Hello,
i have the
problem the the CA don't accept the Administrator login. Either on
HTTPS-interface or via pkiconsole. It's a new installation and the
Admin-Certificate exists in the Browser with secret key. The problem ist that
the CA first dor thier job normal. When i now try to login i got a
catalina error like this. i dont reconfigure the CA only restart. I also
configured an HSM (Luna) but dont use key's inside the HSM.
-------------------catalina.out----------------------------------
Oct 29, 2008 5:43:55
PM org.apache.catalina.core.ApplicationContext log"
INFO: caListRequests: You
did not provide a valid certificate for this operation
----------------------------------------------------------------------
the debug-file
shows:
---------------------debug----------------------------------------
[29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet:service() uri =
/ca/agent/header
[29/Oct/2008:18:15:07][http-9443-Processor21]:
CMSServlet::service() param name='selected'
value='ca'
[29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet:
caheader start to service.
[29/Oct/2008:18:15:07][http-9443-Processor21]:
CMSServlet.java:
renderTemplate
[29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet:
curDate=Wed Oct 29 18:15:07 CET 2008 id=caheader
time=0
[29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet:service()
uri =
/ca/agent/ca/listRequests.html
[29/Oct/2008:18:15:07][http-9443-Processor21]:
CMSServlet: caListRequests start to
service.
[29/Oct/2008:18:15:07][http-9443-Processor21]: DisplayHtmlServlet
about to service
[29/Oct/2008:18:15:07][http-9443-Processor21]: IP:
10.94.112.222
[29/Oct/2008:18:15:07][http-9443-Processor21]: AuthMgrName:
certUserDBAuthMgr
[29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet:
retrieving SSL certificate
[29/Oct/2008:18:15:07][http-9443-Processor21]:
SignedAuditEventFactory: create()
message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=$Unidentified$][AttemptedCred=$Unidentified$]
authentication failure
[29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]: getConn: mNumConns now
2
[29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]:
ObjectStreamMapper:mapObjectToLDAPAttributeSet revokedCerts
size=84
[29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]:
ObjectStreamMapper:mapObjectToLDAPAttributeSet unrevokedCerts
size=84
[29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]:
ObjectStreamMapper:mapObjectToLDAPAttributeSet expiredCerts
size=84
[29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]: returnConn:
mNumConns now 3
----------------------------------------------------------------------
certutil -L -d . shows me:
----------------------------------------------------------------------
Certificate
Nickname
Trust
Attributes
SSL,S/MIME,JAR/XPI
ocspSigningCert
cert-ca4-1
u,u,u
subsystemCert
cert-ca4-1
u,u,u
caSigningCert
cert-ca4-1
CTu,Cu,Cu
Server-Cert
cert-ca4-1
u,u,u
Allianz Group Root CA II - Allianz
Group
CT,C,C
----------------------------------------------------------------------