On Wed, Feb 10, 2010 at 7:22 PM, Marc Sauton <msauton@redhat.com> wrote:

looks like there are several different errors and different time stamps.
In the first log provided, watch out for

[10/Feb/2010:18:17:59][http-9545-Processor24]: com.netscape.cms.servlet.filter.AgentRequestFilter: Use HTTPS port '9543' instead of '9545' when performing Agent tasks!
Use the admin secure port to reach the web configuration wizard, like shown from the service pki-ca1status command after a pkicreate (or by the pkicreate command itself).
M.

On 02/10/2010 04:53 PM, Erwin Himawan wrote:
Here is the output of /var/log/pki-ca1/catalina.out

DAP operation failure - cn=2,ou=ca,ou=requests,dc=FQDN-pki-ca1 netscape.ldap.LDAPException: error result (68)
http-9545-Processor19: log level: {0} is invalid, should be 0-6

Here is the output of /var/log/pki-ca1/system

6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [3] Servlet caGetAdminBySerial: Error getting certRecord for serialNo 0x2. Error LDAP operation failure - cn=2,ou=certificateRepository, ou=ca, dc=FQDN-pki-ca1 netscape.ldap.LDAPException: error result (32); matchedDN = ou=certificaterepository,ou=ca,dc=FQDN-pki-ca1.
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [3] Servlet caGetAdminBySerial: Certificate Serial Number 2 not found
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [20] CMSgateway:Could not load template /var/lib/pki-ca1/webapps/ca/admin/GenError.template error java.io.FileNotFoundException: /var/lib/pki-ca1/webapps/ca/admin/GenError.template (No such file or directory).
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [3] Servlet caGetAdminBySerial: Error outputting template /admin/GenError.template . Error encountered while loading output template..

[10/Feb/2010:18:47:18][http-9545-Processor19]: getConn: mNumConns now 2
[10/Feb/2010:18:47:18][http-9545-Processor19]: returnConn: mNumConns now 3
[10/Feb/2010:18:47:18][http-9545-Processor19]: SignedAuditEventFactory: create() message=[AuditEvent=ROLE_ASSUME][SubjectID=$NonRoleUser$][Outcome=Success][Role=<null>] assume privileged role

[10/Feb/2010:18:47:18][http-9545-Processor19]: getConn: mNumConns now 2
[10/Feb/2010:18:47:18][http-9545-Processor19]: returnConn: mNumConns now 3
[10/Feb/2010:18:47:18][http-9545-Processor19]: CMSServlet: curDate=Wed Feb 10 18:47:18 CST 2010 id=caGetAdminBySerial time=20
[10/Feb/2010:18:47:19][http-9545-Processor19]: com.netscape.cms.servlet.filter.AgentRequestFilter: Use HTTPS port '9543' instead of '9545' when performing Agent tasks!

On Wed, Feb 10, 2010 at 6:36 PM, Erwin Himawan <ehimawan@gmail.com> wrote:

Hi All,

First of all, thanks for the help of the pki-users to get me through.

Here is the last step of my pki-ca configuration.
I am in the "Import Administrator Certificate"
When I clicked "next", I got this error: java.lang.NullPointerException

Here is some output from the /var/log/pki-ca1/debug:

[10/Feb/2010:18:17:59][http-9545-Processor24]: increasing minimum connections by 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: new total available connections 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: new number of connections 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: getNextPanel input p=16
[10/Feb/2010:18:17:59][http-9545-Processor24]: getNextPanel output p=17
[10/Feb/2010:18:17:59][http-9545-Processor24]: ImportAdminCertPanel: display
[10/Feb/2010:18:17:59][http-9545-Processor24]: panel no=17
[10/Feb/2010:18:17:59][http-9545-Processor24]: panel name=importadmincert
[10/Feb/2010:18:17:59][http-9545-Processor24]: total number of panels=19
[10/Feb/2010:18:17:59][http-9545-Processor24]: according to ccMode, authorization for servlet: caGetAdminBySerial is LDAP based, not XML {1}, use default authz mgr: {2}.
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet:service() uri = /ca/admin/ca/getBySerial
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet::service() param name='serialNumber' value='1'
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet::service() param name='browser' value='netscape'
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet::service() param name='importCert' value='true'
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet: caGetAdminBySerial start to service.
[10/Feb/2010:18:17:59][http-9545-Processor24]: IP: 10.7.20.82
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet: no authMgrName
[10/Feb/2010:18:17:59][http-9545-Processor24]: checkACLS(): ACLEntry expressions= user="anybody"
[10/Feb/2010:18:17:59][http-9545-Processor24]: evaluating expressions: user="anybody"
[10/Feb/2010:18:17:59][http-9545-Processor24]: evaluated expression: user="anybody" to be true
[10/Feb/2010:18:17:59][http-9545-Processor24]: DirAclAuthz: authorization passed
[10/Feb/2010:18:17:59][http-9545-Processor24]: SignedAuditEventFactory: create() message=[AuditEvent=AUTHZ_SUCCESS][SubjectID=$NonRoleUser$][Outcome=Success][aclResource=certServer.admin.certificate][Op=import] authorization success

[10/Feb/2010:18:17:59][http-9545-Processor24]: getConn: mNumConns now 2
[10/Feb/2010:18:17:59][http-9545-Processor24]: returnConn: mNumConns now 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: SignedAuditEventFactory: create() message=[AuditEvent=ROLE_ASSUME][SubjectID=$NonRoleUser$][Outcome=Success][Role=<null>] assume privileged role

[10/Feb/2010:18:17:59][http-9545-Processor24]: getConn: mNumConns now 2
[10/Feb/2010:18:17:59][http-9545-Processor24]: returnConn: mNumConns now 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet: curDate=Wed Feb 10 18:17:59 CST 2010 id=caGetAdminBySerial time=51
[10/Feb/2010:18:17:59][http-9545-Processor24]: com.netscape.cms.servlet.filter.AgentRequestFilter: Use HTTPS port '9543' instead of '9545' when performing Agent tasks!
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: process
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet:service() uri = /ca/admin/console/config/wizard
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service() param name='p' value='17'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service() param name='caHost' value='FQDN'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service() param name='serialNumber' value='1'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service() param name='pkcs7' value='PKCS7-VALUExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service() param name='op' value='next'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service() param name='caPort' value='9545'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: op=next
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: size=19
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: in next 17
[10/Feb/2010:18:18:01][http-9545-Processor24]: ImportAdminCertPanel update: Root CA subsystem - (new Security Domain)
[10/Feb/2010:18:18:01][http-9545-Processor24]: getConn: mNumConns now 2
[10/Feb/2010:18:18:01][http-9545-Processor24]: returnConn: mNumConns now 3
[10/Feb/2010:18:18:01][http-9545-Processor24]: getConn: mNumConns now 2
[10/Feb/2010:18:18:01][http-9545-Processor24]: returnConn: mNumConns now 3
[10/Feb/2010:18:18:01][http-9545-Processor24]: ImportAdminCertPanel update: failed to add certificate. Exception: java.lang.NullPointerException
[10/Feb/2010:18:18:01][http-9545-Processor24]: panel no=17
[10/Feb/2010:18:18:01][http-9545-Processor24]: panel name=importadmincert
[10/Feb/2010:18:18:01][http-9545-Processor24]: total number of panels=19

Any idea how to resolve this issue?

Regards,
Erwin
_______________________________________________
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
  