[Freeipa-users] Reports and questions
Marc Schlinger
marc.schlinger at agorabox.org
Mon May 3 14:17:18 UTC 2010
Hello,
I tried to install freeipa with certs management. I did manage after a
problem.
1°) The installation was unable to finished on a french localized system.
The error at stage [3/15]: configuring certificate server instance was
something like
java.utils.MissingResourceException can't find bundle for base name
LogMessages, locale fr_FR.UTF-8
full log at then end
It's a dogtag error but since I had it while installing freeipa, I
report it to you.
Finally, for the installation i used a fresh fedora 12 with en_US.UTF-8
locales, rpms version was 1.9.0GIT3620135-0.fc12,
and I activate the testing repos as advised in this thread:
[Freeipa-users] call implemented methods via xml-rpc.
I tried to play a little with certificates mostly to replace puppet
certificate management by the freeipa ones
2°) I wasn't able to do a ipa cert-request
--principal=my/test.domain.com my.csr
I had this error:
ipa: ERROR: Certificate operation cannot be completed: Failure decoding
Certificate Signing Request
It seems that it was a forgetten line in ipalib/pkcs10.py
here's the patch:
--- /tmp/pkcs10.py 2010-05-03 16:02:22.929018799 +0200
+++ ipalib/pkcs10.py 2010-05-03 16:02:09.855940583 +0200
@@ -52,6 +52,7 @@
namedtype.NamedType('universalString',
char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1,
MAX))),
namedtype.NamedType('utf8String',
char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1,
MAX))),
namedtype.NamedType('bmpString',
char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1,
MAX))),
+ namedtype.NamedType('ia5string',
char.IA5String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1,
MAX))),
)
that's all for the report, now I have a question:
Is/Will freeipa integrate smart token authentication?
In this page : http://freeipa.org/page/Certificate_Management
You said that "There is no requirement to provision user certificates.".
Smart key authentication require user certificates.
# File /var/log/pki-ca/catalina.out
28 avr. 2010 16:08:53 org.apache.catalina.core.ApplicationContext log
GRAVE: StandardWrapper.Throwable
java.util.MissingResourceException: Can't find bundle for base name
LogMessages, locale fr_FR
at
java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:1539)
at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1278)
at java.util.ResourceBundle.getBundle(ResourceBundle.java:733)
at
com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1103)
at
com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1176)
at com.netscape.certsrv.apps.CMS.getLogMessage(CMS.java:637)
at
com.netscape.cms.servlet.common.Utils.initializeAuthz(Utils.java:89)
at
com.netscape.cms.servlet.base.CMSServlet.init(CMSServlet.java:288)
at
com.netscape.cms.servlet.csadmin.GetStatus.init(GetStatus.java:61)
at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1139)
at
org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:791)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:127)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:548)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:636)
28 avr. 2010 16:08:53 org.apache.catalina.core.StandardWrapperValve invoke
GRAVE: Exception lors de l'allocation pour la servlet caGetStatus
java.util.MissingResourceException: Can't find bundle for base name
LogMessages, locale fr_FR
at
java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:1539)
at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1278)
at java.util.ResourceBundle.getBundle(ResourceBundle.java:733)
at
com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1103)
at
com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1176)
at com.netscape.certsrv.apps.CMS.getLogMessage(CMS.java:637)
at
com.netscape.cms.servlet.common.Utils.initializeAuthz(Utils.java:89)
at
com.netscape.cms.servlet.base.CMSServlet.init(CMSServlet.java:288)
at
com.netscape.cms.servlet.csadmin.GetStatus.init(GetStatus.java:61)
at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1139)
at
org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:791)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:127)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:548)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:636)
[Fatal Error] :1:8: The string "--" is not permitted within comments.
28 avr. 2010 16:08:58 org.apache.catalina.core.ApplicationContext log
GRAVE: StandardWrapper.Throwable
java.util.MissingResourceException: Can't find bundle for base name
LogMessages, locale fr_FR
at
java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:1539)
at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1278)
at java.util.ResourceBundle.getBundle(ResourceBundle.java:733)
at
com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1103)
at
com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1176)
at com.netscape.certsrv.apps.CMS.getLogMessage(CMS.java:637)
at
com.netscape.cms.servlet.common.Utils.initializeAuthz(Utils.java:89)
at
com.netscape.cms.servlet.base.CMSServlet.init(CMSServlet.java:288)
at
com.netscape.cms.servlet.csadmin.GetStatus.init(GetStatus.java:61)
at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1139)
at
org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:791)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:127)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:548)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:636)
28 avr. 2010 16:08:58 org.apache.catalina.core.StandardWrapperValve invoke
GRAVE: Exception lors de l'allocation pour la servlet caGetStatus
java.util.MissingResourceException: Can't find bundle for base name
LogMessages, locale fr_FR
at
java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:1539)
at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1278)
at java.util.ResourceBundle.getBundle(ResourceBundle.java:733)
at
com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1103)
at
com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1176)
at com.netscape.certsrv.apps.CMS.getLogMessage(CMS.java:637)
at
com.netscape.cms.servlet.common.Utils.initializeAuthz(Utils.java:89)
at
com.netscape.cms.servlet.base.CMSServlet.init(CMSServlet.java:288)
at
com.netscape.cms.servlet.csadmin.GetStatus.init(GetStatus.java:61)
at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1139)
at
org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:791)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:127)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:548)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:636)
[Fatal Error] :1:8: The string "--" is not permitted within comments.
Exception caught: java.io.IOException: The value for
preop.cert.signing.type should be remote
Exception caught: java.io.IOException: The value for
preop.cert.ocsp_signing.type should be remote
Exception caught: java.io.IOException: The value for
preop.cert.sslserver.type should be remote
Exception caught: java.io.IOException: The value for
preop.cert.subsystem.type should be remote
Exception caught: java.io.IOException: The value for
preop.cert.audit_signing.type should be remote
More information about the Freeipa-users
mailing list