Issue #1034: RA configuration failed - dogtagpki

dogtagpki

#1034 RA configuration failed

Closed: Invalid None Opened 9 years ago by saipandi.

The RA can't be configured using the minimum parameters:

pkisilent ConfigureRA -cs_hostname ipaqa64vml.idm.lab.bos.redhat.com -cs_port 12890 -cs_clientauth_port 12889 -sd_hostname ipaqa64vml.idm.lab.bos.redhat.com -sd_ssl_port 30002 -sd_agent_port 30002 -sd_admin_port 30002 -sd_admin_name 1002 -sd_admin_password Secret123 -ca_hostname ipaqa64vml.idm.lab.bos.redhat.com -ca_port 30010 -ca_ssl_port 30002 -ca_admin_port 30002 -client_certdb_dir /tmp/saili -client_certdb_pwd Secret123 -preop_pin mtMgbrxF2Ifded4ycUTk -domain_name idm.lab.bos.redhat.com -admin_user raadmin -admin_email "saipandi@redhat.com" -admin_password Secret123 -key_size 2048 -key_type rsa -agent_name raagent -agent_cert_subject CN=raagent-tp1,OU=mtv,O=redhat -agent_key_size 2048 -agent_key_type rsa -token_name saili.db -token_pwd Secret123 -ra_subsystem_cert_subject_name "CN=RA-subsystem,O=redhat" -ra_subsystem_cert_nickname "RA-Subsystem-Cert" -ra_server_cert_subject_name "CN=ipaqa64vma.idm.lab.bos.redhat.com,O=redhat" -ra_server_cert_nickname "RA-Server-Cert" -subsystem_name "pki-ra"

the pkicreate command was:

pkicreate -pki_instance_root=/var/lib \
-pki_instance_name=pki-ra \
-subsystem_type=ra \
-secure_port=12889 \
-non_clientauth_secure_port=12890 \
-unsecure_port=12888 \
-user=pkiuser \
-group=pkiuser \
-redirect conf=/etc/pki-ra \
-redirect logs=/var/log/pki-ra \
-verbose

saipandi commented 9 years ago

the error_log file showed the following errors:

SEC_ERROR_NO_TOKEN: The security card or token does not exist, needs to be initialized, or has been removed.

certutil: could not find certificate named "Trusted CA c2cert0": SEC_ERROR_BAD_DATABASE: security library: bad database.

certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.

certutil: unable to generate key(s)

perl:error] [pid 15455:tid 140546563602176] [client 10.16.98.247:33526] Could not find httpd.xml in /usr/sbin/ at /var/lib/pki-ra/lib/perl/PKI/RA/AdminPanel.pm line 156.\n

the client certdb dir contains the p12 file of the CA.

mharmsen commented 9 years ago

Per CS/DS meeting of 6/9/2014, proposed Milestone: 10.3.

edewata commented 8 years ago

The RA subsystem is no longer available.

Metadata Update from @saipandi:
- Issue set to the milestone: UNTRIAGED

7 years ago

dmoluguw commented 3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1599

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

UNTRIAGED

lowhangingfruit

None

reporter

None

rhbz

None

type

defect

version

None

keywords

None

estimate

None

feature

None

origin

Community

proposedpriority

None

fixedinversion

None

platforms

None

blockedby

None

blocking

None

reviewer

None

component

Auth

proposedmilestone

None

dogtagpki

Source Code

#1034 RA configuration failed Closed: Invalid None Opened 9 years ago by saipandi.

Metadata

#1034 RA configuration failed

Closed: Invalid None Opened 9 years ago by saipandi.