[Freeipa-users] ipa-replica-install IPA startup timing issue
Daryl Fonseca-Holt
Daryl.Fonseca-Holt at umanitoba.ca
Mon Mar 14 19:46:03 UTC 2016
Hello Thierry,
Attached is the pstacks from only the final DS restart. I don't think
they will show the whole picture.
According to the debug log /var/log/ipareplica-install.log (attached)
the start of the krb5kdc.service (19:13:16Z) is successful, but the
krb5kdc log (attach) shows it is unable to fetch the master K/M at
14:31:31CDT (-5hour offset). This is when the install log shows kadmind
failing.
In my experience with the master observing top there are two intense
times for ns-slapd-<instance>. The first when it start, of course, and
the second when krb5kdc starts. I assume this is because krb5kdc must
get it's configuration and data from the same DS. krb5kdc fails but the
ipareplica-install script isn't aware of it. Finally kadmin.service
tries to access krb5kdc and finds that it is dead.
Please note these logs are with Schema Compatability and NIS plugins
turned off per the other e-mail from Alexander.
I've noticed on a running master I can prevent this type of failure by
manually starting dirsrv (systemctl start dirsrv@<instance>.service),
watch top until all threads of ns-slapd have settled, then systemctl
start krb5kdc.service, again watching top until ns-slapd threads have
settled down before systemctl start kadmin.service. This kind of manual
intervention is is not possible when running the ipareplica-install script.
I will look into introducing a delay at the completion of the dirsrv and
krb5kdc systemd units and see if I can accommodate ipareplica-install.
Just as an experiment for now. I need to advance the project into High
Availability testing but cannot do so without a functioning replica.
Regards, Daryl
On 03/14/16 09:20, thierry bordaz wrote:
> Hi Daryl,
>
> Thanks for all the data. I will look at the pstacks. A first look
> shows that you capture import, bind... so may be a complete
> ipa-replica-install session.
> I will try to retrieve the specific startup time to see what was going
> on at that time.
> If you have the time to monitor only startup, it will help me
> shrinking the set of pstacks.
> Startup of DS last > 1min. If you may start DS and as soon as the
> ns-slapd process is launched, do regular pstacks. Then when you are
> able to send a simple ldapsearch (ldapsearch -x -b "" -s base), you
> may stop taking pstacks.
>
> thanks
> thierry
>
> On 03/14/2016 03:06 PM, Daryl Fonseca-Holt wrote:
>> Hi Thierry,
>>
>> I moved the old logs into a subdirectory called try1. I did the
>> recommended ipa-server-install --uninstall. Tried the replica install
>> again. Failed during kadmind start like the previous time.
>>
>> The log from ipa-replica-install (with -d) is at
>> http://home.cc.umanitoba.ca/~fonsecah/ipa/ipareplica-install.log
>> The console script (mostly the same as the log but with my entries)
>> is at
>> http://home.cc.umanitoba.ca/~fonsecah/ipa/ipa-replica-install.console
>> The 5 second pstacks are at
>> http://home.cc.umanitoba.ca/~fonsecah/ipa/slapd-pstacks.console
>>
>> Thanks, Daryl
>>
>>
>> On 03/11/16 02:40, thierry bordaz wrote:
>>> Hello Deryl,
>>>
>>> My understanding is that ns-slapd is first slow to startup. Then
>>> when krb5kdc is starting it may load ns-slapd.
>>>
>>> We identified krb5kdc may be impacted by the number of users
>>> accounts.
>>> From the ns-slapd errors log it is not clear why it is so slow
>>> to start.
>>>
>>> Would you provide the ns-slapd access logs from that period.
>>> Also in order to know where ns-slapd is spending time, it would
>>> really help if you can get regular (each 5s) pstacks (with
>>> 389-ds-debuginfo), during DS startup and then later during
>>> krb5kdc startup.
>>>
>>> best regards
>>> thierry
>>>
>>>
>>> On 03/10/2016 11:10 PM, Daryl Fonseca-Holt wrote:
>>>> Environment:
>>>> RHEL 7.2
>>>> IPA 4.2.0-15
>>>> nss 3.19.1-19
>>>> 389-ds-base 1.3.4.0-26
>>>> sssd 1.13.0-40
>>>>
>>>>
>>>> I've encountered this problem in IPA 3.0.0 but hoped it was
>>>> addressed in 4.2.0.
>>>>
>>>> Trying to set up a replica of a master with 150,000+ user accounts,
>>>> NIS and Schema Compatability enabled on the master.
>>>>
>>>> During ipa-replica-install it attempts to start IPA. dirsrv starts,
>>>> krb5kdc starts, but then kadmind fails because krb5kdc has gone
>>>> missing.
>>>>
>>>> This happens during restart of IPA in version 3.0.0 too. There it
>>>> can be overcome by manually starting each component of IPA _but_
>>>> waiting until ns-slapd-<instance> has settled down (as seen from
>>>> top) before starting krb5kdc. I also think that the startup of
>>>> krb5kdc loads the LDAP instance quite a bit.
>>>>
>>>> There is a problem in the startup logic where dirsrv is so busy
>>>> that even though krb5kdc successfully starts and allows the kadmin
>>>> to begin kdb5kdc is not really able to do its duties.
