/server/webapps/pki/js /var/lib/pki/pki-tomcat/webapps/pki/js pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/pki/js' pkispawn : INFO ....... cp -rp /usr/share/pki/server/webapps/pki/META-INF /var/lib/pki/pki-tomcat/webapps/pki/META-INF pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/pki/META-INF' pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/ca pkispawn : INFO ....... cp -rp /usr/share/pki/server/webapps/pki/admin /var/lib/pki/pki-tomcat/webapps/ca/admin pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/ca/admin' pkispawn : INFO ....... cp -rp /usr/share/pki/ca/webapps/ca /var/lib/pki/pki-tomcat/webapps/ca pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/ca' pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/classes pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-certsrv.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-certsrv.jar pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-cmsbundle.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-cmsbundle.jar pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-cmscore.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-cmscore.jar pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-cms.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-cms.jar pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-cmsutil.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-cmsutil.jar pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-nsutil.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-nsutil.jar pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-ca.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-ca.jar pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/ca' pkispawn : INFO ... assigning slots for 'pki.deployment.slot_substitution' pkispawn : INFO ....... copying '/usr/share/pki/ca/conf/CS.cfg' --> '/etc/pki/pki-tomcat/ca/CS.cfg' with slot substitution pkispawn : INFO ....... copying '/usr/share/pki/setup/pkidaemon_registry' --> '/etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat' with slot substitution pkispawn : INFO ....... copying '/usr/share/pki/server/conf/catalina.properties' --> '/etc/pki/pki-tomcat/catalina.properties' with slot substitution pkispawn : INFO ....... copying '/usr/share/pki/server/conf/serverCertNick.conf' --> '/etc/pki/pki-tomcat/serverCertNick.conf' with slot substitution pkispawn : INFO ....... copying '/usr/share/pki/server/conf/server.xml' --> '/etc/pki/pki-tomcat/server.xml' with slot substitution pkispawn : INFO ....... copying '/usr/share/pki/server/conf/context.xml' --> '/etc/pki/pki-tomcat/context.xml' with slot substitution pkispawn : INFO ....... copying '/usr/share/pki/server/conf/tomcat.conf' --> '/etc/sysconfig/pki-tomcat' with slot substitution pkispawn : INFO ....... copying '/usr/share/pki/server/conf/tomcat.conf' --> '/etc/pki/pki-tomcat/tomcat.conf' with slot substitution pkispawn : INFO ....... applying in-place slot substitutions on '/var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/velocity.properties' pkispawn : INFO ....... applying in-place slot substitutions on '/var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/web.xml' pkispawn : INFO ....... copying '/usr/share/pki/ca/conf/proxy.conf' --> '/etc/pki/pki-tomcat/ca/proxy.conf' with slot substitution pkispawn : INFO ....... applying in-place slot substitutions on '/var/lib/pki/pki-tomcat/webapps/ca/ee/ca/ProfileSelect.template' pkispawn : INFO ... generating 'pki.deployment.security_databases' pkispawn : INFO ....... generating '/etc/pki/pki-tomcat/password.conf' pkispawn : INFO ....... generating '/etc/pki/pki-tomcat/pfile' pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/password.conf' pkispawn : INFO ....... executing 'certutil -N -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile' pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/alias/cert8.db' pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/alias/key3.db' pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/alias/secmod.db' pkispawn : INFO ....... generating noise file called '/etc/pki/pki-tomcat/ca/noise' and filling it with '1024' random bytes pkispawn : INFO ....... executing 'certutil -S -d /etc/pki/pki-tomcat/alias -h 