Hmm,
I was hoping something obvious would stand out, but thats not the case.
I tried installing the RA on a FC11 system I have here - and had no
problems. Of course, I'm using the latest versions of all the pki-*
components.
The port you are using is fine. It should be the one for the security
domain which is on the secure admin port. You can also see this in the
section at the end of the status display - which looks something like:
Registered PKI Security Domain Information:
==========================================================================
Name: foo domain
URL:
https://host:19145
==========================================================================
So, its time to look at the logs.
In the /var/lib/<ra instance name>/logs/debug logfile, you should see
something like the following for this panel in the installation:
Tue Dec 15 09:31:06 EST 2009 - RA wizard: setting up test objects
Tue Dec 15 09:31:06 EST 2009 - RA wizard: found 2 certtags
Tue Dec 15 09:31:06 EST 2009 - DisplayCertChainPanel: update
Tue Dec 15 09:31:06 EST 2009 - content = <XMLResponse><DomainInfo><?xml
version="1.0"
encoding="UTF-8"?><DomainInfo><Name>workpc
domain 1
093009</Name><CAList><CA><Host>dhcp231-70.rdu.redhat.com</Host><SecurePort>9544</SecurePort><SecureAgentPort>9543</SecureAgentPort><SecureAdminPort>9545</SecureAdminPort><UnSecurePort>9580</UnSecurePort><Clone>false</Clone><SubsystemName>Certificate
Authority
pki-ca1</SubsystemName><DomainManager>true</DomainManager></CA><SubsystemCount>1</SubsystemCount></CAList><OCSPList><SubsystemCount>0</SubsystemCount></OCSPList><KRAList><SubsystemCount>0</SubsystemCount></KRAList><RAList><SubsystemCount>0</SubsystemCount></RAList><TKSList><SubsystemCount>0</SubsystemCount></TKSList><TPSList><SubsystemCount>0</SubsystemCount></TPSList></DomainInfo></DomainInfo><Status>0</Status></XMLResponse>
Tue Dec 15 09:31:06 EST 2009 - DisplayCertChainPanel: security domain 'workpc domain 1
093009'
Tue Dec 15 09:31:06 EST 2009 - DisplayCertChainPanel: Found CA 'Certificate Authority
pki-ca1'
We're particularly interested in what content is displaying ..
What do you see?
In fact, please open a bugzilla against dogtag, attach the debug and
error_log, and let me know the bug number.
Thanks,
Ade Lee
On Tue, 2009-12-15 at 09:33 +0100, Rafał Kamiński wrote:
Hi,
Thanks for your answer.
> What version of Fedora are you using?
Fedora release 11 (Leonidas)
> Do you have selinux in enforcing mode?
I had enforcing mode on Selinux. Now I diabled selinux and first:
- Join an Existing Security Domain - and I use
https://domain:9545 <- I
not using default port 9445 but 9545 port
Because I have that status on CA:
-bash-4.0# /etc/init.d/pki-ca status
pki-ca (pid 5892) is running ...
Unsecure Port =
http://domain:9580/ca/ee/ca
Secure Agent Port =
https://domain:9543/ca/agent/ca
Secure EE Port =
https://domain:9544/ca/ee/ca
Secure Admin Port =
https://domain:9545/ca/services
PKI Console Port = pkiconsole
https://domain:9545/ca
Tomcat Port = 9801 (for shutdown)
Maybe this is problem?
- After that I see: Display Certificate Chain
- Click Next
- And:
Internal Server Error
The server encountered an internal error or misconfiguration and was
unable to complete your request.
Please contact the server administrator, you(a)example.com and inform them
of the time the error occurred, and anything you might have done that
may have caused the error.
More information about this error may be available in the server error log.
:(
> What is the output of :
> rpm -qa |grep pki
bash-4.0# rpm -qa |grep pki
pki-setup-1.2.0-1.fc11.noarch
pki-ra-1.2.0-2.fc11.noarch
dogtag-pki-common-ui-1.2.0-1.fc11.noarch
pki-util-1.2.0-1.fc11.noarch
pki-selinux-1.2.0-2.fc11.noarch
pki-common-1.2.0-1.fc11.noarch
pki-native-tools-1.2.0-2.fc11.i586
dogtag-pki-ra-ui-1.2.0-1.fc11.noarch
pki-java-tools-1.2.0-1.fc11.noarch
pki-silent-1.2.0-1.fc11.noarch
BR,
Thanks for your help.
Rafal Kaminski
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users