>>>>
>>>> I'm reporting this since there must be some way to delay the start
>>>> of krb5kdc and then kadmind until ns-slapd-<instance> is really
>>>> open for business.
>>>>
>>>> # systemctl status krb5kdc.service
>>>> ● krb5kdc.service - Kerberos 5 KDC
>>>> Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service;
>>>> disabled; vendor preset: disabled)
>>>> Active: inactive (dead)
>>>>
>>>> Mar 10 14:19:13 jutta.cc.umanitoba.ca systemd[1]: Stopped Kerberos
>>>> 5 KDC.
>>>> Mar 10 14:20:36 jutta.cc.umanitoba.ca systemd[1]: Starting Kerberos
>>>> 5 KDC...
>>>> Mar 10 14:20:39 jutta.cc.umanitoba.ca systemd[1]: Started Kerberos
>>>> 5 KDC.
>>>>
>>>> # systemctl status krb5kdc.service
>>>> ● krb5kdc.service - Kerberos 5 KDC
>>>> Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service;
>>>> disabled; vendor preset: disabled)
>>>> Active: inactive (dead)
>>>>
>>>> Mar 10 14:19:13 jutta.cc.umanitoba.ca systemd[1]: Stopped Kerberos
>>>> 5 KDC.
>>>> Mar 10 14:20:36 jutta.cc.umanitoba.ca systemd[1]: Starting Kerberos
>>>> 5 KDC...
>>>> Mar 10 14:20:39 jutta.cc.umanitoba.ca systemd[1]: Started Kerberos
>>>> 5 KDC.
>>>>
>>>> journalctl -xe was stale by the time I got to it so I've attached
>>>> /var/log/messages instead.
>>>>
>>>> The log from ipa-replica-install (with -d) is at
>>>> http://home.cc.umanitoba.ca/~fonsecah/ipa/ipareplica-install.log
>>>> The console script (mostly the same as the log but with my entries)
>>>> is at
>>>> http://home.cc.umanitoba.ca/~fonsecah/ipa/ipa-replica-install.console
>>>> The /var/log/dirsrv/ns-slapd-<instance> access log is at
>>>> http://home.cc.umanitoba.ca/~fonsecah/ipa/access
>>>>
>>>> Regards, Daryl
>>>>
>>>>
>>>>
>>>
>>
>> --
>> --
>> Daryl Fonseca-Holt
>> IST/CNS/Unix Server Team
>> University of Manitoba
>> 204.480.1079
>
--
--
Daryl Fonseca-Holt
IST/CNS/Unix Server Team
University of Manitoba
204.480.1079
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160314/a9b96cde/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: slapd-short-pstacks.console
Type: application/octet-stream
Size: 288656 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160314/a9b96cde/attachment.obj>
-------------- next part --------------
2016-03-14T19:02:32Z DEBUG Logging to /var/log/ipareplica-install.log
2016-03-14T19:02:32Z DEBUG ipa-replica-install was invoked with arguments ['/var/lib/ipa/replica-info-jutta.cc.umanitoba.ca.gpg'] and options: {'no_dns_sshfp': None, 'skip_schema_check': None, 'no_ntp': True, 'setup_kra': None, 'ip_addresses': None, 'mkhomedir': None, 'setup_ca': True, 'no_pkinit': None, 'verbose': True, 'no_forwarders': None, 'ssh_trust_dns': None, 'setup_dns': None, 'no_reverse': None, 'reverse_zones': None, 'unattended': False, 'no_host_dns': None, 'no_sshd': True, 'no_ui_redirect': None, 'forwarders': None, 'skip_conncheck': None, 'no_ssh': True, 'quiet': False, 'no_dnssec_validation': None, 'log_file': None}
2016-03-14T19:02:32Z DEBUG IPA version 4.2.0-15.el7_2.6
2016-03-14T19:02:32Z DEBUG Starting external process
2016-03-14T19:02:32Z DEBUG args='/usr/sbin/selinuxenabled'
2016-03-14T19:02:32Z DEBUG Process finished, return code=1
2016-03-14T19:02:32Z DEBUG stdout=
2016-03-14T19:02:32Z DEBUG stderr=
2016-03-14T19:02:32Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
2016-03-14T19:02:32Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:02:32Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2016-03-14T19:02:32Z DEBUG Starting external process
2016-03-14T19:02:32Z DEBUG args='/usr/sbin/httpd' '-t' '-D' 'DUMP_VHOSTS'
2016-03-14T19:02:33Z DEBUG Process finished, return code=0
2016-03-14T19:02:33Z DEBUG stdout=VirtualHost configuration:
*:8443 jutta.cc.umanitoba.ca (/etc/httpd/conf.d/nss.conf:83)
2016-03-14T19:02:33Z DEBUG stderr=
2016-03-14T19:02:33Z DEBUG Starting external process
2016-03-14T19:02:33Z DEBUG args='/usr/bin/gpg-agent' '--batch' '--homedir' '/tmp/tmpCOFxLUipa/ipa-JUd2hX/.gnupg' '--daemon' '/usr/bin/gpg' '--batch' '--homedir' '/tmp/tmpCOFxLUipa/ipa-JUd2hX/.gnupg' '--passphrase-fd' '0' '--yes' '--no-tty' '-o' '/tmp/tmpCOFxLUipa/files.tar' '-d' '/var/lib/ipa/replica-info-jutta.cc.umanitoba.ca.gpg'
2016-03-14T19:02:33Z DEBUG Process finished, return code=0
2016-03-14T19:02:33Z DEBUG Starting external process
2016-03-14T19:02:33Z DEBUG args='tar' 'xf' '/tmp/tmpCOFxLUipa/files.tar' '-C' '/tmp/tmpCOFxLUipa'
2016-03-14T19:02:33Z DEBUG Process finished, return code=0
2016-03-14T19:02:33Z DEBUG stdout=
2016-03-14T19:02:33Z DEBUG stderr=
2016-03-14T19:02:33Z DEBUG Installing replica file with version 40200 (0 means no version in prepared file).
