6:36 p.m.
Hi All,
First of all, thanks for the help of the pki-users to get me through.
Here is the last step of my pki-ca configuration.
I am in the "Import Administrator Certificate"
When I clicked "next", I got this error: java.lang.NullPointerException
Here is some output from the /var/log/pki-ca1/debug:
[10/Feb/2010:18:17:59][http-9545-Processor24]: increasing minimum
connections by 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: new total available
connections 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: new number of connections 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: getNextPanel input p=16
[10/Feb/2010:18:17:59][http-9545-Processor24]: getNextPanel output p=17
[10/Feb/2010:18:17:59][http-9545-Processor24]: ImportAdminCertPanel: display
[10/Feb/2010:18:17:59][http-9545-Processor24]: panel no=17
[10/Feb/2010:18:17:59][http-9545-Processor24]: panel name=importadmincert
[10/Feb/2010:18:17:59][http-9545-Processor24]: total number of panels=19
[10/Feb/2010:18:17:59][http-9545-Processor24]: according to ccMode,
authorization for servlet: caGetAdminBySerial is LDAP based, not XML {1},
use default authz mgr: {2}.
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet:service() uri =
/ca/admin/ca/getBySerial
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet::service() param
name='serialNumber' value='1'
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet::service() param
name='browser' value='netscape'
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet::service() param
name='importCert' value='true'
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet:
caGetAdminBySerial start to service.
[10/Feb/2010:18:17:59][http-9545-Processor24]: IP: 10.7.20.82
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet: no authMgrName
[10/Feb/2010:18:17:59][http-9545-Processor24]: checkACLS(): ACLEntry
expressions= user="anybody"
[10/Feb/2010:18:17:59][http-9545-Processor24]: evaluating expressions:
user="anybody"
[10/Feb/2010:18:17:59][http-9545-Processor24]: evaluated expression:
user="anybody" to be true
[10/Feb/2010:18:17:59][http-9545-Processor24]: DirAclAuthz: authorization
passed
[10/Feb/2010:18:17:59][http-9545-Processor24]: SignedAuditEventFactory:
create()
message=[AuditEvent=AUTHZ_SUCCESS][SubjectID=$NonRoleUser$][Outcome=Success][aclResource=certServer.admin.certificate][Op=import]
authorization success
[10/Feb/2010:18:17:59][http-9545-Processor24]: getConn: mNumConns now 2
[10/Feb/2010:18:17:59][http-9545-Processor24]: returnConn: mNumConns now 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: SignedAuditEventFactory:
create()
message=[AuditEvent=ROLE_ASSUME][SubjectID=$NonRoleUser$][Outcome=Success][Role=<null>]
assume privileged role
[10/Feb/2010:18:17:59][http-9545-Processor24]: getConn: mNumConns now 2
[10/Feb/2010:18:17:59][http-9545-Processor24]: returnConn: mNumConns now 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet: curDate=Wed Feb
10 18:17:59 CST 2010 id=caGetAdminBySerial time=51
[10/Feb/2010:18:17:59][http-9545-Processor24]:
com.netscape.cms.servlet.filter.AgentRequestFilter: Use HTTPS port '9543'
instead of '9545' when performing Agent tasks!
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: process
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet:service() uri =
/ca/admin/console/config/wizard
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service()
param name='p' value='17'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service()
param name='caHost' value='FQDN'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service()
param name='serialNumber' value='1'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service()
param name='pkcs7' value='PKCS7-VALUExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service()
param name='op' value='next'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service()
param name='caPort' value='9545'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: op=next
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: size=19
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: in next 17
[10/Feb/2010:18:18:01][http-9545-Processor24]: ImportAdminCertPanel update:
Root CA subsystem - (new Security Domain)
[10/Feb/2010:18:18:01][http-9545-Processor24]: getConn: mNumConns now 2
[10/Feb/2010:18:18:01][http-9545-Processor24]: returnConn: mNumConns now 3
[10/Feb/2010:18:18:01][http-9545-Processor24]: getConn: mNumConns now 2
[10/Feb/2010:18:18:01][http-9545-Processor24]: returnConn: mNumConns now 3
[10/Feb/2010:18:18:01][http-9545-Processor24]: ImportAdminCertPanel update:
failed to add certificate. Exception: java.lang.NullPointerException
[10/Feb/2010:18:18:01][http-9545-Processor24]: panel no=17
[10/Feb/2010:18:18:01][http-9545-Processor24]: panel name=importadmincert
[10/Feb/2010:18:18:01][http-9545-Processor24]: total number of panels=19
Any idea how to resolve this issue?
