<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=utf-8">
<META content="MSHTML 6.00.6000.16640" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=578321117-29102008><FONT face=Arial
size=2>Hello,</FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2>i have the
problem the the CA don't accept the Administrator login. Either on
HTTPS-interface or via pkiconsole. It's a new installation and the
Admin-Certificate exists in the Browser with secret key. The problem ist that
the CA first dor thier job normal. When i now try to login i got a
catalina error like this. i dont reconfigure the CA only restart. I also
configured an HSM (Luna) but dont use key's inside the HSM. </FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial
size=2>-------------------catalina.out----------------------------------</FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2>Oct 29, 2008 5:43:55
PM org.apache.catalina.core.ApplicationContext log"<BR>INFO: caListRequests: You
did not provide a valid certificate for this operation</FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial
size=2>----------------------------------------------------------------------</FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2>the debug-file
shows:</FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial
size=2>---------------------debug----------------------------------------</FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial
size=2>[29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet:service() uri =
/ca/agent/header<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]:
CMSServlet::service() param name='selected'
value='ca'<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet:
caheader start to service.<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]:
CMSServlet.java:
renderTemplate<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet:
curDate=Wed Oct 29 18:15:07 CET 2008 id=caheader
time=0<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet:service()
uri =
/ca/agent/ca/listRequests.html<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]:
CMSServlet: caListRequests start to
service.<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]: DisplayHtmlServlet
about to service<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]: IP:
10.94.112.222<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]: AuthMgrName:
certUserDBAuthMgr<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet:
retrieving SSL certificate<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]:
SignedAuditEventFactory: create()
message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=$Unidentified$][AttemptedCred=$Unidentified$]
authentication failure</FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial
size=2>[29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]: getConn: mNumConns now
2<BR>[29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]:
ObjectStreamMapper:mapObjectToLDAPAttributeSet revokedCerts
size=84<BR>[29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]:
ObjectStreamMapper:mapObjectToLDAPAttributeSet unrevokedCerts
size=84<BR>[29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]:
ObjectStreamMapper:mapObjectToLDAPAttributeSet expiredCerts
size=84<BR>[29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]: returnConn:
mNumConns now 3</FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN
class=578321117-29102008><FONT face=Arial
size=2>----------------------------------------------------------------------</FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN
class=578321117-29102008></SPAN></FONT></SPAN> </DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN
class=578321117-29102008>certutil -L -d . shows me:</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN
class=578321117-29102008>----------------------------------------------------------------------</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN
class=578321117-29102008>Certificate
Nickname
Trust
Attributes<BR>
SSL,S/MIME,JAR/XPI</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN
class=578321117-29102008>ocspSigningCert
cert-ca4-1
u,u,u<BR>subsystemCert
cert-ca4-1
u,u,u<BR>caSigningCert
cert-ca4-1
CTu,Cu,Cu<BR>Server-Cert
cert-ca4-1
u,u,u<BR>Allianz Group Root CA II - Allianz
Group
CT,C,C</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN
class=578321117-29102008>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN
class=578321117-29102008>----------------------------------------------------------------------</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN
class=578321117-29102008></SPAN></FONT></SPAN> </DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN
class=578321117-29102008></SPAN></FONT></SPAN> </DIV></SPAN></FONT></SPAN></DIV>
<DIV align=left>
<DIV align=left><FONT size=1>
<DIV align=left><SPAN class=578321117-29102008></SPAN><FONT face=Arial
size=2>r<SPAN class=578321117-29102008>eagards</SPAN><BR>Klaus
Heyden</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV></FONT></DIV></DIV>
<DIV> </DIV></BODY></HTML>