5:46 a.m.
Hello list memebers,
I have been trying to get Dogtag 10.0.2 on fc18 running but
pkispawn concludes with Installation Failed.
Here is what I see:
pkispawn -s CA -f /home/pkiadmin/CA.cfg
Loading deployment configuration from /home/pkiadmin/CA.cfg.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-
tomcat/ca/deployment.cfg.
Installation failed.
The interactive pkispawn was also tried but this gives the same
fail results.
In /var/log/pki/pki-tomcat/ca/system I see the following:
6650.localhost-startStop-1 - [05/May/2013:10:33:53 CEST] [3] [3]
Cannot build CA chain. Error
java.security.cert.CertificateException: Certificate is not a
PKCS#11 certificate
6650.localhost-startStop-1 - [05/May/2013:10:33:53 CEST] [13] [3]
authz instance DirAclAuthz initialization failed and skipped,
error=Property internaldb.ldapconn.port missing value
In /var/log/pki/pki-tomcat/catalina.out I see the above 2 errors
preceded by CMS WARNING: FAILURE:
In /etc/pki/default.cfg I put pki_ds_hostname=hostname and made
sure the pki_ds_port was correct. Oh yes, the remote DS389 was
running and accessible.
When I look at services there is a pki-tomcatd@pki-tomcat running
and I can restart it without problems. I can alo get to the "End
USer Services" page on 8080. None of the other ports connect.
Thanks in advance.
9:25 a.m.
On Sun, 2013-05-05 at 12:46 +0200, pkiadmin(a)nym.hush.com wrote:
Hello list memebers,
I have been trying to get Dogtag 10.0.2 on fc18 running but
pkispawn concludes with Installation Failed.
Here is what I see:
pkispawn -s CA -f /home/pkiadmin/CA.cfg
Loading deployment configuration from /home/pkiadmin/CA.cfg.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-
tomcat/ca/deployment.cfg.
Installation failed.
The interactive pkispawn was also tried but this gives the same
fail results.
In /var/log/pki/pki-tomcat/ca/system I see the following:
6650.localhost-startStop-1 - [05/May/2013:10:33:53 CEST] [3] [3]
Cannot build CA chain. Error
java.security.cert.CertificateException: Certificate is not a
PKCS#11 certificate
6650.localhost-startStop-1 - [05/May/2013:10:33:53 CEST] [13] [3]
authz instance DirAclAuthz initialization failed and skipped,
error=Property internaldb.ldapconn.port missing value
In /var/log/pki/pki-tomcat/catalina.out I see the above 2 errors
preceded by CMS WARNING: FAILURE:
The errors above are benign, in that they always occur on a new
installation.
In /etc/pki/default.cfg I put pki_ds_hostname=hostname and made
sure the pki_ds_port was correct. Oh yes, the remote DS389 was
running and accessible.
OK, so /etc/pki/default.cfg is not supposed to be edited. Instead, a
brand new file is supposed to be created with the relevant overrides.
This is because default.cfg can be overwritten in updates to pki-server.
Its hard to tell what is going on based on what you have described.
Please provide the following:
rpm -q pki-server
rpm -qa |grep pki
getenforce
cat /etc/redhat-release
latest installation log in /var/log/pki/pkispawn-*
logs in /var/log/pki/pki-tomcat
You might also want to re-do the installation with the -vvv option so
that there is much more debug output. Make sure to pkidestroy the old
instance.
When I look at services there is a pki-tomcatd@pki-tomcat running
and I can restart it without problems. I can alo get to the "End
USer Services" page on 8080. None of the other ports connect.
Thanks in advance.
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
4247
days inactive
4248
days old
1 comments
2 participants
participants (2)
-
Ade Lee -
pkiadmin@nym.hush.com