Regards,
Erwin
6:53 p.m.
Here is the output of /var/log/pki-ca1/catalina.out
DAP operation failure - cn=2,ou=ca,ou=requests,dc=FQDN-pki-ca1
netscape.ldap.LDAPException: error result (68)
http-9545-Processor19: log level: {0} is invalid, should be 0-6
Here is the output of /var/log/pki-ca1/system
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [3] Servlet
caGetAdminBySerial: Error getting certRecord for serialNo 0x2. Error LDAP
operation failure - cn=2,ou=certificateRepository, ou=ca, dc=FQDN-pki-ca1
netscape.ldap.LDAPException: error result (32); matchedDN =
ou=certificaterepository,ou=ca,dc=FQDN-pki-ca1.
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [3] Servlet
caGetAdminBySerial: Certificate Serial Number 2 not found
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [20]
CMSgateway:Could not load template
/var/lib/pki-ca1/webapps/ca/admin/GenError.template error
java.io.FileNotFoundException:
/var/lib/pki-ca1/webapps/ca/admin/GenError.template (No such file or
directory).
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [3] Servlet
caGetAdminBySerial: Error outputting template /admin/GenError.template .
Error encountered while loading output template..
[10/Feb/2010:18:47:18][http-9545-Processor19]: getConn: mNumConns now 2
[10/Feb/2010:18:47:18][http-9545-Processor19]: returnConn: mNumConns now 3
[10/Feb/2010:18:47:18][http-9545-Processor19]: SignedAuditEventFactory:
create()
message=[AuditEvent=ROLE_ASSUME][SubjectID=$NonRoleUser$][Outcome=Success][Role=<null>]
assume privileged role
[10/Feb/2010:18:47:18][http-9545-Processor19]: getConn: mNumConns now 2
[10/Feb/2010:18:47:18][http-9545-Processor19]: returnConn: mNumConns now 3
[10/Feb/2010:18:47:18][http-9545-Processor19]: CMSServlet: curDate=Wed Feb
10 18:47:18 CST 2010 id=caGetAdminBySerial time=20
[10/Feb/2010:18:47:19][http-9545-Processor19]:
com.netscape.cms.servlet.filter.AgentRequestFilter: Use HTTPS port '9543'
instead of '9545' when performing Agent tasks!
On Wed, Feb 10, 2010 at 6:36 PM, Erwin Himawan <ehimawan(a)gmail.com> wrote:
Hi All,
First of all, thanks for the help of the pki-users to get me through.
Here is the last step of my pki-ca configuration.
I am in the "Import Administrator Certificate"
When I clicked "next", I got this error: java.lang.NullPointerException
Here is some output from the /var/log/pki-ca1/debug:
[10/Feb/2010:18:17:59][http-9545-Processor24]: increasing minimum
connections by 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: new total available
connections 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: new number of connections 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: getNextPanel input p=16
[10/Feb/2010:18:17:59][http-9545-Processor24]: getNextPanel output p=17
[10/Feb/2010:18:17:59][http-9545-Processor24]: ImportAdminCertPanel:
display
[10/Feb/2010:18:17:59][http-9545-Processor24]: panel no=17
[10/Feb/2010:18:17:59][http-9545-Processor24]: panel name=importadmincert
[10/Feb/2010:18:17:59][http-9545-Processor24]: total number of panels=19
[10/Feb/2010:18:17:59][http-9545-Processor24]: according to ccMode,
authorization for servlet: caGetAdminBySerial is LDAP based, not XML {1},
use default authz mgr: {2}.
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet:service() uri =
/ca/admin/ca/getBySerial
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet::service() param
name='serialNumber' value='1'
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet::service() param
name='browser' value='netscape'
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet::service() param
name='importCert' value='true'
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet:
caGetAdminBySerial start to service.