'internal' -n 'Server-Cert cert-pki-tomcat' -s 'cn=dogtag-ext1.novalocal,o=2014-10-10 09:20:58' -m 0 -v 12 -c 'cn=dogtag-ext1.novalocal,o=2014-10-10 09:20:58' -t 'CTu,CTu,CTu' -z /etc/pki/pki-tomcat/ca/noise -f /etc/pki/pki-tomcat/pfile -x > /dev/null 2>&1' pkispawn : INFO ....... rm -f /etc/pki/pki-tomcat/ca/noise pkispawn : INFO ....... rm -f /etc/pki/pki-tomcat/pfile pkispawn : INFO ... configuring 'pki.deployment.configuration' pkispawn : INFO ....... mkdir -p /root/.dogtag/pki-tomcat/ca pkispawn : INFO ....... generating '/root/.dogtag/pki-tomcat/ca/password.conf' pkispawn : INFO ....... modifying '/root/.dogtag/pki-tomcat/ca/password.conf' pkispawn : INFO ....... generating '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf' pkispawn : INFO ....... modifying '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf' pkispawn : INFO ....... mkdir -p /root/.dogtag/pki-tomcat/ca/alias pkispawn : INFO ....... executing 'certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf' pkispawn : INFO ....... ln -s /lib/systemd/system/pki-tomcatd@.service /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service pkispawn : INFO ....... executing 'systemctl daemon-reload' pkispawn : INFO ....... executing 'systemctl start pki-tomcatd@pki-tomcat.service' pkispawn : INFO ....... constructing PKI configuration data. pkispawn : INFO ....... generating noise file called '/root/.dogtag/pki-tomcat/ca/alias/noise' and filling it with '2048' random bytes pkispawn : INFO ....... executing '['certutil', '-R', '-d', '/root/.dogtag/pki-tomcat/ca/alias', '-s', 'cn=PKI Administrator,o=cisco.com', '-g', '2048', '-z', '/root/.dogtag/pki-tomcat/ca/alias/noise', '-f', '/root/.dogtag/pki-tomcat/ca/password.conf', '-o', '/root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin']' pkispawn : INFO ....... ['BtoA', '/root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin', '/root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin.asc'] pkispawn : INFO ....... configuring PKI configuration data. pkispawn : INFO ....... request: -----BEGIN CERTIFICATE REQUEST----- MIICmDCCAYACAQAwUzEPMA0GA1UEBxMGS3JpdGVlMQ0wCwYDVQQLEwRDSUJVMRYwFAYDVQQKEw1D aXNjbyBTeXN0ZW1zMRkwFwYDVQQDExBkb2d0YWcuY2lzY28uY29tMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEAmLgfNwidSyR47kwVAOGor/kHOiTJS5qc4fsCJM6gQDnsC7lXbC6XcdYK tQHs9Y7/HbzQDiMZNGS/hHRRGh68qZdr/pCxSbONobMczM7thjUQ5crUgJCI1tG2XaMKBRQMtqNA fJY/SBaVEBpRzp+0DJ51D+qGjyJaq2Pzzj+pCJLMQPv/rQ9BSFLr8Js+QErn7j5JQwZ7k4wkZCoK wcAVgwDzQ3xCtKew+M5Xgj9OzmkQgZk1SViPBLXl58gy+ukuBHBHSXWAY+b34N9IQnW1rozz073e fD8ZSgHQYWsjRxCdniOvgd37gviyDlMIaOh7+HapYj1k+VCzmKimU4ZrJQIDAQABoAAwDQYJKoZI hvcNAQELBQADggEBAFI5HrchG9WxTzgtCf6v21V8PFsWHEPVBr1gM+ihgiSXSp7sSmvjBvEUN+Ik mHbo4ssq+KpHWeQZmKc1tlmiF5IBoP6yiAvkHelphdqRM+DkrkMYnR8cabx4amFOEfmPBE38hLHA +eaFiVxHSorbkoZsBnSrYDz1/+5xD+4/VJrMvQiP9eRp1hG0sXjH5sLoV70LoHhO94yga0w26Gpj xkzxSrxFVFH7walY0J09rqvtGOfJ7y4Pg4hy24L0WLDux063uUjNVmRs8zmYHB5AgX2Ke1YI2XYP AHPTL9m3+wdVUuPCYVrf6njZS7CFygcG5c4W6prdu5ZcJ7cqYdSgiho= -----END CERTIFICATE REQUEST----- pkispawn : INFO ....... saving CA Signing CSR to file: '/home/fedora/ca_signing.csr' pkispawn : INFO ... finalizing 'pki.deployment.finalization' pkispawn : INFO ....... cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20141010092058 pkispawn : INFO ....... generating manifest file called '/etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest' pkispawn : INFO ....... cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20141010092058 pkispawn : INFO ....... executing 'systemctl daemon-reload' pkispawn : INFO ....... executing 'systemctl restart pki-tomcatd@pki-tomcat.service' pkispawn : INFO ....... rm -rf /root/.dogtag/pki-tomcat/ca pkispawn : INFO END spawning subsystem 'CA' of instance 'pki-tomcat' ========================================================================== -----BEGIN CERTIFICATE REQUEST----- [root@dogtag-ext1 fedora]# pkispawn -s CA -f dep.cfg -v Loading deployment configuration from dep.cfg. Installing CA into /var/lib/pki/pki-tomcat. pkispawn : INFO BEGIN spawning subsystem 'CA' of instance 'pki-tomcat' . . . pkispawn : INFO ... initializing 'pki.deployment.initialization' pkispawn : INFO ....... adding GID 'pkiuser' for group '17' . . . pkispawn : INFO ....... adding UID 'pkiuser' for user '17' . . . pkispawn : ERROR ....... Selinux is disabled. Not checking port contexts pkispawn : INFO ... skip populating 'pki.deployment.infrastructure_layout' pkispawn : INFO ... skip populating 'pki.deployment.instance_layout' pkispawn : INFO ... skip populating 'pki.deployment.subsystem_layout' pkispawn : INFO ... skip populating 'pki.deployment.selinux_setup' pkispawn : INFO ... skip deploying 'pki.deployment.webapp_deployment' pkispawn : INFO ... skip assigning slots for 'pki.deployment.slot_substitution' pkispawn : INFO ... skip generating 'pki.deployment.security_databases' pkispawn : INFO ... configuring 'pki.deployment.configuration' pkispawn : INFO ....... mkdir -p /root/.dogtag/pki-tomcat/ca pkispawn : INFO ....... generating '/root/.dogtag/pki-tomcat/ca/password.conf' pkispawn : INFO ....... modifying '/root/.dogtag/pki-tomcat/ca/password.conf' pkispawn : INFO ....... generating '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf' pkispawn : INFO ....... modifying '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf' pkispawn : INFO ....... mkdir -p /root/.dogtag/pki-tomcat/ca/alias pkispawn : INFO ....... executing 'certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf' pkispawn : INFO ....... executing 'systemctl daemon-reload' pkispawn : INFO ....... executing 'systemctl start pki-tomcatd@pki-tomcat.service' pkispawn : INFO ....... constructing PKI configuration data. pkispawn : INFO ....... generating noise file called '/root/.dogtag/pki-tomcat/ca/alias/noise' and filling it with '2048' random bytes pkispawn : INFO ....... executing '['certutil', '-R', '-d', '/root/.dogtag/pki-tomcat/ca/alias', '-s', 'cn=PKI Administrator,o=cisco.com Security Domain', '-g', '2048', '-z', '/root/.dogtag/pki-tomcat/ca/alias/noise', '-f', '/root/.dogtag/pki-tomcat/ca/password.conf', '-o', '/root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin']' pkispawn : INFO ....... ['BtoA', '/root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin', '/root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin.asc'] loading external CA signing certificate from file: '/home/fedora/dogtag.cisco.com.cer' loading external CA signing certificate chain from file: '/home/fedora/test-root-ca-2048.cer' pkispawn : INFO ....... configuring PKI configuration data. pkispawn : INFO ....... ['AtoB', '/root/.dogtag/pki-tomcat/ca_admin.cert', '/root/.dogtag/pki-tomcat/ca_admin.cert.der'] pkispawn : INFO ....... ['certutil', '-A', '-d', '/root/.dogtag/pki-tomcat/ca/alias', '-n', 'PKI Administrator', '-t', 'u,u,u', '-i', '/root/.dogtag/pki-tomcat/ca_admin.cert.der', '-f', '/root/.dogtag/pki-tomcat/ca/password.conf'] pkispawn : INFO ....... ['pk12util', '-d', '/root/.dogtag/pki-tomcat/ca/alias', '-o', '/root/.dogtag/pki-tomcat/ca_admin_cert.p12', '-n', 'PKI Administrator', '-w', '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf', '-k', '/root/.dogtag/pki-tomcat/ca/password.conf'] pkispawn : INFO ... finalizing 'pki.deployment.finalization' pkispawn : INFO ....... cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20141010092609 pkispawn : INFO ....... generating manifest file called '/etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest' pkispawn : INFO ....... cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20141010092609 pkispawn : INFO ....... executing 'systemctl daemon-reload' pkispawn : INFO ....... executing 'systemctl restart pki-tomcatd@pki-tomcat.service' Job for pki-tomcatd@pki-tomcat.service canceled. pkispawn : INFO ....... rm -rf /root/.dogtag/pki-tomcat/ca pkispawn : INFO END spawning subsystem 'CA' of instance 'pki-tomcat' ========================================================================== INSTALLATION SUMMARY ========================================================================== Administrator's username: caadmin Administrator's PKCS #12 file: /root/.dogtag/pki-tomcat/ca_admin_cert.p12 To check the status of the subsystem: systemctl status pki-tomcatd\@pki-tomcat.service To restart the subsystem: systemctl restart pki-tomcatd\@pki-tomcat.service The URL for the subsystem is: https://dogtag-ext1.novalocal:9443/ca ==========================================================================