Hi guys,
I have trouble spawning an issuing CA using pkispawn. I have read and read and tried and tried. I have come to the point where i think it's a bug.
I want to create a issuing CA using dogtag and an external offline root-CA. I have used the info at https://www.redhat.com/archives/pki-devel/2012-December/msg00025.html and created the following file:
cat ca_1.cfg [Common] pki_admin_password=<password> pki_backup_password=<password> pki_client_pkcs12_password=<password> pki_ds_password=<password> pki_security_domain_password=<password> [CA] pki_ca_signing_nickname=BIT B.V. Signing CA pki_ca_signing_subject_dn=cn=BIT B.V. Signing CA,e=support@bit.nl,o=BIT B.V. pki_ocsp_signing_nickname=BIT B.V. OCSP Signing CA pki_ocsp_signing_subject_dn=cn=BIT B.V. OCSP Signing CA,e=support@bit.nl,o=BIT B.V. pki_random_serial_numbers_enable=True pki_admin_email=support@bit.nl pki_admin_subject_dn=cn=PKI Administrator,e=support@bit.nl,e=support@bit.nl,o=BIT B.V. pki_audit_signing_nickname=BIT B.V. Audit Signing CA pki_audit_signing_subject_dn=cn=BIT B.V. Audit Signing CA,e=support@bit.nl,o=BIT B.V. pki_subsystem_nickname=BIT B.V. Subsystem CA pki_subsystem_subject_dn=cn=BIT B.V. Subsystem CA,e=support@bit.nl,o=BIT B.V. pki_external=True pki_external_ca_cert_path=/tmp/pki/config/bit_ca.cer pki_external_csr_path=/tmp/pki/config/ca_signing.csr
But when i try to spawn the new CA i get the following error:
Installing CA into /var/lib/pki/pki-tomcat. pkispawn : INFO BEGIN spawning subsystem 'CA' of instance 'pki-tomcat' . . . pkispawn : INFO ... initializing 'pki.deployment.initialization' pkispawn : INFO ....... adding GID 'pkiuser' for group '17' . . . pkispawn : INFO ....... adding UID 'pkiuser' for user '17' . . . pkispawn : INFO ... populating 'pki.deployment.infrastructure_layout' pkispawn : INFO ....... mkdir -p /etc/sysconfig/pki pkispawn : INFO ....... mkdir -p /etc/sysconfig/pki/tomcat pkispawn : INFO ....... mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat pkispawn : INFO ....... mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca pkispawn : INFO ....... cp -p /etc/pki/default.cfg /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg. pkispawn : INFO ....... mkdir -p /var/lib/pki pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/ca pkispawn : INFO ....... ln -s /etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat/ca/registry pkispawn : INFO ... populating 'pki.deployment.instance_layout' pkispawn : INFO ....... mkdir -p /var/log/pki/pki-tomcat pkispawn : INFO ....... mkdir -p /etc/pki/pki-tomcat pkispawn : INFO ....... cp -rp /usr/share/pki/server/conf /etc/pki/pki-tomcat pkispawn : INFO ....... setting ownerships, permissions, and acls on '/etc/pki/pki-tomcat' pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/common pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/common/lib pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/lib pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/commons-pool.jar /var/lib/pki/pki-tomcat/lib/commons-pool.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/catalina-tribes.jar /var/lib/pki/pki-tomcat/lib/catalina-tribes.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-servlet-3.0-api.jar /var/lib/pki/pki-tomcat/lib/tomcat-servlet-3.0-api.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/jasper-el.jar /var/lib/pki/pki-tomcat/lib/jasper-el.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/catalina-ant.jar /var/lib/pki/pki-tomcat/lib/catalina-ant.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-jsp-2.2-api.jar /var/lib/pki/pki-tomcat/lib/tomcat-jsp-2.2-api.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-coyote.jar /var/lib/pki/pki-tomcat/lib/tomcat-coyote.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-jdbc.jar /var/lib/pki/pki-tomcat/lib/tomcat-jdbc.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/jasper-jdt.jar /var/lib/pki/pki-tomcat/lib/jasper-jdt.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/commons-dbcp.jar /var/lib/pki/pki-tomcat/lib/commons-dbcp.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-api.jar /var/lib/pki/pki-tomcat/lib/tomcat-api.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/jasper.jar /var/lib/pki/pki-tomcat/lib/jasper.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-i18n-ja.jar /var/lib/pki/pki-tomcat/lib/tomcat-i18n-ja.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/annotations-api.jar /var/lib/pki/pki-tomcat/lib/annotations-api.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/catalina.jar /var/lib/pki/pki-tomcat/lib/catalina.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-juli.jar /var/lib/pki/pki-tomcat/lib/tomcat-juli.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/log4j.jar /var/lib/pki/pki-tomcat/lib/log4j.