[10/Feb/2010:18:17:59][http-9545-Processor24]: IP: 10.7.20.82
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet: no authMgrName
[10/Feb/2010:18:17:59][http-9545-Processor24]: checkACLS(): ACLEntry
expressions= user="anybody"
[10/Feb/2010:18:17:59][http-9545-Processor24]: evaluating expressions:
user="anybody"
[10/Feb/2010:18:17:59][http-9545-Processor24]: evaluated expression:
user="anybody" to be true
[10/Feb/2010:18:17:59][http-9545-Processor24]: DirAclAuthz: authorization
passed
[10/Feb/2010:18:17:59][http-9545-Processor24]: SignedAuditEventFactory:
create()
message=[AuditEvent=AUTHZ_SUCCESS][SubjectID=$NonRoleUser$][Outcome=Success][aclResource=certServer.admin.certificate][Op=import]
authorization success
[10/Feb/2010:18:17:59][http-9545-Processor24]: getConn: mNumConns now 2
[10/Feb/2010:18:17:59][http-9545-Processor24]: returnConn: mNumConns now 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: SignedAuditEventFactory:
create()
message=[AuditEvent=ROLE_ASSUME][SubjectID=$NonRoleUser$][Outcome=Success][Role=<null>]
assume privileged role
[10/Feb/2010:18:17:59][http-9545-Processor24]: getConn: mNumConns now 2
[10/Feb/2010:18:17:59][http-9545-Processor24]: returnConn: mNumConns now 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet: curDate=Wed Feb
10 18:17:59 CST 2010 id=caGetAdminBySerial time=51
[10/Feb/2010:18:17:59][http-9545-Processor24]:
com.netscape.cms.servlet.filter.AgentRequestFilter: Use HTTPS port '9543'
instead of '9545' when performing Agent tasks!
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: process
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet:service() uri
= /ca/admin/console/config/wizard
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service()
param name='p' value='17'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service()
param name='caHost' value='FQDN'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service()
param name='serialNumber' value='1'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service()
param name='pkcs7' value='PKCS7-VALUExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service()
param name='op' value='next'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service()
param name='caPort' value='9545'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: op=next
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: size=19
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: in next 17
[10/Feb/2010:18:18:01][http-9545-Processor24]: ImportAdminCertPanel
update: Root CA subsystem - (new Security Domain)
[10/Feb/2010:18:18:01][http-9545-Processor24]: getConn: mNumConns now 2
[10/Feb/2010:18:18:01][http-9545-Processor24]: returnConn: mNumConns now 3
[10/Feb/2010:18:18:01][http-9545-Processor24]: getConn: mNumConns now 2
[10/Feb/2010:18:18:01][http-9545-Processor24]: returnConn: mNumConns now 3
[10/Feb/2010:18:18:01][http-9545-Processor24]: ImportAdminCertPanel update:
failed to add certificate. Exception: java.lang.NullPointerException
[10/Feb/2010:18:18:01][http-9545-Processor24]: panel no=17
[10/Feb/2010:18:18:01][http-9545-Processor24]: panel name=importadmincert
[10/Feb/2010:18:18:01][http-9545-Processor24]: total number of panels=19
Any idea how to resolve this issue?
Regards,
Erwin
7:22 p.m.
looks like there are several different errors and different time stamps.
In the first log provided, watch out for
[10/Feb/2010:18:17:59][http-9545-Processor24]:
com.netscape.cms.servlet.filter.AgentRequestFilter: Use HTTPS port
'9543' instead of '9545' when performing Agent tasks!
Use the admin secure port to reach the web configuration wizard, like
shown from the service pki-ca1status command after a pkicreate (or by
the pkicreate command itself).
M.
On 02/10/2010 04:53 PM, Erwin Himawan wrote:
Here is the output of /var/log/pki-ca1/catalina.out
DAP operation failure - cn=2,ou=ca,ou=requests,dc=FQDN-pki-ca1
netscape.ldap.LDAPException: error result (68)
http-9545-Processor19: log level: {0} is invalid, should be 0-6
Here is the output of /var/log/pki-ca1/system
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [3]
Servlet caGetAdminBySerial: Error getting certRecord for serialNo 0x2.
