Hi Arshad,
I got error like this if the CA and the RA were in separetad firewall
zone. The problem was that in the communication: the CA got the firewall
address as source address and not the RA's
address. The soulution: we had to edit the hosts file like this:
IP address of firewall RAhostname
After the installation we could correct the hosts file and everythig worked
fine.
So, maybe check the name resolution.
Bye:
Peter
2008/3/28, Christina Fu <cfu(a)redhat.com>:
---------- Továbított levél ----------
From: Christina Fu <cfu(a)redhat.com>
To: pki-users(a)redhat.com
Date: Fri, 28 Mar 2008 07:58:39 -0700
Subject: Re: [Dogtag 1.0]
Hi Arshad,
Welcome to Dogtag!!
The message "CA response: Authorization Error. Please also check
previous related panels" is an indication that there is a problem
between RA to CA communication.
There are two places to trouble shoot.
One is in the RA debug log, where, from the bottom of the log, you want
to look for string "NamePanel: response content=" and see what the
content value is. It should contain a non-zero return value from CA. A
zero response means success.
The other place is the CA debug log, where you might want to search for
key word "profileSubmit" starting from the bottom of the log, and then
scroll down slowly to find any error message relating to the
authentication error.
I believe the cookie has a timeout period, so if you waited too long in
the middle of the installation of the RA, you would get an
authentication error.
Hope this helps. Let me know how it goes.
Christina
>
>
> -------- Original Message --------
> Subject: Dogtag 1.0
> Date: Wed, 19 Mar 2008 18:44:07 -0700
> From: Arshad Noor <arshad.noor(a)strongauth.com>
> Organization: StrongAuth, Inc.
> To: pki-users(a)redhat.com, pki-devel(a)redhat.com
>
> Congratulations to the Dogtag team for finally open-sourcing
> the product. Its a welcome addition to the open-source
> community. Its been a long time coming, but better late than
> never. :-)
>
> Question: In configuring the RA (after successfully setting
> up the CA on 2.6.24.3-34.fc8 #1 SMP x86_64) there is an error
> when trying to proceed past the "Subject Names" panel:
>
> "CA response: Authorization Error. Please also check previous related
> panels."
>
> Any explanation of what went wrong? There doesn't appear to be
> any errors in the error_log or debug files, but there is a small
> ra-debug.log which shows an "Authentication Error".
>
> The only authentication credential I recall the wizard prompted
> for was for the CA administrator ID (which was correct since the
> cookie got established and I was able to proceed this far).
>
> TIA.
>
> Arshad Noor
> StrongAuth, Inc.
>
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel