I’m trying to demonstrate that Dogtag could support issuing certs to a Linux version which I can’t get information on. Using Fedora 34 for initial proof-of-concept.
I’ve managed to work through a lot of the errors in
https://access.redhat.com/documentation/en-us/red_hat_certificate_system/10/html/administration_guide/bulk-issuance. (The page doesn’t seem to be maintained. Where can I submit corrections?)
I’m stuck on the last step though. Until I get a working example, I can’t tell what’s wrong with the format of the request. The error I get follows. If other info would be useful, like the full traceback, or the request as actually formatted
by the perl command, just let me know.
2021-09-21 17:55:08 [https-jsse-nio-8443-exec-16] WARNING: CertProcessor: No authenticator credentials required
2021-09-21 17:55:08 [https-jsse-nio-8443-exec-16] INFO: DBSSession: reading cn=8,ou=certificateRepository, ou=ca, o=pki-tomcat-CA
2021-09-21 17:55:08 [https-jsse-nio-8443-exec-16] INFO: AgentCertAuthentication: authenticated uid=newcaagent,ou=people,o=pki-tomcat-CA
2021-09-21 17:55:08 [https-jsse-nio-8443-exec-16] INFO: EnrollProfile: Parsing PKCS #10 request:
2021-09-21 17:55:08 [https-jsse-nio-8443-exec-16] SEVERE: Unable to parse PKCS #10 request: Sequence tag error -1
java.io.IOException: Sequence tag error -1
at org.mozilla.jss.netscape.security.util.DerInputStream.getSequence(DerInputStream.java:243)
[ . . . traceback with no explicit errors . . . ]
2021-09-21 17:55:08 [https-jsse-nio-8443-exec-16] SEVERE: ProfileSubmitServlet: error in processing request: Invalid Request
Invalid Request
at com.netscape.cmscore.cert.CertUtils.parsePKCS10(CertUtils.java:247)
[ . . . traceback including . . . ]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.io.IOException: Sequence tag error -1
at org.mozilla.jss.netscape.security.util.DerInputStream.getSequence(DerInputStream.java:243)
at org.mozilla.jss.netscape.security.pkcs.PKCS10.<init>(PKCS10.java:143)
at org.mozilla.jss.netscape.security.pkcs.PKCS10.<init>(PKCS10.java:234)
at com.netscape.cmscore.cert.CertUtils.parsePKCS10(CertUtils.java:238)
... 50 more
Thanks for any help. If I get past proof of concept, I can engage Honda’s support contract with IBM, but I’m not there yet.