[Freeipa-users] Reports and questions
Oliver Burtchen
o.burtchen at gmx.de
Mon May 3 15:11:33 UTC 2010
Am Montag, 3. Mai 2010 16:17:18 schrieb Marc Schlinger:
> Hello,
>
> I tried to install freeipa with certs management. I did manage after a
> problem.
>
> 1°) The installation was unable to finished on a french localized system.
> The error at stage [3/15]: configuring certificate server instance was
> something like
>
> java.utils.MissingResourceException can't find bundle for base name
> LogMessages, locale fr_FR.UTF-8
> full log at then end
>
> It's a dogtag error but since I had it while installing freeipa, I
> report it to you.
>
This is a bug I also encountered
https://bugzilla.redhat.com/show_bug.cgi?id=583177
Quick workaround is to set the system locale (system-config-language) to
english just before ipa-server-install, and switch it back to yours after
that.
Best regards,
Oli
> Finally, for the installation i used a fresh fedora 12 with en_US.UTF-8
> locales, rpms version was 1.9.0GIT3620135-0.fc12,
> and I activate the testing repos as advised in this thread:
> [Freeipa-users] call implemented methods via xml-rpc.
>
> I tried to play a little with certificates mostly to replace puppet
> certificate management by the freeipa ones
> 2°) I wasn't able to do a ipa cert-request
> --principal=my/test.domain.com my.csr
> I had this error:
> ipa: ERROR: Certificate operation cannot be completed: Failure decoding
> Certificate Signing Request
>
> It seems that it was a forgetten line in ipalib/pkcs10.py
> here's the patch:
>
> --- /tmp/pkcs10.py 2010-05-03 16:02:22.929018799 +0200
> +++ ipalib/pkcs10.py 2010-05-03 16:02:09.855940583 +0200
> @@ -52,6 +52,7 @@
> namedtype.NamedType('universalString',
> char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1
> , MAX))),
> namedtype.NamedType('utf8String',
> char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1,
> MAX))),
> namedtype.NamedType('bmpString',
> char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1,
> MAX))),
> + namedtype.NamedType('ia5string',
> char.IA5String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1,
> MAX))),
> )
>
>
>
>
>
> that's all for the report, now I have a question:
>
> Is/Will freeipa integrate smart token authentication?
> In this page : http://freeipa.org/page/Certificate_Management
> You said that "There is no requirement to provision user certificates.".
> Smart key authentication require user certificates.
>
>
>
>
>
>
> # File /var/log/pki-ca/catalina.out
> 28 avr. 2010 16:08:53 org.apache.catalina.core.ApplicationContext log
> GRAVE: StandardWrapper.Throwable
> java.util.MissingResourceException: Can't find bundle for base name
> LogMessages, locale fr_FR
> at
> java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:
> 1539) at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1278)
> at java.util.ResourceBundle.getBundle(ResourceBundle.java:733) at
> com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1103)
> at
> com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1176)
> at com.netscape.certsrv.apps.CMS.getLogMessage(CMS.java:637)
> at
> com.netscape.cms.servlet.common.Utils.initializeAuthz(Utils.java:89)
> at
> com.netscape.cms.servlet.base.CMSServlet.init(CMSServlet.java:288)
> at
> com.netscape.cms.servlet.csadmin.GetStatus.init(GetStatus.java:61)
> at
> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1
> 139) at
> org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:791)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.j
> ava:127) at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.j
> ava:172) at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:12
> 7) at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:11
> 7) at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:548)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.jav
> a:108) at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
> at
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.process
> Connection(Http11BaseProtocol.java:665) at
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.ja
> va:528) at
> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerW
> orkerThread.java:81) at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.ja
> va:689) at java.lang.Thread.run(Thread.java:636)
> 28 avr. 2010 16:08:53 org.apache.catalina.core.StandardWrapperValve invoke
> GRAVE: Exception lors de l'allocation pour la servlet caGetStatus
> java.util.MissingResourceException: Can't find bundle for base name
> LogMessages, locale fr_FR
> at
> java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:
> 1539) at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1278)
> at java.util.ResourceBundle.getBundle(ResourceBundle.java:733) at
> com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1103)
> at
> com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1176)
> at com.netscape.certsrv.apps.CMS.getLogMessage(CMS.java:637)
> at
> com.netscape.cms.servlet.common.Utils.initializeAuthz(Utils.java:89)
> at
> com.netscape.cms.servlet.base.CMSServlet.init(CMSServlet.java:288)
> at
> com.netscape.cms.servlet.csadmin.GetStatus.init(GetStatus.java:61)
> at
> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1
> 139) at
> org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:791)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.j
> ava:127) at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.j
> ava:172) at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:12
> 7) at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:11
> 7) at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:548)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.jav
> a:108) at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
> at
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.process
> Connection(Http11BaseProtocol.java:665) at
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.ja
> va:528) at
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.ja
> va:528) at
> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerW
> orkerThread.java:81) at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.ja
> va:689) at java.lang.Thread.run(Thread.java:636)
> [Fatal Error] :1:8: The string "--" is not permitted within comments.