Error LDAP operation failure - cn=2,ou=certificateRepository, ou=ca,
dc=FQDN-pki-ca1 netscape.ldap.LDAPException: error result (32);
matchedDN = ou=certificaterepository,ou=ca,dc=FQDN-pki-ca1.
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [3]
Servlet caGetAdminBySerial: Certificate Serial Number 2 not found
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [20]
CMSgateway:Could not load template
/var/lib/pki-ca1/webapps/ca/admin/GenError.template error
java.io.FileNotFoundException:
/var/lib/pki-ca1/webapps/ca/admin/GenError.template (No such file or
directory).
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [3]
Servlet caGetAdminBySerial: Error outputting template
/admin/GenError.template . Error encountered while loading output
template..
[10/Feb/2010:18:47:18][http-9545-Processor19]: getConn: mNumConns now 2
[10/Feb/2010:18:47:18][http-9545-Processor19]: returnConn: mNumConns now 3
[10/Feb/2010:18:47:18][http-9545-Processor19]:
SignedAuditEventFactory: create()
message=[AuditEvent=ROLE_ASSUME][SubjectID=$NonRoleUser$][Outcome=Success][Role=<null>]
assume privileged role
[10/Feb/2010:18:47:18][http-9545-Processor19]: getConn: mNumConns now 2
[10/Feb/2010:18:47:18][http-9545-Processor19]: returnConn: mNumConns now 3
[10/Feb/2010:18:47:18][http-9545-Processor19]: CMSServlet: curDate=Wed
Feb 10 18:47:18 CST 2010 id=caGetAdminBySerial time=20
[10/Feb/2010:18:47:19][http-9545-Processor19]:
com.netscape.cms.servlet.filter.AgentRequestFilter: Use HTTPS port
'9543' instead of '9545' when performing Agent tasks!
On Wed, Feb 10, 2010 at 6:36 PM, Erwin Himawan <ehimawan(a)gmail.com
<mailto:ehimawan@gmail.com>> wrote:
Hi All,
First of all, thanks for the help of the pki-users to get me through.
Here is the last step of my pki-ca configuration.
I am in the "Import Administrator Certificate"
When I clicked "next", I got this error:
java.lang.NullPointerException
Here is some output from the /var/log/pki-ca1/debug:
[10/Feb/2010:18:17:59][http-9545-Processor24]: increasing minimum
connections by 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: new total available
connections 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: new number of
connections 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: getNextPanel input p=16
[10/Feb/2010:18:17:59][http-9545-Processor24]: getNextPanel output
p=17
[10/Feb/2010:18:17:59][http-9545-Processor24]:
ImportAdminCertPanel: display
[10/Feb/2010:18:17:59][http-9545-Processor24]: panel no=17
[10/Feb/2010:18:17:59][http-9545-Processor24]: panel
name=importadmincert
[10/Feb/2010:18:17:59][http-9545-Processor24]: total number of
panels=19
[10/Feb/2010:18:17:59][http-9545-Processor24]: according to
ccMode, authorization for servlet: caGetAdminBySerial is LDAP
based, not XML {1}, use default authz mgr: {2}.
[10/Feb/2010:18:17:59][http-9545-Processor24]:
CMSServlet:service() uri = /ca/admin/ca/getBySerial
[10/Feb/2010:18:17:59][http-9545-Processor24]:
CMSServlet::service() param name='serialNumber' value='1'
[10/Feb/2010:18:17:59][http-9545-Processor24]:
CMSServlet::service() param name='browser' value='netscape'
[10/Feb/2010:18:17:59][http-9545-Processor24]:
CMSServlet::service() param name='importCert' value='true'
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet:
caGetAdminBySerial start to service.
