Hello,
I posted a message about this last week:
I will post more details here:
2 servers:
service-1: running fedora-ds and will be prime pki system (running
all subsystems)
service-2: running fedora-ds and will be clone for all (cloneable)
subsystems on service-1
[root@service-1 pki-kra]# rpm -qa|grep pki
pki-selinux-1.1.0-1.fc10.noarch
pki-kra-1.1.0-1.fc10.noarch
pki-common-1.1.0-1.fc10.noarch
pki-native-tools-1.1.0-1.fc10.x86_64
dogtag-pki-ca-ui-1.1.0-1.fc10.noarch
pki-util-1.1.0-1.fc10.noarch
pki-ca-1.1.0-1.fc10.noarch
dogtag-pki-common-ui-1.1.0-1.fc10.noarch
pki-java-tools-1.1.0-1.fc10.noarch
dogtag-pki-kra-ui-1.1.0-1.fc10.noarch
pki-setup-1.1.0-1.fc10.noarch
I did the following steps:
1. yum install pki-ca on service-1 and create instance - success
2. yum install pki-ca on service-2 cloning instance from step 1 - success
3. yum install pki-kra on service-1 - installation seems to be
succeful using security domain from service-1
Note: on the page for the login, I get Security Domain () login (Is
this correct or should it show the security domain name between the
()?)
4. yum install pki-kra on service-2
a) select security domain from service-1
b) join security domain on service-1:9444
c) select to clone domain from step 3
when clicking next on this screen service-1/var/log/pki-kra/debug shows
[25/May/2009:09:19:31][http-10444-Processor23]: CMSServlet:service()
uri = /kra/ee/kra/getTokenInfo
[25/May/2009:09:19:31][http-10444-Processor23]: CMSServlet:
kraGetTokenInfo start to service.
[25/May/2009:09:19:31][http-10444-Processor23]: CMSServlet:
curDate=Mon May 25 09:19:31 EDT 2009 id=kraGetTokenInfo time=3
service-1/var/log/pki-kra/localhost_access_log shows:
192.168.0.26 - - [25/May/2009:09:19:31 -0400] "POST
/kra/ee/kra/getTokenInfo HTTP/1.0" 200 565
d) at "Import Keys and Certificates" page, I type in the name of the
file that was copied to the system and I get "Clone is not ready"
on service-2 I can run pk12util -l pki-kra-savepkcs -w <file> and it
will output the keys and shows the correct security domain
I don't see anything new in the logs at this step anymore (not sure
where the error came from in my last post)
On service-1:
[root@service-1 ~]# service pki-kra status
pki-kra (pid 8444) is running ...
Unsecure Port =
http://service-1.internaldomain:10180/kra/ee/kra
Secure Agent Port =
https://service-1.internaldomain:10443/kra/agent/kra
Secure EE Port =
https://service-1.internaldomain:10444/kra/ee/kra
Secure Admin Port =
https://service-1.internaldomain:10445/kra/services
Secure Admin Port = pkiconsole
https://service-1.internaldomain:10445/kra
Tomcat Port = 10701 (for shutdown)
Thanks,
Mike