2016-03-14T19:02:33Z DEBUG Check if jutta.cc.umanitoba.ca is a primary hostname for localhost
2016-03-14T19:02:33Z DEBUG Primary hostname for localhost: jutta.cc.umanitoba.ca
2016-03-14T19:02:33Z DEBUG Search DNS for jutta.cc.umanitoba.ca
2016-03-14T19:02:33Z DEBUG Check if jutta.cc.umanitoba.ca is not a CNAME
2016-03-14T19:02:33Z DEBUG Check reverse address of 130.179.19.176
2016-03-14T19:02:33Z DEBUG Found reverse name: jutta.cc.umanitoba.ca
2016-03-14T19:02:33Z DEBUG importing all plugin modules in ipalib.plugins...
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.aci
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.automember
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.automount
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.baseldap
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.baseuser
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.batch
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.caacl
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.cert
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.certprofile
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.config
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.delegation
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.dns
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.domainlevel
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.group
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.hbacrule
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.hbacsvc
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.hbacsvcgroup
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.hbactest
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.host
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.hostgroup
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.idrange
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.idviews
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.internal
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.kerberos
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.krbtpolicy
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.migration
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.misc
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.netgroup
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.otpconfig
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.otptoken
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.otptoken_yubikey
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.passwd
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.permission
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.ping
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.pkinit
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.privilege
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.pwpolicy
2016-03-14T19:02:33Z DEBUG Starting external process
2016-03-14T19:02:33Z DEBUG args='klist' '-V'
2016-03-14T19:02:33Z DEBUG Process finished, return code=0
2016-03-14T19:02:33Z DEBUG stdout=Kerberos 5 version 1.13.2
2016-03-14T19:02:33Z DEBUG stderr=
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.radiusproxy
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.realmdomains
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.role
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.rpcclient
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.selfservice
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.selinuxusermap
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.server
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.service
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.servicedelegation
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.session
2016-03-14T19:02:33Z WARNING session memcached servers not running
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.stageuser
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.sudocmd
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.sudocmdgroup
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.sudorule
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.topology
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.trust
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.user
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.vault
2016-03-14T19:02:33Z DEBUG importing plugin module ipalib.plugins.virtual
2016-03-14T19:02:33Z DEBUG importing all plugin modules in ipaserver.plugins...
2016-03-14T19:02:33Z DEBUG importing plugin module ipaserver.plugins.dogtag
2016-03-14T19:02:33Z DEBUG importing plugin module ipaserver.plugins.join
2016-03-14T19:02:33Z DEBUG importing plugin module ipaserver.plugins.ldap2
2016-03-14T19:02:33Z DEBUG importing plugin module ipaserver.plugins.rabase
2016-03-14T19:02:33Z DEBUG importing plugin module ipaserver.plugins.xmlserver
2016-03-14T19:02:33Z DEBUG importing all plugin modules in ipaserver.install.plugins...
2016-03-14T19:02:33Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
2016-03-14T19:02:33Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
2016-03-14T19:02:33Z DEBUG importing plugin module ipaserver.install.plugins.dns
2016-03-14T19:02:33Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
2016-03-14T19:02:33Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
2016-03-14T19:02:33Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
2016-03-14T19:02:33Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
2016-03-14T19:02:33Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
2016-03-14T19:02:33Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
2016-03-14T19:02:33Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
2016-03-14T19:02:33Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
2016-03-14T19:02:33Z DEBUG importing plugin module ipaserver.install.plugins.update_services
2016-03-14T19:02:33Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
2016-03-14T19:02:33Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
2016-03-14T19:02:33Z DEBUG SessionAuthManager.register: name=jsonserver_session_66948368
2016-03-14T19:02:33Z DEBUG SessionAuthManager.register: name=xmlserver_session_66967248
2016-03-14T19:02:34Z DEBUG Mounting ipaserver.rpcserver.login_password() at '/session/login_password'
2016-03-14T19:02:34Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:02:34Z DEBUG Mounting ipaserver.rpcserver.xmlserver() at '/xml'
2016-03-14T19:02:34Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:02:34Z DEBUG Mounting ipaserver.rpcserver.xmlserver_session() at '/session/xml'
2016-03-14T19:02:34Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:02:34Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:02:34Z DEBUG Mounting ipaserver.rpcserver.jsonserver_session() at '/session/json'
2016-03-14T19:02:34Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:02:34Z DEBUG Mounting ipaserver.rpcserver.login_kerberos() at '/session/login_kerberos'
2016-03-14T19:02:34Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:02:34Z DEBUG Mounting ipaserver.rpcserver.change_password() at '/session/change_password'
2016-03-14T19:02:34Z DEBUG Mounting ipaserver.rpcserver.sync_token() at '/session/sync_token'
2016-03-14T19:02:35Z DEBUG Mounting ipaserver.rpcserver.jsonserver_kerb() at '/json'
2016-03-14T19:02:35Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:02:35Z DEBUG Check if mork.cc.umanitoba.ca is a primary hostname for localhost
2016-03-14T19:02:35Z DEBUG Primary hostname for localhost: mork.cc.umanitoba.ca
2016-03-14T19:02:35Z DEBUG Search DNS for mork.cc.umanitoba.ca
2016-03-14T19:02:35Z DEBUG Check if mork.cc.umanitoba.ca is not a CNAME
2016-03-14T19:02:35Z DEBUG Check reverse address of 130.179.19.177
2016-03-14T19:02:35Z DEBUG Found reverse name: mork.cc.umanitoba.ca
2016-03-14T19:02:35Z DEBUG importing all plugin modules in ipalib.plugins...
