Marc,
Thanks for your support. I am sorry to confuse you.
For some reasons, I wrongly cut and paste different log files.
Anyway, after I updated all my Dogtag components from version 1.2.0 to 1.3.0, I did not experience any issue in configuring the pki-ca instance.
Is it fair to assume that some of the issue I experienced during 1.2.0 pki-ca configuration might have been resolved in 1.3.0?
I guess, in order to validate my hypothesis, I am willing to perform another fresh OS and DCS install.
Once again, thanks.
Thanks,
Erwin
looks like there are several different errors and different time stamps.
In the first log provided, watch out forUse the admin secure port to reach the web configuration wizard, like shown from the service pki-ca1status command after a pkicreate (or by the pkicreate command itself).
[10/Feb/2010:18:17:59][http-9545-Processor24]: com.netscape.cms.servlet.filter.AgentRequestFilter: Use HTTPS port '9543' instead of '9545' when performing Agent tasks!
M.
On 02/10/2010 04:53 PM, Erwin Himawan wrote:_______________________________________________ Pki-users mailing list Pki-users@redhat.com https://www.redhat.com/mailman/listinfo/pki-usersHere is the output of /var/log/pki-ca1/catalina.out
DAP operation failure - cn=2,ou=ca,ou=requests,dc=FQDN-pki-ca1 netscape.ldap.LDAPException: error result (68)
http-9545-Processor19: log level: {0} is invalid, should be 0-6
Here is the output of /var/log/pki-ca1/system
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [3] Servlet caGetAdminBySerial: Error getting certRecord for serialNo 0x2. Error LDAP operation failure - cn=2,ou=certificateRepository, ou=ca, dc=FQDN-pki-ca1 netscape.ldap.LDAPException: error result (32); matchedDN = ou=certificaterepository,ou=ca,dc=FQDN-pki-ca1.
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [3] Servlet caGetAdminBySerial: Certificate Serial Number 2 not found
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [20] CMSgateway:Could not load template /var/lib/pki-ca1/webapps/ca/admin/GenError.template error java.io.FileNotFoundException: /var/lib/pki-ca1/webapps/ca/admin/GenError.template (No such file or directory).
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [3] Servlet caGetAdminBySerial: Error outputting template /admin/GenError.template . Error encountered while loading output template..
[10/Feb/2010:18:47:18][http-9545-Processor19]: getConn: mNumConns now 2
[10/Feb/2010:18:47:18][http-9545-Processor19]: returnConn: mNumConns now 3
[10/Feb/2010:18:47:18][http-9545-Processor19]: SignedAuditEventFactory: create() message=[AuditEvent=ROLE_ASSUME][SubjectID=$NonRoleUser$][Outcome=Success][Role=<null>] assume privileged role
[10/Feb/2010:18:47:18][http-9545-Processor19]: getConn: mNumConns now 2
[10/Feb/2010:18:47:18][http-9545-Processor19]: returnConn: mNumConns now 3
[10/Feb/2010:18:47:18][http-9545-Processor19]: CMSServlet: curDate=Wed Feb 10 18:47:18 CST 2010 id=caGetAdminBySerial time=20
[10/Feb/2010:18:47:19][http-9545-Processor19]: com.netscape.cms.servlet.filter.AgentRequestFilter: Use HTTPS port '9543' instead of '9545' when performing Agent tasks!
On Wed, Feb 10, 2010 at 6:36 PM, Erwin Himawan <ehimawan@gmail.com> wrote:
Hi All,
First of all, thanks for the help of the pki-users to get me through.
Here is the last step of my pki-ca configuration.