[10/Feb/2010:18:17:59][http-9545-Processor24]: IP: 10.7.20.82
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet: no
authMgrName
[10/Feb/2010:18:17:59][http-9545-Processor24]: checkACLS():
ACLEntry expressions= user="anybody"
[10/Feb/2010:18:17:59][http-9545-Processor24]: evaluating
expressions: user="anybody"
[10/Feb/2010:18:17:59][http-9545-Processor24]: evaluated
expression: user="anybody" to be true
[10/Feb/2010:18:17:59][http-9545-Processor24]: DirAclAuthz:
authorization passed
[10/Feb/2010:18:17:59][http-9545-Processor24]:
SignedAuditEventFactory: create()
message=[AuditEvent=AUTHZ_SUCCESS][SubjectID=$NonRoleUser$][Outcome=Success][aclResource=certServer.admin.certificate][Op=import]
authorization success
[10/Feb/2010:18:17:59][http-9545-Processor24]: getConn: mNumConns
now 2
[10/Feb/2010:18:17:59][http-9545-Processor24]: returnConn:
mNumConns now 3
[10/Feb/2010:18:17:59][http-9545-Processor24]:
SignedAuditEventFactory: create()
message=[AuditEvent=ROLE_ASSUME][SubjectID=$NonRoleUser$][Outcome=Success][Role=<null>]
assume privileged role
[10/Feb/2010:18:17:59][http-9545-Processor24]: getConn: mNumConns
now 2
[10/Feb/2010:18:17:59][http-9545-Processor24]: returnConn:
mNumConns now 3
[10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet:
curDate=Wed Feb 10 18:17:59 CST 2010 id=caGetAdminBySerial time=51
[10/Feb/2010:18:17:59][http-9545-Processor24]:
com.netscape.cms.servlet.filter.AgentRequestFilter: Use HTTPS
port '9543' instead of '9545' when performing Agent tasks!
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: process
[10/Feb/2010:18:18:01][http-9545-Processor24]:
WizardServlet:service() uri = /ca/admin/console/config/wizard
[10/Feb/2010:18:18:01][http-9545-Processor24]:
WizardServlet::service() param name='p' value='17'
[10/Feb/2010:18:18:01][http-9545-Processor24]:
WizardServlet::service() param name='caHost' value='FQDN'
[10/Feb/2010:18:18:01][http-9545-Processor24]:
WizardServlet::service() param name='serialNumber' value='1'
[10/Feb/2010:18:18:01][http-9545-Processor24]:
WizardServlet::service() param name='pkcs7'
value='PKCS7-VALUExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
[10/Feb/2010:18:18:01][http-9545-Processor24]:
WizardServlet::service() param name='op' value='next'
[10/Feb/2010:18:18:01][http-9545-Processor24]:
WizardServlet::service() param name='caPort' value='9545'
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: op=next
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: size=19
[10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: in
next 17
[10/Feb/2010:18:18:01][http-9545-Processor24]:
ImportAdminCertPanel update: Root CA subsystem - (new Security
Domain)
[10/Feb/2010:18:18:01][http-9545-Processor24]: getConn: mNumConns
now 2
[10/Feb/2010:18:18:01][http-9545-Processor24]: returnConn:
mNumConns now 3
[10/Feb/2010:18:18:01][http-9545-Processor24]: getConn: mNumConns
now 2
[10/Feb/2010:18:18:01][http-9545-Processor24]: returnConn:
mNumConns now 3
[10/Feb/2010:18:18:01][http-9545-Processor24]:
ImportAdminCertPanel update: failed to add certificate. Exception:
java.lang.NullPointerException
[10/Feb/2010:18:18:01][http-9545-Processor24]: panel no=17
[10/Feb/2010:18:18:01][http-9545-Processor24]: panel
name=importadmincert
[10/Feb/2010:18:18:01][http-9545-Processor24]: total number of
panels=19
Any idea how to resolve this issue?
Regards,
Erwin
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
8:32 p.m.
Marc,
Thanks for your support. I am sorry to confuse you.
For some reasons, I wrongly cut and paste different log files.
Anyway, after I updated all my Dogtag components from version 1.2.0 to
1.3.0, I did not experience any issue in configuring the pki-ca instance.
Is it fair to assume that some of the issue I experienced during 1.2.0
pki-ca configuration might have been resolved in 1.3.0?
I guess, in order to validate my hypothesis, I am willing to perform another
fresh OS and DCS install.
Once again, thanks.
Thanks,
Erwin
On Wed, Feb 10, 2010 at 7:22 PM, Marc Sauton <msauton(a)redhat.com> wrote:
looks like there are several different errors and different time
stamps.
In the first log provided, watch out for
[10/Feb/2010:18:17:59][http-9545-Processor24]:
com.netscape.cms.servlet.filter.AgentRequestFilter: Use HTTPS port '9543'
instead of '9545' when performing Agent tasks!