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.aci
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.automember
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.automount
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.baseldap
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.baseuser
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.batch
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.caacl
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.cert
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.certprofile
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.config
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.delegation
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.dns
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.domainlevel
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.group
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.hbacrule
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.hbacsvc
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.hbacsvcgroup
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.hbactest
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.host
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.hostgroup
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.idrange
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.idviews
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.internal
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.kerberos
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.krbtpolicy
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.migration
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.misc
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.netgroup
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.otpconfig
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.otptoken
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.otptoken_yubikey
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.passwd
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.permission
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.ping
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.pkinit
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.privilege
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.pwpolicy
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.radiusproxy
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.realmdomains
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.role
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.rpcclient
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.selfservice
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.selinuxusermap
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.server
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.service
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.servicedelegation
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.session
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.stageuser
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.sudocmd
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.sudocmdgroup
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.sudorule
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.topology
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.trust
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.user
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.vault
2016-03-14T19:02:35Z DEBUG importing plugin module ipalib.plugins.virtual
2016-03-14T19:02:35Z DEBUG importing all plugin modules in ipaserver.plugins...
2016-03-14T19:02:35Z DEBUG importing plugin module ipaserver.plugins.dogtag
2016-03-14T19:02:35Z DEBUG importing plugin module ipaserver.plugins.join
2016-03-14T19:02:35Z DEBUG importing plugin module ipaserver.plugins.ldap2
2016-03-14T19:02:35Z DEBUG importing plugin module ipaserver.plugins.rabase
2016-03-14T19:02:35Z DEBUG importing plugin module ipaserver.plugins.xmlserver
2016-03-14T19:02:35Z DEBUG importing all plugin modules in ipaserver.install.plugins...
2016-03-14T19:02:35Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
2016-03-14T19:02:35Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
2016-03-14T19:02:35Z DEBUG importing plugin module ipaserver.install.plugins.dns
2016-03-14T19:02:35Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
2016-03-14T19:02:35Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
2016-03-14T19:02:35Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
2016-03-14T19:02:35Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
2016-03-14T19:02:35Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
2016-03-14T19:02:35Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
2016-03-14T19:02:35Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
2016-03-14T19:02:35Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
2016-03-14T19:02:35Z DEBUG importing plugin module ipaserver.install.plugins.update_services
2016-03-14T19:02:35Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
2016-03-14T19:02:35Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
