7:22 p.m.
looks like there are several different errors and different time stamps.
In the first log provided, watch out for
[10/Feb/2010:18:17:59][http-9545-Processor24]:
com.netscape.cms.servlet.filter.AgentRequestFilter: Use HTTPS port
'9543' instead of '9545' when performing Agent tasks!
Use the admin secure port to reach the web configuration wizard, like
shown from the service pki-ca1status command after a pkicreate (or by
the pkicreate command itself).
M.
On 02/10/2010 04:53 PM, Erwin Himawan wrote:
Here is the output of /var/log/pki-ca1/catalina.out
DAP operation failure - cn=2,ou=ca,ou=requests,dc=FQDN-pki-ca1
netscape.ldap.LDAPException: error result (68)
http-9545-Processor19: log level: {0} is invalid, should be 0-6
Here is the output of /var/log/pki-ca1/system
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [3]
Servlet caGetAdminBySerial: Error getting certRecord for serialNo 0x2.
Error LDAP operation failure - cn=2,ou=certificateRepository, ou=ca,
dc=FQDN-pki-ca1 netscape.ldap.LDAPException: error result (32);
matchedDN = ou=certificaterepository,ou=ca,dc=FQDN-pki-ca1.
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [3]
Servlet caGetAdminBySerial: Certificate Serial Number 2 not found
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [20]
CMSgateway:Could not load template
/var/lib/pki-ca1/webapps/ca/admin/GenError.template error
java.io.FileNotFoundException:
/var/lib/pki-ca1/webapps/ca/admin/GenError.template (No such file or
directory).
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [3]
Servlet caGetAdminBySerial: Error outputting template
/admin/GenError.template . Error encountered while loading output
template..
[10/Feb/2010:18:47:18][http-9545-Processor19]: getConn: mNumConns now 2
[10/Feb/2010:18:47:18][http-9545-Processor19]: returnConn: mNumConns now 3
[10/Feb/2010:18:47:18][http-9545-Processor19]:
SignedAuditEventFactory: create()
message=[AuditEvent=ROLE_ASSUME][SubjectID=$NonRoleUser$][Outcome=Success][Role=<null>]
assume privileged role
[10/Feb/2010:18:47:18][http-9545-Processor19]: getConn: mNumConns now 2
[10/Feb/2010:18:47:18][http-9545-Processor19]: returnConn: mNumConns now 3
[10/Feb/2010:18:47:18][http-9545-Processor19]: CMSServlet: curDate=Wed
Feb 10 18:47:18 CST 2010 id=caGetAdminBySerial time=20
[10/Feb/2010:18:47:19][http-9545-Processor19]:
com.netscape.cms.servlet.filter.AgentRequestFilter: Use HTTPS port
'9543' instead of '9545' when performing Agent tasks!
On Wed, Feb 10, 2010 at 6:36 PM, Erwin Himawan <ehimawan(a)gmail.com
<mailto:ehimawan@gmail.com>> wrote:
Hi All,
First of all, thanks for the help of the pki-users to get me through.
Here is the last step of my pki-ca configuration.
I am in the "Import Administrator Certificate"
When I clicked "next", I got this error:
java.lang.NullPointerException
Here is some output from the /var/log/pki-ca1/debug:
[10/Feb/2010:18:17:59][http-9545-Processor24]: increasing minimum
connections by 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: new total available
connections 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: new number of
connections 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: getNextPanel input p=16
[10/Feb/2010:18:17:59][http-9545-Processor24]: getNextPanel output
p=17
[10/Feb/2010:18:17:59][http-9545-Processor24]:
ImportAdminCertPanel: display
[10/Feb/2010:18:17:59][http-9545-Processor24]: panel no=17
[10/Feb/2010:18:17:59][http-9545-Processor24]: panel
name=importadmincert
[10/Feb/2010:18:17:59][http-9545-Processor24]: total number of
panels=19
[10/Feb/2010:18:17:59][http-9545-Processor24]: according to
ccMode, authorization for servlet: caGetAdminBySerial is LDAP
based, not XML {1}, use default authz mgr: {2}.