Use the admin secure port to reach the web configuration wizard, like shown
from the service pki-ca1status command after a pkicreate (or by the
pkicreate command itself).
M.
On 02/10/2010 04:53 PM, Erwin Himawan wrote:
Here is the output of /var/log/pki-ca1/catalina.out
DAP operation failure - cn=2,ou=ca,ou=requests,dc=FQDN-pki-ca1
netscape.ldap.LDAPException: error result (68)
http-9545-Processor19: log level: {0} is invalid, should be 0-6
Here is the output of /var/log/pki-ca1/system
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [3] Servlet
caGetAdminBySerial: Error getting certRecord for serialNo 0x2. Error LDAP
operation failure - cn=2,ou=certificateRepository, ou=ca, dc=FQDN-pki-ca1
netscape.ldap.LDAPException: error result (32); matchedDN =
ou=certificaterepository,ou=ca,dc=FQDN-pki-ca1.
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [3] Servlet
caGetAdminBySerial: Certificate Serial Number 2 not found
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [20]
CMSgateway:Could not load template
/var/lib/pki-ca1/webapps/ca/admin/GenError.template error
java.io.FileNotFoundException:
/var/lib/pki-ca1/webapps/ca/admin/GenError.template (No such file or
directory).
6889.http-9545-Processor19 - [10/Feb/2010:18:47:18 CST] [3] [3] Servlet
caGetAdminBySerial: Error outputting template /admin/GenError.template .
Error encountered while loading output template..
[10/Feb/2010:18:47:18][http-9545-Processor19]: getConn: mNumConns now 2
[10/Feb/2010:18:47:18][http-9545-Processor19]: returnConn: mNumConns now 3
[10/Feb/2010:18:47:18][http-9545-Processor19]: SignedAuditEventFactory:
create()
message=[AuditEvent=ROLE_ASSUME][SubjectID=$NonRoleUser$][Outcome=Success][Role=<null>]
assume privileged role
[10/Feb/2010:18:47:18][http-9545-Processor19]: getConn: mNumConns now 2
[10/Feb/2010:18:47:18][http-9545-Processor19]: returnConn: mNumConns now 3
[10/Feb/2010:18:47:18][http-9545-Processor19]: CMSServlet: curDate=Wed Feb
10 18:47:18 CST 2010 id=caGetAdminBySerial time=20
[10/Feb/2010:18:47:19][http-9545-Processor19]:
com.netscape.cms.servlet.filter.AgentRequestFilter: Use HTTPS port '9543'
instead of '9545' when performing Agent tasks!
On Wed, Feb 10, 2010 at 6:36 PM, Erwin Himawan <ehimawan(a)gmail.com> wrote:
> Hi All,
>
> First of all, thanks for the help of the pki-users to get me through.
>
> Here is the last step of my pki-ca configuration.
> I am in the "Import Administrator Certificate"
> When I clicked "next", I got this error: java.lang.NullPointerException
>
>
> Here is some output from the /var/log/pki-ca1/debug:
>
> [10/Feb/2010:18:17:59][http-9545-Processor24]: increasing minimum
> connections by 3
> [10/Feb/2010:18:17:59][http-9545-Processor24]: new total available
> connections 3
> [10/Feb/2010:18:17:59][http-9545-Processor24]: new number of connections 3
> [10/Feb/2010:18:17:59][http-9545-Processor24]: getNextPanel input p=16
> [10/Feb/2010:18:17:59][http-9545-Processor24]: getNextPanel output p=17
> [10/Feb/2010:18:17:59][http-9545-Processor24]: ImportAdminCertPanel:
> display
> [10/Feb/2010:18:17:59][http-9545-Processor24]: panel no=17
> [10/Feb/2010:18:17:59][http-9545-Processor24]: panel name=importadmincert
> [10/Feb/2010:18:17:59][http-9545-Processor24]: total number of panels=19
> [10/Feb/2010:18:17:59][http-9545-Processor24]: according to ccMode,
> authorization for servlet: caGetAdminBySerial is LDAP based, not XML {1},
> use default authz mgr: {2}.