2016-03-14T19:02:35Z DEBUG SessionAuthManager.register: name=jsonserver_session_97499152
2016-03-14T19:02:35Z DEBUG SessionAuthManager.register: name=xmlserver_session_97501008
2016-03-14T19:02:35Z DEBUG Mounting ipaserver.rpcserver.login_password() at '/session/login_password'
2016-03-14T19:02:35Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:02:35Z DEBUG Mounting ipaserver.rpcserver.xmlserver() at '/xml'
2016-03-14T19:02:35Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:02:35Z DEBUG Mounting ipaserver.rpcserver.xmlserver_session() at '/session/xml'
2016-03-14T19:02:35Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:02:35Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:02:36Z DEBUG Mounting ipaserver.rpcserver.jsonserver_session() at '/session/json'
2016-03-14T19:02:36Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:02:36Z DEBUG Mounting ipaserver.rpcserver.login_kerberos() at '/session/login_kerberos'
2016-03-14T19:02:36Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:02:36Z DEBUG Mounting ipaserver.rpcserver.change_password() at '/session/change_password'
2016-03-14T19:02:36Z DEBUG Mounting ipaserver.rpcserver.sync_token() at '/session/sync_token'
2016-03-14T19:02:36Z DEBUG Mounting ipaserver.rpcserver.jsonserver_kerb() at '/json'
2016-03-14T19:02:36Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:02:37Z DEBUG Created connection context.ldap2_97498768
2016-03-14T19:02:37Z DEBUG raw: domainlevel_get(version=u'2.156')
2016-03-14T19:02:37Z DEBUG domainlevel_get(version=u'2.156')
2016-03-14T19:02:37Z DEBUG flushing ldaps://mork.cc.umanitoba.ca from SchemaCache
2016-03-14T19:02:37Z DEBUG retrieving schema for SchemaCache url=ldaps://mork.cc.umanitoba.ca conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x3e94638>
2016-03-14T19:02:37Z DEBUG No IPA DNS servers, skipping forward/reverse resolution check
2016-03-14T19:02:37Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:02:37Z DEBUG Installing CA Replica from master with a merged database
2016-03-14T19:02:37Z DEBUG Destroyed connection context.ldap2_97498768
2016-03-14T19:02:37Z DEBUG Starting external process
2016-03-14T19:02:37Z DEBUG args='/sbin/ip' '-family' 'inet' '-oneline' 'address' 'show'
2016-03-14T19:02:37Z DEBUG Process finished, return code=0
2016-03-14T19:02:37Z DEBUG stdout=1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever
2: eth0 inet 130.179.19.176/22 brd 130.179.19.255 scope global dynamic eth0\ valid_lft 696063sec preferred_lft 696063sec
2016-03-14T19:02:37Z DEBUG stderr=
2016-03-14T19:02:37Z DEBUG Starting external process
2016-03-14T19:02:37Z DEBUG args='/usr/sbin/ipa-replica-conncheck' '--master' 'mork.cc.umanitoba.ca' '--auto-master-check' '--realm' 'UOFMT1' '--principal' 'admin' '--hostname' 'jutta.cc.umanitoba.ca' '--password' XXXXXXXX
2016-03-14T19:02:40Z DEBUG Process finished, return code=0
2016-03-14T19:02:40Z DEBUG group dirsrv exists
2016-03-14T19:02:40Z DEBUG user dirsrv exists
2016-03-14T19:02:40Z DEBUG Created connection context.ldap2_97498768
2016-03-14T19:02:40Z DEBUG flushing ldaps://mork.cc.umanitoba.ca from SchemaCache
2016-03-14T19:02:40Z DEBUG retrieving schema for SchemaCache url=ldaps://mork.cc.umanitoba.ca conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x3e94638>
2016-03-14T19:02:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:02:41Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2016-03-14T19:02:41Z DEBUG Configuring directory server (dirsrv). Estimated time: 1 minute
2016-03-14T19:02:41Z DEBUG [1/38]: creating directory server user
2016-03-14T19:02:41Z DEBUG group dirsrv exists
2016-03-14T19:02:41Z DEBUG user dirsrv exists
2016-03-14T19:02:41Z DEBUG duration: 0 seconds
2016-03-14T19:02:41Z DEBUG [2/38]: creating directory server instance
2016-03-14T19:02:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:02:41Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:02:41Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv'
2016-03-14T19:02:41Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2016-03-14T19:02:41Z DEBUG
dn: dc=uofmt1
objectClass: top
objectClass: domain
objectClass: pilotObject
dc: uofmt1
info: IPA V2.0
2016-03-14T19:02:41Z DEBUG writing inf template
2016-03-14T19:02:41Z DEBUG
[General]
FullMachineName= jutta.cc.umanitoba.ca
SuiteSpotUserID= dirsrv
SuiteSpotGroup= dirsrv
ServerRoot= /usr/lib64/dirsrv
[slapd]
ServerPort= 389
ServerIdentifier= UOFMT1
Suffix= dc=uofmt1
RootDN= cn=Directory Manager
InstallLdifFile= /var/lib/dirsrv/boot.ldif
inst_dir= /var/lib/dirsrv/scripts-UOFMT1
2016-03-14T19:02:41Z DEBUG calling setup-ds.pl
2016-03-14T19:02:41Z DEBUG Starting external process
2016-03-14T19:02:41Z DEBUG args='/usr/sbin/setup-ds.pl' '--silent' '--logfile' '-' '-f' '/tmp/tmp4rM8Y0'
2016-03-14T19:02:50Z DEBUG Process finished, return code=0
2016-03-14T19:02:50Z DEBUG stdout=[16/03/14:14:02:50] - [Setup] Info Your new DS instance 'UOFMT1' was successfully created.
Your new DS instance 'UOFMT1' was successfully created.
[16/03/14:14:02:50] - [Setup] Success Exiting . . .
Log file is '-'
Exiting . . .
