I’m trying to demonstrate that Dogtag could support issuing certs to a Linux version which I can’t get information on. Using Fedora 34 for initial proof-of-concept.

 

I’ve managed to work through a lot of the errors in https://access.redhat.com/documentation/en-us/red_hat_certificate_system/10/html/administration_guide/bulk-issuance. (The page doesn’t seem to be maintained. Where can I submit corrections?)

 

I’m stuck on the last step though. Until I get a working example, I can’t tell what’s wrong with the format of the request. The error I get follows. If other info would be useful, like the full traceback, or the request as actually formatted by the perl command, just let me know.

 

2021-09-21 17:55:08 [https-jsse-nio-8443-exec-16] WARNING: CertProcessor: No authenticator credentials required

2021-09-21 17:55:08 [https-jsse-nio-8443-exec-16] INFO: DBSSession: reading cn=8,ou=certificateRepository, ou=ca, o=pki-tomcat-CA

2021-09-21 17:55:08 [https-jsse-nio-8443-exec-16] INFO: AgentCertAuthentication: authenticated uid=newcaagent,ou=people,o=pki-tomcat-CA

2021-09-21 17:55:08 [https-jsse-nio-8443-exec-16] INFO: EnrollProfile: Parsing PKCS #10 request:

2021-09-21 17:55:08 [https-jsse-nio-8443-exec-16] SEVERE: Unable to parse PKCS #10 request: Sequence tag error -1

java.io.IOException: Sequence tag error -1

        at org.mozilla.jss.netscape.security.util.DerInputStream.getSequence(DerInputStream.java:243)

[ . . . traceback with no explicit errors . . . ]

2021-09-21 17:55:08 [https-jsse-nio-8443-exec-16] SEVERE: ProfileSubmitServlet: error in processing request: Invalid Request

Invalid Request

        at com.netscape.cmscore.cert.CertUtils.parsePKCS10(CertUtils.java:247)

[ . . . traceback including . . . ]

        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

        at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)

        at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)

        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

        at java.base/java.lang.Thread.run(Thread.java:829)

Caused by: java.io.IOException: Sequence tag error -1

        at org.mozilla.jss.netscape.security.util.DerInputStream.getSequence(DerInputStream.java:243)

        at org.mozilla.jss.netscape.security.pkcs.PKCS10.<init>(PKCS10.java:143)

        at org.mozilla.jss.netscape.security.pkcs.PKCS10.<init>(PKCS10.java:234)

        at com.netscape.cmscore.cert.CertUtils.parsePKCS10(CertUtils.java:238)

        ... 50 more

 

Thanks for any help. If I get past proof of concept, I can engage Honda’s support contract with IBM, but I’m not there yet.

 

Confidentiality Notice: This transmission (including any attachments) may contain confidential information belonging to the sender and is intended only for the use of the party or entity to which it is addressed. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, retention or the taking of action in reliance on the contents of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender and erase all information and attachments.

_______________________________________________
Pki-users mailing list -- users@lists.dogtagpki.org
To unsubscribe send an email to users-leave@lists.dogtagpki.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s