4:21 a.m.
Hello,
i have propblems cloning an CA. The import of the keys failed.
First when adding the filename the servlet every time adds the path
"/usr/lib/<instance-name>/alias. I put the PKCS12 file directy in the
alias-directory and changed the owner to pkiuser, the i get an error "missing
permissions". in debug-log:
[09/Oct/2009:15:55:04][http-9445-Processor22]: panel no=5
[09/Oct/2009:15:55:04][http-9445-Processor22]: panel name=restorekeys
[09/Oct/2009:15:55:04][http-9445-Processor22]: total number of panels=19
[09/Oct/2009:15:55:25][http-9445-Processor24]: WizardServlet: process
[09/Oct/2009:15:55:25][http-9445-Processor24]: WizardServlet:service() uri =
/ca/admin/console/config/wizard
[09/Oct/2009:15:55:25][http-9445-Processor24]: WizardServlet::service() param
name='__password' value='(sensitive)'
[09/Oct/2009:15:55:25][http-9445-Processor24]: WizardServlet::service() param
name='path' value='master.p12'
[09/Oct/2009:15:55:25][http-9445-Processor24]: WizardServlet::service() param
name='p' value='5'
[09/Oct/2009:15:55:25][http-9445-Processor24]: WizardServlet::service() param
name='op' value='next'
[09/Oct/2009:15:55:25][http-9445-Processor24]: WizardServlet: op=next
[09/Oct/2009:15:55:25][http-9445-Processor24]: WizardServlet: size=19
[09/Oct/2009:15:55:25][http-9445-Processor24]: WizardServlet: in next 5
[09/Oct/2009:15:55:25][http-9445-Processor24]: panel no=5
What is going wron
Kind regards,
Klaus Heyden
E-Mail Klaus.Heyden@Allianz.com<mailto:Klaus.Heyden@Allianz.com>
4:43 a.m.
Heyden, Klaus (Allianz ASIC SE) wrote:
Hello,
i have propblems cloning an CA. The import of the keys failed.
First when adding the filename the servlet every time adds the path
"/usr/lib/<instance-name>/alias. I put the PKCS12 file directy in the
alias-directory and changed the owner to pkiuser, the i get an error
"missing permissions". in debug-log:
[09/Oct/2009:15:55:04][http-9445-Processor22]: panel no=5
[09/Oct/2009:15:55:04][http-9445-Processor22]: panel name=restorekeys
[09/Oct/2009:15:55:04][http-9445-Processor22]: total number of panels=19
[09/Oct/2009:15:55:25][http-9445-Processor24]: WizardServlet: process
[09/Oct/2009:15:55:25][http-9445-Processor24]: WizardServlet:service()
uri = /ca/admin/console/config/wizard
[09/Oct/2009:15:55:25][http-9445-Processor24]: WizardServlet::service()
param name='__password' value='(sensitive)'
[09/Oct/2009:15:55:25][http-9445-Processor24]: WizardServlet::service()
param name='path' value='master.p12'
[09/Oct/2009:15:55:25][http-9445-Processor24]: WizardServlet::service()
param name='p' value='5'
[09/Oct/2009:15:55:25][http-9445-Processor24]: WizardServlet::service()
param name='op' value='next'
[09/Oct/2009:15:55:25][http-9445-Processor24]: WizardServlet: op=next
[09/Oct/2009:15:55:25][http-9445-Processor24]: WizardServlet: size=19
[09/Oct/2009:15:55:25][http-9445-Processor24]: WizardServlet: in next 5
[09/Oct/2009:15:55:25][http-9445-Processor24]: panel no=5
What is going wron
Hi,
can you try as below?
-- create a new slapd(directory) instance for clone-CA (note the new directory server
port)
-- create a new CA instance (for clone)
-- use the PKCS12Export utility the certificates from Master CA and copy it to clone alias
directory ( *before* you start configuring the clone CA instance)
-- chown pkiuser:pkiuser cacerts.p12
-- /now/ , start configuring the clone CA instance
-- Join an "existing" security domain(the master CA domain)
-- At the "Internal Database" , enter the Fully Qualified Domain Name(instead of
localhost) of Clone CA and appropriate port no.
-- Just enter the cacerts.p12 file name when "Path where the pk12 files are
located" is
prompted for the clone CA ( /do not/ mention the complete file path)
-- Enter the rest of the details and see if you're able to proceed with clone CA
instance.
what version of certificate system are you trying to use?
hope that helps,
/kashyap
Kind regards,
Klaus Heyden
E-Mail Klaus.Heyden(a)Allianz.com <mailto:Klaus.Heyden@Allianz.com>
------------------------------------------------------------------------
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
5548
days inactive
5548
days old
1 comments
2 participants
participants (2)
-
Heyden, Klaus (Allianz ASIC SE) -
kashyap chamarthy