I'd turn SELinux off or set it permissive mode and give it another try
Sean
This message and/or attachments may include information subject to GDC4S
O.M. 1.8.6 and GD Corporate Policy 07-105 and are intended to be
accessed only by authorized recipients. Use, storage and transmission
are governed by General Dynamics and its policies. Contractual
restrictions apply to third parties. Recipients should refer to the
policies or contract to determine proper handling. Unauthorized review,
use, disclosure or distribution is prohibited. If you are not an
intended recipient, please contact the sender and destroy all copies of
the original message.
-----Original Message-----
From: pki-users-bounces(a)redhat.com [mailto:pki-users-bounces@redhat.com]
On Behalf Of James "Jim" Kinney
Sent: Tuesday, September 28, 2010 5:34 PM
To: pki-users(a)redhat.com
Subject: Re: [Pki-users] pki-ra Authentication error
additional data from the pki-ra/error log (with some cruft snipped out):
[Tue Sep 28 16:23:31 2010] [notice] SELinux policy enabled; httpd
running as context unconfined_u:system_r:pki_ra_t:s0
[Tue Sep 28 16:23:31 2010] [info] Initializing SSL Session Cache of size
10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400.
[Tue Sep 28 16:23:31 2010] [info] Init: Initializing (virtual) servers
for SSL
[Tue Sep 28 16:23:31 2010] [info] Configuring server for SSL protocol
[Tue Sep 28 16:23:31 2010] [error] Unknown cipher
ecdhe_ecdsa_aes_256_sha
[Tue Sep 28 16:23:31 2010] [info] Using nickname Server-Cert
cert-pki-ra.
[Tue Sep 28 16:23:31 2010] [info] Configuring server for SSL protocol
[Tue Sep 28 16:23:31 2010] [error] Unknown cipher
ecdhe_ecdsa_aes_256_sha
[Tue Sep 28 16:23:31 2010] [info] Using nickname Server-Cert
cert-pki-ra.
[Tue Sep 28 16:23:31 2010] [info] Server: Apache/2.2.14, Interface:
mod_nss/2.2.14, Library: NSS/3.12.6.2
[Tue Sep 28 16:23:31 2010] [info] Shutting down SSL Session ID Cache
[Tue Sep 28 16:23:32 2010] [info] Initializing SSL Session Cache of size
10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400.
[Tue Sep 28 16:23:32 2010] [info] Server: Apache/2.2.14, Interface:
mod_nss/2.2.14, Library: NSS/3.12.6.2
[Tue Sep 28 16:23:32 2010] [warn] pid file
/var/lib/pki-ra/run/pki-ra.pid overwritten -- Unclean shutdown of
previous Apache run?
[Tue Sep 28 16:23:32 2010] [notice] Apache/2.2.15 (Unix) mod_nss/2.2.14
NSS/3.12.6.2 mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal
operations
[Tue Sep 28 16:23:32 2010] [info] Server built: Apr 10 2010 15:21:49
[Tue Sep 28 16:23:32 2010] [debug] worker.c(1757): AcceptMutex: sysvsem
(default: sysvsem)
[Tue Sep 28 16:23:32 2010] [info] Configuring server for SSL protocol
[Tue Sep 28 16:23:32 2010] [error] Unknown cipher
ecdhe_ecdsa_aes_256_sha
[Tue Sep 28 16:23:32 2010] [info] Using nickname Server-Cert
cert-pki-ra.
[Tue Sep 28 16:23:32 2010] [info] Configuring server for SSL protocol
[Tue Sep 28 16:23:32 2010] [error] Unknown cipher
ecdhe_ecdsa_aes_256_sha
[Tue Sep 28 16:23:32 2010] [info] Using nickname Server-Cert
cert-pki-ra.
[Tue Sep 28 16:23:50 2010] [info] SSL input filter read failed.
[Tue Sep 28 16:23:50 2010] [error] SSL Library Error: -12271 SSL client
cannot verify your certificate
GET /ca/admin/ca/getStatus HTTP/1.0
port: 9445
addr='my.host.name'
family='10'
PR_Write wrote 39 bytes from bigBuf
bytes: [GET /ca/admin/ca/getStatus HTTP/1.0
]
do_writes shutting down send socket
do_writes exiting with (failure = 0)
connection 1 read 249 bytes (249 total).
these bytes read:
connection 1 read 249 bytes total. -----------------------------
GET /ca/admin/ca/getStatus HTTP/1.0
port: 9445
addr='my.host.name'
family='10'
PR_Write wrote 39 bytes from bigBuf
bytes: [GET /ca/admin/ca/getStatus HTTP/1.0
]
do_writes shutting down send socket
do_writes exiting with (failure = 0)
connection 1 read 249 bytes (249 total).
these bytes read:
connection 1 read 249 bytes total. -----------------------------
GET /ca/admin/ca/getCertChain HTTP/1.0
port: 9445
addr='my.host.name'
family='10'
PR_Write wrote 42 bytes from bigBuf
bytes: [GET /ca/admin/ca/getCertChain HTTP/1.0
]
do_writes shutting down send socket
do_writes exiting with (failure = 0)
connection 1 read 1637 bytes (1637 total).
these bytes read:
connection 1 read 1637 bytes total. -----------------------------
certutil: function failed: security library: bad database.