Log file is '-'
2016-03-14T19:02:50Z DEBUG stderr=
2016-03-14T19:02:50Z DEBUG completed creating ds instance
2016-03-14T19:02:50Z DEBUG restarting ds instance
2016-03-14T19:02:50Z DEBUG Starting external process
2016-03-14T19:02:50Z DEBUG args='/bin/systemctl' '--system' 'daemon-reload'
2016-03-14T19:02:50Z DEBUG Process finished, return code=0
2016-03-14T19:02:50Z DEBUG stdout=
2016-03-14T19:02:50Z DEBUG stderr=
2016-03-14T19:02:50Z DEBUG Starting external process
2016-03-14T19:02:50Z DEBUG args='/bin/systemctl' 'restart' 'dirsrv at UOFMT1.service'
2016-03-14T19:02:52Z DEBUG Process finished, return code=0
2016-03-14T19:02:52Z DEBUG stdout=
2016-03-14T19:02:52Z DEBUG stderr=
2016-03-14T19:02:52Z DEBUG Starting external process
2016-03-14T19:02:52Z DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at UOFMT1.service'
2016-03-14T19:02:52Z DEBUG Process finished, return code=0
2016-03-14T19:02:52Z DEBUG stdout=active
2016-03-14T19:02:52Z DEBUG stderr=
2016-03-14T19:02:52Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at UOFMT1.service'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=active
2016-03-14T19:02:53Z DEBUG stderr=
2016-03-14T19:02:53Z DEBUG done restarting ds instance
2016-03-14T19:02:53Z DEBUG duration: 11 seconds
2016-03-14T19:02:53Z DEBUG [3/38]: adding default schema
2016-03-14T19:02:53Z DEBUG duration: 0 seconds
2016-03-14T19:02:53Z DEBUG [4/38]: enabling memberof plugin
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/memberof-conf.ldif' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpRr603D'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=replace nsslapd-pluginenabled:
on
add memberofgroupattr:
memberUser
add memberofgroupattr:
memberHost
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"
modify complete
2016-03-14T19:02:53Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:02:53Z DEBUG duration: 0 seconds
2016-03-14T19:02:53Z DEBUG [5/38]: enabling winsync plugin
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/ipa-winsync-conf.ldif' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpk33ox8'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
ipa-winsync
add nsslapd-pluginpath:
libipa_winsync
add nsslapd-plugininitfunc:
ipa_winsync_plugin_init
add nsslapd-pluginDescription:
Allows IPA to work with the DS windows sync feature
add nsslapd-pluginid:
ipa-winsync
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat
add nsslapd-plugintype:
preoperation
add nsslapd-pluginenabled:
on
add nsslapd-plugin-depends-on-type:
database
add ipaWinSyncRealmFilter:
(objectclass=krbRealmContainer)
add ipaWinSyncRealmAttr:
cn
add ipaWinSyncNewEntryFilter:
(cn=ipaConfig)
add ipaWinSyncNewUserOCAttr:
ipauserobjectclasses
add ipaWinSyncUserFlatten:
true
add ipaWinsyncHomeDirAttr:
ipaHomesRootDir
add ipaWinsyncLoginShellAttr:
ipaDefaultLoginShell
add ipaWinSyncDefaultGroupAttr:
ipaDefaultPrimaryGroup
add ipaWinSyncDefaultGroupFilter:
(gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames)
add ipaWinSyncAcctDisable:
both
add ipaWinSyncForceSync:
true
add ipaWinSyncUserAttr:
uidNumber -1
gidNumber -1
adding new entry "cn=ipa-winsync,cn=plugins,cn=config"
modify complete
2016-03-14T19:02:53Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:02:53Z DEBUG duration: 0 seconds
2016-03-14T19:02:53Z DEBUG [6/38]: configuring replication version plugin
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/version-conf.ldif' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp8_d7c6'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA Version Replication
add nsslapd-pluginpath:
libipa_repl_version
add nsslapd-plugininitfunc:
repl_version_plugin_init
add nsslapd-plugintype:
preoperation
add nsslapd-pluginenabled:
off
add nsslapd-pluginid:
ipa_repl_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA Replication version plugin
add nsslapd-plugin-depends-on-type:
database
add nsslapd-plugin-depends-on-named:
Multimaster Replication Plugin
adding new entry "cn=IPA Version Replication,cn=plugins,cn=config"
modify complete
2016-03-14T19:02:53Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:02:53Z DEBUG duration: 0 seconds
2016-03-14T19:02:53Z DEBUG [7/38]: enabling IPA enrollment plugin
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpvoZMl6' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpJw4PXC'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
ipa_enrollment_extop
add nsslapd-pluginpath:
libipa_enrollment_extop
add nsslapd-plugininitfunc:
ipaenrollment_init
add nsslapd-plugintype:
extendedop
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipa_enrollment_extop
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
RedHat
add nsslapd-plugindescription:
Enroll hosts into the IPA domain
add nsslapd-plugin-depends-on-type:
database
add nsslapd-realmTree:
dc=uofmt1
adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config"
modify complete
2016-03-14T19:02:53Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:02:53Z DEBUG duration: 0 seconds
2016-03-14T19:02:53Z DEBUG [8/38]: enabling ldapi
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpUhp7GY' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpLvl60n'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=replace nsslapd-ldapilisten:
on
modifying entry "cn=config"
modify complete
2016-03-14T19:02:53Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:02:53Z DEBUG duration: 0 seconds
2016-03-14T19:02:53Z DEBUG [9/38]: configuring uniqueness plugin
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpp8PywA' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpATzitJ'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
krbPrincipalName uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
krbPrincipalName
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
add uniqueness-subtrees:
dc=uofmt1
add uniqueness-exclude-subtrees:
cn=staged users,cn=accounts,cn=provisioning,dc=uofmt1
add uniqueness-across-all-subtrees:
on
adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
krbCanonicalName uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
krbCanonicalName
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