I am in the "Import Administrator Certificate"
When I clicked "next", I got this error: java.lang.NullPointerException
Here is some output from the /var/log/pki-ca1/debug:
[10/Feb/2010:18:17:59][http-9545-Processor24]: increasing minimum connections by 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: new total available connections 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: new number of connections 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: getNextPanel input p=16
[10/Feb/2010:18:17:59][http-9545-Processor24]: getNextPanel output p=17
[10/Feb/2010:18:17:59][http-9545-Processor24]: ImportAdminCertPanel: display
[10/Feb/2010:18:17:59][http-9545-Processor24]: panel no=17
[10/Feb/2010:18:17:59][http-9545-Processor24]: panel name=importadmincert
[10/Feb/2010:18:17:59][http-9545-Processor24]: total number of panels=19
[10/Feb/2010:18:17:59][http-9545-Processor24]: according to ccMode, authorization for servlet: caGetAdminBySerial is LDAP based, not XML {1}, use default authz mgr: {2}.
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet:service() uri = /ca/admin/ca/getBySerial
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet::service() param name='serialNumber' value='1'
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet::service() param name='browser' value='netscape'
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet::service() param name='importCert' value='true'
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet: caGetAdminBySerial start to service.
[10/Feb/2010:18:17:59][http-9545-Processor24]: IP: 10.7.20.82
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet: no authMgrName
[10/Feb/2010:18:17:59][http-9545-Processor24]: checkACLS(): ACLEntry expressions= user="anybody"
[10/Feb/2010:18:17:59][http-9545-Processor24]: evaluating expressions: user="anybody"
[10/Feb/2010:18:17:59][http-9545-Processor24]: evaluated expression: user="anybody" to be true
[10/Feb/2010:18:17:59][http-9545-Processor24]: DirAclAuthz: authorization passed
[10/Feb/2010:18:17:59][http-9545-Processor24]: SignedAuditEventFactory: create() message=[AuditEvent=AUTHZ_SUCCESS][SubjectID=$NonRoleUser$][Outcome=Success][aclResource=certServer.admin.certificate][Op=import] authorization success
[10/Feb/2010:18:17:59][http-9545-Processor24]: getConn: mNumConns now 2
[10/Feb/2010:18:17:59][http-9545-Processor24]: returnConn: mNumConns now 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: SignedAuditEventFactory: create() message=[AuditEvent=ROLE_ASSUME][SubjectID=$NonRoleUser$][Outcome=Success][Role=<null>] assume privileged role
[10/Feb/2010:18:17:59][http-9545-Processor24]: getConn: mNumConns now 2
[10/Feb/2010:18:17:59][http-9545-Processor24]: returnConn: mNumConns now 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet: curDate=Wed Feb 10 18:17:59 CST 2010 id=caGetAdminBySerial time=51
[10/Feb/2010:18:17:59][http-9545-Processor24]: com.netscape.cms.servlet.filter.AgentRequestFilter: Use HTTPS port '9543' instead of '9545' when performing Agent tasks!
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: process
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet:service() uri = /ca/admin/console/config/wizard
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service() param name='p' value='17'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service() param name='caHost' value='FQDN'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service() param name='serialNumber' value='1'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service() param name='pkcs7' value='PKCS7-VALUExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service() param name='op' value='next'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service() param name='caPort' value='9545'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: op=next
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: size=19
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: in next 17
[10/Feb/2010:18:18:01][http-9545-Processor24]: ImportAdminCertPanel update: Root CA subsystem - (new Security Domain)
[10/Feb/2010:18:18:01][http-9545-Processor24]: getConn: mNumConns now 2
[10/Feb/2010:18:18:01][http-9545-Processor24]: returnConn: mNumConns now 3
[10/Feb/2010:18:18:01][http-9545-Processor24]: getConn: mNumConns now 2
[10/Feb/2010:18:18:01][http-9545-Processor24]: returnConn: mNumConns now 3
[10/Feb/2010:18:18:01][http-9545-Processor24]: ImportAdminCertPanel update: failed to add certificate. Exception: java.lang.NullPointerException
[10/Feb/2010:18:18:01][http-9545-Processor24]: panel no=17
[10/Feb/2010:18:18:01][http-9545-Processor24]: panel name=importadmincert
[10/Feb/2010:18:18:01][http-9545-Processor24]: total number of panels=19
Any idea how to resolve this issue?
Regards,
Erwin