Hello,<br><br>in the meantime i got it working. The problem was the master CA setup: after instantating the ca the certs have been replaced by the certs from another instance - but the entires clone*.<a href="http://privkey.id">privkey.id</a> had not been updated.<br>
<br>After recognizing this I only had to match the (unsigned) output of certutil -K with the (signed) params in CS.cfg. I did this by inserting some &quot;System.out.println&quot; into com.netscape.cmsutil.crypto.CryptoUtil  findPrivateKeyFromID() and patching the new .class-File into the .jar-file. Watching the catalina.out while trying to clone the ca gave then all needed infos.<br>
<br>Another fresh install after that completed without problems. <br><br clear="all">Yours,<br><br>Alexander Jung<br>
<br>