add uniqueness-subtrees:
dc=uofmt1
add uniqueness-exclude-subtrees:
cn=staged users,cn=accounts,cn=provisioning,dc=uofmt1
add uniqueness-across-all-subtrees:
on
adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
netgroup uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
cn
add uniqueness-subtrees:
cn=ng,cn=alt,dc=uofmt1
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
ipaUniqueID uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
ipaUniqueID
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
add uniqueness-subtrees:
dc=uofmt1
add uniqueness-exclude-subtrees:
cn=staged users,cn=accounts,cn=provisioning,dc=uofmt1
add uniqueness-across-all-subtrees:
on
adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
sudorule name uniqueness
add nsslapd-pluginDescription:
Enforce unique attribute values
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
cn
add uniqueness-subtrees:
cn=sudorules,cn=sudo,dc=uofmt1
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config"
modify complete
2016-03-14T19:02:53Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:02:53Z DEBUG duration: 0 seconds
2016-03-14T19:02:53Z DEBUG [10/38]: configuring uuid plugin
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/uuid-conf.ldif' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpna2RHp'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA UUID
add nsslapd-pluginpath:
libipa_uuid
add nsslapd-plugininitfunc:
ipauuid_init
add nsslapd-plugintype:
preoperation
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipauuid_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA UUID plugin
add nsslapd-plugin-depends-on-type:
database
adding new entry "cn=IPA UUID,cn=plugins,cn=config"
modify complete
2016-03-14T19:02:53Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpP0E7KH' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmplYhiqW'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=add objectclass:
top
extensibleObject
add cn:
IPA Unique IDs
add ipaUuidAttr:
ipaUniqueID
add ipaUuidMagicRegen:
autogenerate
add ipaUuidFilter:
(|(objectclass=ipaObject)(objectclass=ipaAssociation))
add ipaUuidScope:
dc=uofmt1
add ipaUuidEnforce:
TRUE
adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
modify complete
add objectclass:
top
extensibleObject
add cn:
IPK11 Unique IDs
add ipaUuidAttr:
ipk11UniqueID
add ipaUuidMagicRegen:
autogenerate
add ipaUuidFilter:
(objectclass=ipk11Object)
add ipaUuidScope:
dc=uofmt1
add ipaUuidEnforce:
FALSE
adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
modify complete
2016-03-14T19:02:53Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:02:53Z DEBUG duration: 0 seconds
2016-03-14T19:02:53Z DEBUG [11/38]: configuring modrdn plugin
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/modrdn-conf.ldif' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp48MoCT'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA MODRDN
add nsslapd-pluginpath:
libipa_modrdn
add nsslapd-plugininitfunc:
ipamodrdn_init
add nsslapd-plugintype:
betxnpostoperation
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipamodrdn_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA MODRDN plugin
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginPrecedence:
60
adding new entry "cn=IPA MODRDN,cn=plugins,cn=config"
modify complete
2016-03-14T19:02:53Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpbdUiqu' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpJb2O4n'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=add objectclass:
top
extensibleObject
add cn:
Kerberos Principal Name
add ipaModRDNsourceAttr:
uid
add ipaModRDNtargetAttr:
krbPrincipalName
add ipaModRDNsuffix:
@UOFMT1
add ipaModRDNfilter:
(&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
add ipaModRDNscope:
dc=uofmt1
adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config"
modify complete
2016-03-14T19:02:53Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:02:53Z DEBUG duration: 0 seconds
2016-03-14T19:02:53Z DEBUG [12/38]: configuring DNS plugin
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/ipa-dns-conf.ldif' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpZ_w9Gf'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=add objectclass:
top
nsslapdPlugin
extensibleObject
add cn:
IPA DNS
add nsslapd-plugindescription:
IPA DNS support plugin
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipa_dns
add nsslapd-plugininitfunc:
ipadns_init
add nsslapd-pluginpath:
libipa_dns.so
add nsslapd-plugintype:
preoperation
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-pluginversion:
1.0
add nsslapd-plugin-depends-on-type:
database
adding new entry "cn=IPA DNS,cn=plugins,cn=config"
modify complete
2016-03-14T19:02:53Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:02:53Z DEBUG duration: 0 seconds
2016-03-14T19:02:53Z DEBUG [13/38]: enabling entryUSN plugin
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/entryusn.ldif' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpkBwK9N'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=replace nsslapd-entryusn-global:
on
modifying entry "cn=config"
modify complete
replace nsslapd-entryusn-import-initval:
next
modifying entry "cn=config"
modify complete
replace nsslapd-pluginenabled:
on
modifying entry "cn=USN,cn=plugins,cn=config"
modify complete
2016-03-14T19:02:53Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:02:53Z DEBUG duration: 0 seconds
2016-03-14T19:02:53Z DEBUG [14/38]: configuring lockout plugin
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/lockout-conf.ldif' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpiUGaAy'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA Lockout
add nsslapd-pluginpath:
libipa_lockout
add nsslapd-plugininitfunc:
ipalockout_init
add nsslapd-plugintype:
object
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipalockout_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA Lockout plugin
add nsslapd-plugin-depends-on-type:
database
adding new entry "cn=IPA Lockout,cn=plugins,cn=config"
modify complete
2016-03-14T19:02:53Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:02:53Z DEBUG duration: 0 seconds