[10/Feb/2010:18:17:59][http-9545-Processor24]:
CMSServlet:service() uri = /ca/admin/ca/getBySerial
[10/Feb/2010:18:17:59][http-9545-Processor24]:
CMSServlet::service() param name='serialNumber' value='1'
[10/Feb/2010:18:17:59][http-9545-Processor24]:
CMSServlet::service() param name='browser' value='netscape'
[10/Feb/2010:18:17:59][http-9545-Processor24]:
CMSServlet::service() param name='importCert' value='true'
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet:
caGetAdminBySerial start to service.
[10/Feb/2010:18:17:59][http-9545-Processor24]: IP: 10.7.20.82
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet: no
authMgrName
[10/Feb/2010:18:17:59][http-9545-Processor24]: checkACLS():
ACLEntry expressions= user="anybody"
[10/Feb/2010:18:17:59][http-9545-Processor24]: evaluating
expressions: user="anybody"
[10/Feb/2010:18:17:59][http-9545-Processor24]: evaluated
expression: user="anybody" to be true
[10/Feb/2010:18:17:59][http-9545-Processor24]: DirAclAuthz:
authorization passed
[10/Feb/2010:18:17:59][http-9545-Processor24]:
SignedAuditEventFactory: create()
message=[AuditEvent=AUTHZ_SUCCESS][SubjectID=$NonRoleUser$][Outcome=Success][aclResource=certServer.admin.certificate][Op=import]
authorization success
[10/Feb/2010:18:17:59][http-9545-Processor24]: getConn: mNumConns
now 2
[10/Feb/2010:18:17:59][http-9545-Processor24]: returnConn:
mNumConns now 3
[10/Feb/2010:18:17:59][http-9545-Processor24]:
SignedAuditEventFactory: create()
message=[AuditEvent=ROLE_ASSUME][SubjectID=$NonRoleUser$][Outcome=Success][Role=<null>]
assume privileged role
[10/Feb/2010:18:17:59][http-9545-Processor24]: getConn: mNumConns
now 2
[10/Feb/2010:18:17:59][http-9545-Processor24]: returnConn:
mNumConns now 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet:
curDate=Wed Feb 10 18:17:59 CST 2010 id=caGetAdminBySerial time=51
[10/Feb/2010:18:17:59][http-9545-Processor24]:
com.netscape.cms.servlet.filter.AgentRequestFilter: Use HTTPS
port '9543' instead of '9545' when performing Agent tasks!
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: process
[10/Feb/2010:18:18:01][http-9545-Processor24]:
WizardServlet:service() uri = /ca/admin/console/config/wizard
[10/Feb/2010:18:18:01][http-9545-Processor24]:
WizardServlet::service() param name='p' value='17'
[10/Feb/2010:18:18:01][http-9545-Processor24]:
WizardServlet::service() param name='caHost' value='FQDN'
[10/Feb/2010:18:18:01][http-9545-Processor24]:
WizardServlet::service() param name='serialNumber' value='1'
[10/Feb/2010:18:18:01][http-9545-Processor24]:
WizardServlet::service() param name='pkcs7'
value='PKCS7-VALUExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
[10/Feb/2010:18:18:01][http-9545-Processor24]:
WizardServlet::service() param name='op' value='next'
[10/Feb/2010:18:18:01][http-9545-Processor24]:
WizardServlet::service() param name='caPort' value='9545'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: op=next
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: size=19
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: in
next 17
[10/Feb/2010:18:18:01][http-9545-Processor24]:
ImportAdminCertPanel update: Root CA subsystem - (new Security
Domain)
[10/Feb/2010:18:18:01][http-9545-Processor24]: getConn: mNumConns
now 2
[10/Feb/2010:18:18:01][http-9545-Processor24]: returnConn:
mNumConns now 3
[10/Feb/2010:18:18:01][http-9545-Processor24]: getConn: mNumConns
now 2
[10/Feb/2010:18:18:01][http-9545-Processor24]: returnConn:
mNumConns now 3
[10/Feb/2010:18:18:01][http-9545-Processor24]:
ImportAdminCertPanel update: failed to add certificate. Exception:
java.lang.NullPointerException
[10/Feb/2010:18:18:01][http-9545-Processor24]: panel no=17
[10/Feb/2010:18:18:01][http-9545-Processor24]: panel
name=importadmincert
[10/Feb/2010:18:18:01][http-9545-Processor24]: total number of
panels=19
Any idea how to resolve this issue?
Regards,
Erwin
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users