> 28 avr. 2010 16:08:58 org.apache.catalina.core.ApplicationContext log
> GRAVE: StandardWrapper.Throwable
> java.util.MissingResourceException: Can't find bundle for base name
> LogMessages, locale fr_FR
> at
> java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:
> 1539) at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1278)
> at java.util.ResourceBundle.getBundle(ResourceBundle.java:733) at
> com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1103)
> at
> com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1176)
> at com.netscape.certsrv.apps.CMS.getLogMessage(CMS.java:637)
> at
> com.netscape.cms.servlet.common.Utils.initializeAuthz(Utils.java:89)
> at
> com.netscape.cms.servlet.base.CMSServlet.init(CMSServlet.java:288)
> at
> com.netscape.cms.servlet.csadmin.GetStatus.init(GetStatus.java:61)
> at
> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1
> 139) at
> org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:791)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.j
> ava:127) at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.j
> ava:172) at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:12
> 7) at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:11
> 7) at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:548)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.jav
> a:108) at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
> at
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.process
> Connection(Http11BaseProtocol.java:665) at
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.ja
> va:528) at
> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerW
> orkerThread.java:81) at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.ja
> va:689) at java.lang.Thread.run(Thread.java:636)
> 28 avr. 2010 16:08:58 org.apache.catalina.core.StandardWrapperValve invoke
> GRAVE: Exception lors de l'allocation pour la servlet caGetStatus
> java.util.MissingResourceException: Can't find bundle for base name
> LogMessages, locale fr_FR
> at
> java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:
> 1539) at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1278)
> at java.util.ResourceBundle.getBundle(ResourceBundle.java:733) at
> com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1103)
> at
> com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1176)
> at com.netscape.certsrv.apps.CMS.getLogMessage(CMS.java:637)
> at
> com.netscape.cms.servlet.common.Utils.initializeAuthz(Utils.java:89)
> at
> com.netscape.cms.servlet.base.CMSServlet.init(CMSServlet.java:288)
> at
> com.netscape.cms.servlet.csadmin.GetStatus.init(GetStatus.java:61)
> at
> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1
> 139) at
> org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:791)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.j
> ava:127) at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.j
> ava:172) at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:12
> 7) at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:11
> 7) at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:548)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.jav
> a:108) at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
> at
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.process
> Connection(Http11BaseProtocol.java:665) at
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.ja
> va:528) at
> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerW
> orkerThread.java:81) at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.ja
> va:689) at java.lang.Thread.run(Thread.java:636)
> [Fatal Error] :1:8: The string "--" is not permitted within comments.
> Exception caught: java.io.IOException: The value for
> preop.cert.signing.type should be remote
> Exception caught: java.io.IOException: The value for
> preop.cert.ocsp_signing.type should be remote
> Exception caught: java.io.IOException: The value for
> preop.cert.sslserver.type should be remote
> Exception caught: java.io.IOException: The value for
> preop.cert.subsystem.type should be remote
> Exception caught: java.io.IOException: The value for
> preop.cert.audit_signing.type should be remote
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
--
Oliver Burtchen, Berlin
More information about the Freeipa-users
mailing list