GET /ca/admin/ca/getDomainXML HTTP/1.0
port: 9445
addr='my.host.name'
family='10'
-- SSL3: Server Certificate Validated.
PR_Write wrote 42 bytes from bigBuf
bytes: [GET /ca/admin/ca/getDomainXML HTTP/1.0
]
do_writes shutting down send socket
do_writes exiting with (failure = 0)
connection 1 read 2147 bytes (2147 total).
these bytes read:
connection 1 read 2147 bytes total. -----------------------------
[Tue Sep 28 16:24:29 2010] -e: Use of uninitialized value $host in
string eq at /var/lib/pki-ra/lib/perl/PKI/RA/SubsystemTypePanel.pm line
122.
[Tue Sep 28 16:24:33 2010] -e: Use of uninitialized value $host in
string eq at /var/lib/pki-ra/lib/perl/PKI/RA/CAInfoPanel.pm line 186.
GET /ca/ee/ca/getCertChain HTTP/1.0
port: 9444
addr='my.host.name'
family='10'
-- SSL3: Server Certificate Validated.
PR_Write wrote 39 bytes from bigBuf
bytes: [GET /ca/ee/ca/getCertChain HTTP/1.0
]
do_writes shutting down send socket
do_writes exiting with (failure = 0)
connection 1 read 1637 bytes (1637 total).
these bytes read:
connection 1 read 1637 bytes total. -----------------------------
certutil: could not find certificate named "Trusted CA c2cert0":
security library: bad database.
[Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $pwd in string
ne at /var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 148.
[Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $pwd in string
ne at /var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 148.
[Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $file in
concatenation (.) or string at
/var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 214.
[Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $name in
concatenation (.) or string at
/var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 231.
[Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $file in
concatenation (.) or string at
/var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 214.
[Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $name in
concatenation (.) or string at
/var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 231.
[Tue Sep 28 16:24:47 2010] -e: Use of uninitialized value $done in
concatenation (.) or string at
/var/lib/pki-ra/lib/perl/PKI/RA/SizePanel.pm line 172.
[Tue Sep 28 16:24:47 2010] -e: Use of uninitialized value $done in
string eq at /var/lib/pki-ra/lib/perl/PKI/RA/SizePanel.pm line 173.
[Tue Sep 28 16:24:53 2010] -e: Use of uninitialized value $genKeyPair in
concatenation (.) or string at
/var/lib/pki-ra/lib/perl/PKI/RA/SizePanel.pm line 80.
[Tue Sep 28 16:24:53 2010] -e: Use of uninitialized value $done in
string eq at /var/lib/pki-ra/lib/perl/PKI/RA/SizePanel.pm line 81.
[Tue Sep 28 16:24:54 2010] -e: Use of uninitialized value $host in
string eq at /var/lib/pki-ra/lib/perl/PKI/RA/NamePanel.pm line 480.
rm: cannot remove `/var/lib/pki-ra/conf/sslserver_cert.txt': No such
file or directory
256+0 records in
256+0 records out
256 bytes (256 B) copied, 0.00106719 s, 240 kB/s
Generating key. This may take a few moments...
POST /ca/ee/ca/profileSubmit HTTP/1.0
Content-Length: 1171
Content-Type: application/x-www-form-urlencoded
profileId=caInternalAuthServerCert&cert_request_type=pkcs10&requestor_na
me=RA-my.host.name-12889&cert_request=bigsnip&xmlOutput=true&sessionID=9
216515598699103255&auth_hostname=my.host.name&auth_port=9444port:
9444
addr='sis-jpk-vm22.stl.gtri.gatech.edu'
family='10'
-- SSL3: Server Certificate Validated.
PR_Write wrote 1283 bytes from bigBuf
bytes: [POST /ca/ee/ca/profileSubmit HTTP/1.0
Content-Length: 1171
Content-Type: application/x-www-form-urlencoded
profileId=caInternalAuthServerCert&cert_request_type=pkcs10&requestor_na
me=RA-sis-jpk-vm22.stl.gtri.gatech.edu-12889&cert_request=bigsnip&xmlOut
put=true&sessionID=9216515598699103255&auth_hostname=my.host.name&auth_p
ort=9444]
do_writes shutting down send socket
do_writes exiting with (failure = 0)
connection 1 read 272 bytes (272 total).
these bytes read:
connection 1 read 272 bytes total. -----------------------------
[Tue Sep 28 16:25:12 2010] -e: Use of uninitialized value $host in
string eq at /var/lib/pki-ra/lib/perl/PKI/RA/NamePanel.pm line 480.
--
James "Jim" Kinney
(404) 407-7967
GTRI
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users