> [10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet:service() uri =
> /ca/admin/ca/getBySerial
> [10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet::service() param
> name='serialNumber' value='1'
> [10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet::service() param
> name='browser' value='netscape'
> [10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet::service() param
> name='importCert' value='true'
> [10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet:
> caGetAdminBySerial start to service.
> [10/Feb/2010:18:17:59][http-9545-Processor24]: IP: 10.7.20.82
> [10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet: no authMgrName
> [10/Feb/2010:18:17:59][http-9545-Processor24]: checkACLS(): ACLEntry
> expressions= user="anybody"
> [10/Feb/2010:18:17:59][http-9545-Processor24]: evaluating expressions:
> user="anybody"
> [10/Feb/2010:18:17:59][http-9545-Processor24]: evaluated expression:
> user="anybody" to be true
> [10/Feb/2010:18:17:59][http-9545-Processor24]: DirAclAuthz: authorization
> passed
> [10/Feb/2010:18:17:59][http-9545-Processor24]: SignedAuditEventFactory:
> create()
>
message=[AuditEvent=AUTHZ_SUCCESS][SubjectID=$NonRoleUser$][Outcome=Success][aclResource=certServer.admin.certificate][Op=import]
> authorization success
>
> [10/Feb/2010:18:17:59][http-9545-Processor24]: getConn: mNumConns now 2
> [10/Feb/2010:18:17:59][http-9545-Processor24]: returnConn: mNumConns now 3
> [10/Feb/2010:18:17:59][http-9545-Processor24]: SignedAuditEventFactory:
> create()
>
message=[AuditEvent=ROLE_ASSUME][SubjectID=$NonRoleUser$][Outcome=Success][Role=<null>]
> assume privileged role
>
> [10/Feb/2010:18:17:59][http-9545-Processor24]: getConn: mNumConns now 2
> [10/Feb/2010:18:17:59][http-9545-Processor24]: returnConn: mNumConns now 3
> [10/Feb/2010:18:17:59][http-9545-Processor24]: CMSServlet: curDate=Wed Feb
> 10 18:17:59 CST 2010 id=caGetAdminBySerial time=51
> [10/Feb/2010:18:17:59][http-9545-Processor24]:
> com.netscape.cms.servlet.filter.AgentRequestFilter: Use HTTPS port '9543'
> instead of '9545' when performing Agent tasks!
> [10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: process
> [10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet:service() uri
> = /ca/admin/console/config/wizard
> [10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service()
> param name='p' value='17'
> [10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service()
> param name='caHost' value='FQDN'
> [10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service()
> param name='serialNumber' value='1'
> [10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service()
> param name='pkcs7'
value='PKCS7-VALUExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
> [10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service()
> param name='op' value='next'
> [10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet::service()
> param name='caPort' value='9545'
> [10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: op=next
> [10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: size=19
> [10/Feb/2010:18:18:01][http-9545-Processor24]: WizardServlet: in next 17
> [10/Feb/2010:18:18:01][http-9545-Processor24]: ImportAdminCertPanel
> update: Root CA subsystem - (new Security Domain)
> [10/Feb/2010:18:18:01][http-9545-Processor24]: getConn: mNumConns now 2
> [10/Feb/2010:18:18:01][http-9545-Processor24]: returnConn: mNumConns now 3
> [10/Feb/2010:18:18:01][http-9545-Processor24]: getConn: mNumConns now 2
> [10/Feb/2010:18:18:01][http-9545-Processor24]: returnConn: mNumConns now 3
> [10/Feb/2010:18:18:01][http-9545-Processor24]: ImportAdminCertPanel
> update: failed to add certificate. Exception: java.lang.NullPointerException
> [10/Feb/2010:18:18:01][http-9545-Processor24]: panel no=17
> [10/Feb/2010:18:18:01][http-9545-Processor24]: panel name=importadmincert
> [10/Feb/2010:18:18:01][http-9545-Processor24]: total number of panels=19
>
> Any idea how to resolve this issue?
>
> Regards,
> Erwin
>
>
>
>
_______________________________________________
Pki-users mailing
listPki-users@redhat.comhttps://www.redhat.com/mailman/listinfo/pki-users
5427
days inactive
5427
days old
3 comments
2 participants
participants (2)
-
Erwin Himawan -
Marc Sauton