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-i18n-es.jar /var/lib/pki/pki-tomcat/lib/tomcat-i18n-es.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-el-2.2-api.jar /var/lib/pki/pki-tomcat/lib/tomcat-el-2.2-api.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/commons-collections.jar /var/lib/pki/pki-tomcat/lib/commons-collections.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-util.jar /var/lib/pki/pki-tomcat/lib/tomcat-util.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/catalina-ha.jar /var/lib/pki/pki-tomcat/lib/catalina-ha.jar pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-i18n-fr.jar /var/lib/pki/pki-tomcat/lib/tomcat-i18n-fr.jar pkispawn : INFO ....... ln -s /etc/pki/pki-tomcat/log4j.properties /var/lib/pki/pki-tomcat/lib/log4j.properties pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/temp pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work/Catalina pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca pkispawn : INFO ....... ln -s /usr/share/tomcat/bin /var/lib/pki/pki-tomcat/bin pkispawn : INFO ....... ln -s /usr/sbin/tomcat-sysd /var/lib/pki/pki-tomcat/pki-tomcat pkispawn : INFO ....... ln -s /usr/share/java/apache-commons-collections.jar /var/lib/pki/pki-tomcat/common/lib/apache-commons-collections.jar pkispawn : INFO ....... ln -s /usr/share/java/apache-commons-lang.jar /var/lib/pki/pki-tomcat/common/lib/apache-commons-lang.jar pkispawn : INFO ....... ln -s /usr/share/java/apache-commons-logging.jar /var/lib/pki/pki-tomcat/common/lib/apache-commons-logging.jar pkispawn : INFO ....... ln -s /usr/share/java/commons-codec.jar /var/lib/pki/pki-tomcat/common/lib/apache-commons-codec.jar pkispawn : INFO ....... ln -s /usr/share/java/httpcomponents/httpclient.jar /var/lib/pki/pki-tomcat/common/lib/httpclient.jar pkispawn : INFO ....... ln -s /usr/share/java/httpcomponents/httpcore.jar /var/lib/pki/pki-tomcat/common/lib/httpcore.jar pkispawn : INFO ....... ln -s /usr/share/java/javassist.jar /var/lib/pki/pki-tomcat/common/lib/javassist.jar pkispawn : INFO ....... ln -s /usr/share/java/resteasy/jaxrs-api.jar /var/lib/pki/pki-tomcat/common/lib/jaxrs-api.jar pkispawn : INFO ....... ln -s /usr/share/java/jettison.jar /var/lib/pki/pki-tomcat/common/lib/jettison.jar pkispawn : INFO ....... ln -s /usr/lib/java/jss4.jar /var/lib/pki/pki-tomcat/common/lib/jss4.jar pkispawn : INFO ....... ln -s /usr/share/java/ldapjdk.jar /var/lib/pki/pki-tomcat/common/lib/ldapjdk.jar pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-tomcat.jar /var/lib/pki/pki-tomcat/common/lib/pki-tomcat.jar pkispawn : INFO ....... ln -s /usr/share/java/resteasy/resteasy-atom-provider.jar /var/lib/pki/pki-tomcat/common/lib/resteasy-atom-provider.jar pkispawn : INFO ....... ln -s /usr/share/java/resteasy/resteasy-jaxb-provider.jar /var/lib/pki/pki-tomcat/common/lib/resteasy-jaxb-provider.jar pkispawn : INFO ....... ln -s /usr/share/java/resteasy/resteasy-jaxrs.jar /var/lib/pki/pki-tomcat/common/lib/resteasy-jaxrs.jar pkispawn : INFO ....... ln -s /usr/share/java/resteasy/resteasy-jettison-provider.jar /var/lib/pki/pki-tomcat/common/lib/resteasy-jettison-provider.jar pkispawn : INFO ....... ln -s /usr/share/java/scannotation.jar /var/lib/pki/pki-tomcat/common/lib/scannotation.jar pkispawn : INFO ....... ln -s /usr/share/java/tomcatjss.jar /var/lib/pki/pki-tomcat/common/lib/tomcatjss.jar pkispawn : INFO ....... ln -s /usr/share/java/velocity.jar /var/lib/pki/pki-tomcat/common/lib/velocity.jar pkispawn : INFO ....... ln -s /usr/share/java/xerces-j2.jar /var/lib/pki/pki-tomcat/common/lib/xerces-j2.jar pkispawn : INFO ....... ln -s /usr/share/java/xml-commons-apis.jar /var/lib/pki/pki-tomcat/common/lib/xml-commons-apis.jar pkispawn : INFO ....... ln -s /usr/share/java/xml-commons-resolver.jar /var/lib/pki/pki-tomcat/common/lib/xml-commons-resolver.jar pkispawn : INFO ....... mkdir -p /etc/pki/pki-tomcat/alias pkispawn : INFO ....... ln -s /etc/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/alias pkispawn : INFO ....... ln -s /etc/pki/pki-tomcat /var/lib/pki/pki-tomcat/conf pkispawn : INFO ....... ln -s /var/log/pki/pki-tomcat /var/lib/pki/pki-tomcat/logs pkispawn : INFO ... populating 'pki.deployment.subsystem_layout' pkispawn : INFO ....... mkdir -p /var/log/pki/pki-tomcat/ca pkispawn : INFO ....... mkdir -p /var/log/pki/pki-tomcat/ca/archive pkispawn : INFO ....... mkdir -p /var/log/pki/pki-tomcat/ca/signedAudit pkispawn : INFO ....... mkdir -p /etc/pki/pki-tomcat/ca pkispawn : INFO ....... cp -rp /usr/share/pki/ca/emails /var/lib/pki/pki-tomcat/ca/emails pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/ca/emails' pkispawn : INFO ....... cp -rp /usr/share/pki/ca/profiles /var/lib/pki/pki-tomcat/ca/profiles pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/ca/profiles' pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/flatfile.txt /etc/pki/pki-tomcat/ca/flatfile.txt pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/registry.cfg /etc/pki/pki-tomcat/ca/registry.cfg pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/adminCert.profile /etc/pki/pki-tomcat/ca/adminCert.profile pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/caAuditSigningCert.profile /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/caCert.profile /etc/pki/pki-tomcat/ca/caCert.profile pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/caOCSPCert.profile /etc/pki/pki-tomcat/ca/caOCSPCert.profile pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/serverCert.profile /etc/pki/pki-tomcat/ca/serverCert.profile pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/subsystemCert.profile /etc/pki/pki-tomcat/ca/subsystemCert.profile pkispawn : INFO ....... ln -s /var/lib/pki/pki-tomcat/webapps /var/lib/pki/pki-tomcat/ca/webapps pkispawn : INFO ....... ln -s /var/lib/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/ca/alias pkispawn : INFO ....... ln -s /etc/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/conf pkispawn : INFO ....... ln -s /var/log/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/logs pkispawn : INFO ... populating 'pki.deployment.selinux_setup' pkispawn : INFO ... deploying 'pki.deployment.webapp_deployment' pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/ROOT pkispawn : INFO ....... cp -rp /usr/share/pki/server/webapps/ROOT /var/lib/pki/pki-tomcat/webapps/ROOT pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/ROOT' pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/pki pkispawn : INFO ....... cp -rp /usr/share/pki/common-ui /var/lib/pki/pki-tomcat/webapps/pki pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/pki' pkispawn : INFO ....... cp -rp /usr/share/pki/server/webapps/pki/js /var/lib/pki/pki-tomcat/webapps/pki/js pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/pki/js' pkispawn : INFO ....... cp -rp /usr/share/pki/server/webapps/pki/META-INF /var/lib/pki/pki-tomcat/webapps/pki/META-INF pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/pki/META-INF' pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/ca pkispawn : INFO ....... cp -rp /usr/share/pki/server/webapps/pki/admin /var/lib/pki/pki-tomcat/webapps/ca/admin pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/ca/admin' pkispawn : INFO ....... cp -rp /usr/share/pki/ca/webapps/ca /var/lib/pki/pki-tomcat/webapps/ca pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/ca' pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/classes pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-certsrv.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-certsrv.jar pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-cmsbundle.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-cmsbundle.jar pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-cmscore.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-cmscore.jar pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-cms.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-cms.jar pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-cmsutil.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-cmsutil.jar pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-nsutil.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-nsutil.jar pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-ca.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-ca.jar pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/ca' pkispawn : INFO ... assigning slots for 'pki.deployment.slot_substitution' pkispawn : INFO ....... copying '/usr/share/pki/ca/conf/CS.cfg' --> '/etc/pki/pki-tomcat/ca/CS.cfg' with slot substitution pkispawn : INFO ....... copying '/usr/share/pki/setup/pkidaemon_registry' --> '/etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat' with slot substitution pkispawn : INFO ....... copying '/usr/share/pki/server/conf/catalina.properties' --> '/etc/pki/pki-tomcat/catalina.properties' with slot substitution pkispawn : INFO ....... copying '/usr/share/pki/server/conf/serverCertNick.conf' --> '/etc/pki/pki-tomcat/serverCertNick.conf' with slot substitution pkispawn : INFO ....... copying '/usr/share/pki/server/conf/server.xml' --> '/etc/pki/pki-tomcat/server.xml' with slot substitution pkispawn : INFO ....... copying '/usr/share/pki/server/conf/context.xml' --> '/etc/pki/pki-tomcat/context.xml' with slot substitution pkispawn : INFO ....... copying '/usr/share/pki/server/conf/tomcat.conf' --> '/etc/sysconfig/pki-tomcat' with slot substitution pkispawn : INFO ....... copying '/usr/share/pki/server/conf/tomcat.conf' --> '/etc/pki/pki-tomcat/tomcat.conf' with slot substitution pkispawn : INFO ....... applying in-place slot substitutions on '/var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/velocity.properties' pkispawn : INFO ....... applying in-place slot substitutions on '/var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/web.xml' pkispawn : INFO ....... copying '/usr/share/pki/ca/conf/proxy.conf' --> '/etc/pki/pki-tomcat/ca/proxy.conf' with slot substitution pkispawn : INFO ....... applying in-place slot substitutions on '/var/lib/pki/pki-tomcat/webapps/ca/ee/ca/ProfileSelect.template' pkispawn : INFO ... generating 'pki.deployment.security_databases' pkispawn : INFO ....... generating '/etc/pki/pki-tomcat/password.conf' pkispawn : INFO ....... generating '/etc/pki/pki-tomcat/pfile' pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/password.conf' pkispawn : INFO ....... executing 'certutil -N -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile' pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/alias/cert8.db' pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/alias/key3.db' pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/alias/secmod.db' pkispawn : INFO ....... generating noise file called '/etc/pki/pki-tomcat/ca/noise' and filling it with '1024' random bytes pkispawn : INFO ....... executing 'certutil -S -d /etc/pki/pki-tomcat/alias -h 'internal' -n 'Server-Cert cert-pki-tomcat' -s 'cn=pki-cm.dmz.bit.nl,o=2013-07-15 13:58:25' -m 0 -v 12 -c 'cn=pki-cm.dmz.bit.nl,o=2013-07-15 13:58:25' -t 'CTu,CTu,CTu' -z /etc/pki/pki-tomcat/ca/noise -f /etc/pki/pki-tomcat/pfile -x > /dev/null 2>&1' pkispawn : INFO ....... rm -f /etc/pki/pki-tomcat/ca/noise pkispawn : INFO ....... rm -f /etc/pki/pki-tomcat/pfile pkispawn : INFO ... configuring 'pki.deployment.configuration' pkispawn : INFO ....... mkdir -p /root/.dogtag/pki-tomcat/ca pkispawn : INFO ....... generating '/root/.dogtag/pki-tomcat/ca/password.conf' pkispawn : INFO ....... modifying '/root/.dogtag/pki-tomcat/ca/password.conf' pkispawn : INFO ....... generating '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf' pkispawn : INFO ....... modifying '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf' pkispawn : INFO ....... mkdir -p /root/.dogtag/pki-tomcat/ca/alias pkispawn : INFO ....... executing 'certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf' pkispawn : INFO ....... ln -s /lib/systemd/system/pki-tomcatd@.service /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service pkispawn : INFO ....... executing 'systemctl start pki-tomcatd@pki-tomcat.service' pkispawn : INFO ....... constructing PKI configuration data. pkispawn : INFO ....... generating noise file called '/root/.dogtag/pki-tomcat/ca/alias/noise' and filling it with '2048' random bytes pkispawn : INFO ....... executing '['certutil', '-R', '-d', '/root/.dogtag/pki-tomcat/ca/alias', '-s', 'cn=PKI Administrator,e=support@bit.nl,e=support@bit.nl,o=BIT B.V.', '-g', '2048', '-z', '/root/.dogtag/pki-tomcat/ca/alias/noise', '-f', '/root/.dogtag/pki-tomcat/ca/password.conf', '-o', '/root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin']' pkispawn : INFO ....... ['BtoA', '/root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin', '/root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin.asc'] pkispawn : INFO ....... configuring PKI configuration data. pkispawn : ERROR ....... Exception from Java Configuration Servlet: Error in obtaining certificate chain from issuing CA: java.lang.NullPointerException Installation failed.
The root CA consists of just one certificate. There is no chain. I think therefor this is a bug. If you need any extra info, i'd be happy to deliver". I'm new to dogtag, but quite familiar with RSA PKI systems.
Using version: dogtag-pki-10.0.3-1.fc19
A certificate chain can contain one or more certificates. It must be in PKCS7 format though, and I suspect yours may not have been.
Most CA's do provide their certificate chain in PKCS7. Certainly, if your external CA is a Dogtag CA, that option is available.
If not, there are openssl tools to convert from a cert or set of certs to a PKCS7 chain. http://linux.die.net/man/1/crl2pkcs7
openssl crl2pkcs7 -nocrl -certfile newcert.pem -certfile demoCA/cacert.pem -outform DER -out p7.der
When I tried my install with the relevant certificate and certificate chain in PKCS7 format, it went through just fine.
Closing this as worksforme. If there are other concerns, please reopen.
Metadata Update from @adze: - Issue assigned to vakwetu - Issue set to the milestone: N/A
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1256
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.