Hi,
Sorry for being soooo long to respond, but I have to switch to another project meanwhile.
I'm trying again to use dogtag with a HSM (with SoftHSM v2.1 this time, because I don't have hardware HSM anymore), and with a fresh new installation (server + dogtag), I still have the same issue during pkispawn - s CA:
pkispawn : INFO ....... configuring PKI configuration data.
pkispawn : ERROR ....... ParseError: not well-formed (invalid token): line 1, column 0: {"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Invalid Token provided. No such token."}
My CA config file looks like that:
[DEFAULT]
pki_admin_password=Secret123
pki_client_pkcs12_password=Secret123
pki_ds_password=Secret123
# Optionally keep client databases
pki_client_database_purge=False
# Provide HSM parameters
pki_hsm_enable=True
pki_hsm_libfile=/usr/local/lib/softhsm/libsofthsm2.so
pki_hsm_modulename=softhsm
pki_token_name=dogtag1
pki_token_password=hsm_passwd
# Provide PKI-specific HSM token names
pki_audit_signing_token=dogtag1
pki_ssl_server_token=dogtag1
pki_subsystem_token=dogtag1
[CA]
# Provide CA-specific HSM token names
pki_ca_signing_token=dogtag1
pki_ocsp_signing_token=dogtag1
/var/lib/pki/pki-tomcat/ca/logs/debug:
[22/Jul/2016:15:36:12][http-bio-8443-exec-3]: SystemConfigService: configure()
[22/Jul/2016:15:36:12][http-bio-8443-exec-3]: SystemConfigService: request: ConfigurationRequest [pin=XXXX, token=dogtag1, tokenPassword=XXXX, securityDomainType=newdomain, securityDomainUri=null, securityDomainName=qt.cls.fr Security Domain, securityDomainUser=null, securityDomainPassword=XXXX, isClone=false, cloneUri=null, subsystemName=CA dogtag-ca.qt.cls.fr 8443, p12File=null, p12Password=XXXX, hierarchy=root, dsHost=dogtag-ca.qt.cls.fr, dsPort=389, baseDN=o=pki-CLS-CA, bindDN=cn=Directory Manager, bindpwd=XXXX, database=pki-CLS-CA, secureConn=false, removeData=true, replicateSchema=null, masterReplicationPort=null, cloneReplicationPort=null, replicationSecurity=null, systemCertsImported=false, systemCerts=[com.netscape.certsrv.system.SystemCertData@60c8305a, com.netscape.certsrv.system.SystemCertData@7774cd87, com.netscape.certsrv.system.SystemCertData@6f41ab06, com.netscape.certsrv.system.SystemCertData@99112a8, com.netscape.certsrv.system.SystemCertData@28fab920], issuingCA=null, backupKeys=false, backupPassword=, adminCertRequestType=pkcs10, adminSubjectDN=cn=PKI Administrator,e=caadmin@qt.cls.fr,o=qt.cls.fr Security Domain, adminName=caadmin, adminProfileID=caAdminCert, adminCert=null, importAdminCert=false, generateServerCert=true, external=false, standAlone=false, stepTwo=false, authdbBaseDN=null, authdbHost=null, authdbPort=null, authdbSecureConn=null, caUri=null, kraUri=null, tksUri=null, enableServerSideKeyGen=null, importSharedSecret=null, generateSubsystemCert=true, sharedDB=false, sharedDBUserDN=null, createNewDB=true, setupReplication=null, subordinateSecurityDomainName=null, reindexData=null] [22/Jul/2016:15:36:12][http-bio-8443-exec-3]: === Token Authentication ===
[22/Jul/2016:15:36:12][http-bio-8443-exec-3]: Invalid Token provided. No such token.
Versions:
Fedroa 24
Dogtag 10.3.3 (also tested with 10.3.3.3 from git repo)
Does anyone have an idea?
Thanks!
Regards