<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=utf-8">
<META content="MSHTML 6.00.6000.16640" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=578321117-29102008><FONT face=Arial 
size=2>Hello,</FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial 
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2>i have the 
problem the the CA don't accept the Administrator login. Either on 
HTTPS-interface or via pkiconsole. It's a new installation and the 
Admin-Certificate exists in the Browser with secret key. The problem ist that 
the CA first dor thier job normal. When i now try to login i got a 
catalina error like this. i dont reconfigure the CA only restart. I also 
configured an HSM (Luna) but dont use key's inside the HSM. </FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial 
size=2>-------------------catalina.out----------------------------------</FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2>Oct 29, 2008 5:43:55 
PM org.apache.catalina.core.ApplicationContext log"<BR>INFO: caListRequests: You 
did not provide a valid certificate for this operation</FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial 
size=2>----------------------------------------------------------------------</FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial 
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2>the debug-file 
shows:</FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial 
size=2>---------------------debug----------------------------------------</FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial 
size=2>[29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet:service() uri = 
/ca/agent/header<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]: 
CMSServlet::service() param name='selected' 
value='ca'<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet: 
caheader start to service.<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]: 
CMSServlet.java: 
renderTemplate<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet: 
curDate=Wed Oct 29 18:15:07 CET 2008 id=caheader 
time=0<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet:service() 
uri = 
/ca/agent/ca/listRequests.html<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]: 
CMSServlet: caListRequests start to 
service.<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]: DisplayHtmlServlet 
about to service<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]: IP: 
10.94.112.222<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]: AuthMgrName: 
certUserDBAuthMgr<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet: 
retrieving SSL certificate<BR>[29/Oct/2008:18:15:07][http-9443-Processor21]: 
SignedAuditEventFactory: create() 
message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=$Unidentified$][AttemptedCred=$Unidentified$] 
authentication failure</FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial 
size=2>[29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]: getConn: mNumConns now 
2<BR>[29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]: 
ObjectStreamMapper:mapObjectToLDAPAttributeSet revokedCerts 
size=84<BR>[29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]: 
ObjectStreamMapper:mapObjectToLDAPAttributeSet unrevokedCerts 
size=84<BR>[29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]: 
ObjectStreamMapper:mapObjectToLDAPAttributeSet expiredCerts 
size=84<BR>[29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]: returnConn: 
mNumConns now 3</FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN 
class=578321117-29102008><FONT face=Arial 
size=2>----------------------------------------------------------------------</FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN 
class=578321117-29102008></SPAN></FONT></SPAN> </DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN 
class=578321117-29102008>certutil -L -d . shows me:</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN 
class=578321117-29102008>----------------------------------------------------------------------</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN 
class=578321117-29102008>Certificate 
Nickname                                         
Trust 
Attributes<BR>                                                             
SSL,S/MIME,JAR/XPI</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN 
class=578321117-29102008>ocspSigningCert 
cert-ca4-1                                   
u,u,u<BR>subsystemCert 
cert-ca4-1                                     
u,u,u<BR>caSigningCert 
cert-ca4-1                                     
CTu,Cu,Cu<BR>Server-Cert 
cert-ca4-1                                       
u,u,u<BR>Allianz Group Root CA II - Allianz 
Group                     
CT,C,C</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN 
class=578321117-29102008>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN 
class=578321117-29102008>----------------------------------------------------------------------</SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN 
class=578321117-29102008></SPAN></FONT></SPAN> </DIV>
<DIV><SPAN class=578321117-29102008><FONT face=Arial size=2><SPAN 
class=578321117-29102008></SPAN></FONT></SPAN> </DIV></SPAN></FONT></SPAN></DIV>
<DIV align=left>
<DIV align=left><FONT size=1>
<DIV align=left><SPAN class=578321117-29102008></SPAN><FONT face=Arial 
size=2>r<SPAN class=578321117-29102008>eagards</SPAN><BR>Klaus 
Heyden</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV></FONT></DIV></DIV>
<DIV> </DIV></BODY></HTML>