Setting up dogtag on Fedora 12 with versions 1.3.2-1 of dogtag-pki-ra-ui
and 1.3.1-1 of pki-ra
The 389 system is setup OK and the pkicreate for the ca went smooth.
The debug log from the pki-ca shows an invalid hostname during the
"Subject Names" section on the ra wizard screen:
[28/Sep/2010:16:25:11][http-9444-Processor22]: TokenAuthentication: start
[28/Sep/2010:16:25:11][http-9444-Processor22]: TokenAuthentication:
content=sessionID=9216515598699103255&hostname=0:0:0:0:0:0:0:1
[28/Sep/2010:16:25:11][http-9444-Processor25]: CMSServlet:service() uri
= /ca/ee/ca/tokenAuthenticate
[28/Sep/2010:16:25:11][http-9444-Processor25]: CMSServlet::service()
param name='hostname' value='0:0:0:0:0:0:0:1'
[28/Sep/2010:16:25:11][http-9444-Processor25]: CMSServlet::service()
param name='sessionID' value='9216515598699103255'
[28/Sep/2010:16:25:11][http-9444-Processor25]: CMSServlet:
caTokenAuthenticate start to service.
[28/Sep/2010:16:25:11][http-9444-Processor25]: TokenAuthentication:
sessionId=9216515598699103255
[28/Sep/2010:16:25:11][http-9444-Processor25]: TokenAuthentication:
givenHost=0:0:0:0:0:0:0:1
[28/Sep/2010:16:25:11][http-9444-Processor25]: TokenAuthentication:
checking session in the session table
[28/Sep/2010:16:25:11][http-9444-Processor25]: CMSEngine:
getPasswordStore(): password store initialized before.
[28/Sep/2010:16:25:11][http-9444-Processor25]: CMSEngine:
getPasswordStore(): password store initialized.
[28/Sep/2010:16:25:11][http-9444-Processor25]: TokenAuthentication:
found session
[28/Sep/2010:16:25:11][http-9444-Processor25]: CMSEngine:
getPasswordStore(): password store initialized before.
[28/Sep/2010:16:25:11][http-9444-Processor25]: CMSEngine:
getPasswordStore(): password store initialized.
[28/Sep/2010:16:25:12][http-9444-Processor25]: TokenAuthentication:
hostname=***.***.***.*** and givenHost=0:0:0:0:0:0:0:1 is different
[28/Sep/2010:16:25:12][http-9444-Processor25]: TokenAuthenticate
authenticate failed, wrong hostname.
[28/Sep/2010:16:25:12][http-9444-Processor22]: TokenAuthentication: status=1
[28/Sep/2010:16:25:12][http-9444-Processor22]: ProfileSubmitServlet:
authentication error Error: Failed Authentication
[28/Sep/2010:16:25:12][http-9444-Processor25]: CMSServlet: curDate=Tue
Sep 28 16:25:12 EDT 2010 id=caTokenAuthenticate time=1019
TokenAuthentication: hostname is the IP address of the system and not
the hostname. All of the fields in the lead up screen use proper data
and fqdn hostnames
The debug log from pki-ra just after the /usr/bin/sslget line shows :
Tue Sep 28 16:25:12 EDT 2010 - content = HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Content-Length: 118
Date: Tue, 28 Sep 2010 20:25:12 GMT
Connection: close
<?xml version="1.0"
encoding="UTF-8"?><XMLResponse><Status>1</Status><Error>Authentication
Error</Error></XMLResponse>
Subject: CN=my.host.name,OU=pki-ca,O=STL Dogtag Domain
Issuer : CN=Certificate Authority,OU=pki-ca,O=STL Dogtag Domain
bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1
Tue Sep 28 16:25:12 EDT 2010 - NamePanel: response content=
<XMLResponse><Status>1</Status><Error>Authentication
Error</Error></XMLResponse>
Tue Sep 28 16:25:12 EDT 2010 - NamePanel: Error = Authentication Error
Tue Sep 28 16:25:12 EDT 2010 - RA wizard: update returns status '0'
Ideas?
--
James "Jim" Kinney
(404) 407-7967
GTRI