2016-03-14T19:02:53Z DEBUG [15/38]: creating indices
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/indices.ldif' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpHty1Us'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=add objectClass:
top
nsIndex
add cn:
krbPrincipalName
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
ou
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
carLicense
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
title
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
manager
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
secretary
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
displayname
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add nsIndexType:
sub
modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
uidnumber
add nsSystemIndex:
false
add nsIndexType:
eq
add nsMatchingRule:
integerOrderingMatch
adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add objectClass:
top
nsIndex
add cn:
gidnumber
add nsSystemIndex:
false
add nsIndexType:
eq
add nsMatchingRule:
integerOrderingMatch
adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
replace nsIndexType:
eq
pres
modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
replace nsIndexType:
eq
pres
modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add ObjectClass:
top
nsIndex
add cn:
fqdn
add nsSystemIndex:
false
add nsIndexType:
eq
pres
adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add ObjectClass:
top
nsIndex
add cn:
macAddress
add nsSystemIndex:
false
add nsIndexType:
eq
pres
adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
memberHost
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
memberUser
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
sourcehost
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
memberservice
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
managedby
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
memberallowcmd
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
memberdenycmd
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
ipasudorunas
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
ipasudorunasgroup
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
automountkey
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
ipakrbprincipalalias
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
ipauniqueid
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
ipaMemberCa
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
ipaMemberCertProfile
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add cn:
userCertificate
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
2016-03-14T19:02:53Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:02:53Z DEBUG duration: 0 seconds
2016-03-14T19:02:53Z DEBUG [16/38]: enabling referential integrity plugin
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/referint-conf.ldif' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpLOyHan'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=replace nsslapd-pluginenabled:
on
modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config"
modify complete
2016-03-14T19:02:53Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:02:53Z DEBUG duration: 0 seconds
2016-03-14T19:02:53Z DEBUG [17/38]: configuring ssl for ds instance
2016-03-14T19:02:53Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/certutil' '-d' '/etc/dirsrv/slapd-UOFMT1/' '-N' '-f' '/etc/dirsrv/slapd-UOFMT1//pwdfile.txt'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=
2016-03-14T19:02:53Z DEBUG stderr=
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/pk12util' '-d' '/etc/dirsrv/slapd-UOFMT1/' '-i' '/tmp/tmpCOFxLUipa/realm_info/dscert.p12' '-k' '/etc/dirsrv/slapd-UOFMT1//pwdfile.txt' '-v' '-w' '/dev/stdin'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=pk12util: PKCS12 IMPORT SUCCESSFUL
2016-03-14T19:02:53Z DEBUG stderr=
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/certutil' '-d' '/etc/dirsrv/slapd-UOFMT1/' '-L'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Server-Cert u,u,u
UOFMT1 IPA CA ,,
2016-03-14T19:02:53Z DEBUG stderr=
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/certutil' '-d' '/etc/dirsrv/slapd-UOFMT1/' '-A' '-n' 'CA 1' '-t' ',,' '-a'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=
2016-03-14T19:02:53Z DEBUG stderr=
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/certutil' '-d' '/etc/dirsrv/slapd-UOFMT1/' '-O' '-n' 'Server-Cert'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout="UOFMT1 IPA CA" [CN=Certificate Authority,O=UOFMT1]
"Server-Cert" [CN=jutta.cc.umanitoba.ca,OU=pki-ipa,O=IPA]
2016-03-14T19:02:53Z DEBUG stderr=
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/certutil' '-d' '/etc/dirsrv/slapd-UOFMT1/' '-M' '-n' 'UOFMT1 IPA CA' '-t' 'CT,C,C'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout=
2016-03-14T19:02:53Z DEBUG stderr=
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/certutil' '-d' '/etc/dirsrv/slapd-UOFMT1/' '-O' '-n' 'Server-Cert'
2016-03-14T19:02:53Z DEBUG Process finished, return code=0
2016-03-14T19:02:53Z DEBUG stdout="UOFMT1 IPA CA" [CN=Certificate Authority,O=UOFMT1]
"Server-Cert" [CN=jutta.cc.umanitoba.ca,OU=pki-ipa,O=IPA]
2016-03-14T19:02:53Z DEBUG stderr=
2016-03-14T19:02:53Z DEBUG Starting external process
2016-03-14T19:02:53Z DEBUG args='/usr/bin/certutil' '-d' '/etc/dirsrv/slapd-UOFMT1/' '-L' '-n' 'UOFMT1 IPA CA' '-a'
2016-03-14T19:02:54Z DEBUG Process finished, return code=0
2016-03-14T19:02:54Z DEBUG stdout=-----BEGIN CERTIFICATE-----
MIIDhjCCAm6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAxMQ8wDQYDVQQKDAZVT0ZN
VDExHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjAyMTIxMzQ3
MDdaFw0zNjAyMTIxMzQ3MDdaMDExDzANBgNVBAoMBlVPRk1UMTEeMBwGA1UEAwwV
Q2VydGlmaWNhdGUgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAxyrEHq/FMY5OV7bh0MM+JItSh/PDDcbcp2Q793vtnTFfFX1oEJTu5A6S
1ATshlPfq9vbjkph0WuLZetbivBodLevCFCfIxBp+PJqPk+FpahowmT8lheFOXs/
Tu/IthqL9ykXOc8HBUK6WU83ICNYwDjFD95ShbWy9oM//kkRJvdC4dRZU6g5UDav
0/bWol76UauFHLRiDPSri0G5eIP0YDUkrFtXhezVZJZX4y/FNYhXRFqLPVplV6dY
izoCIOABMpuiNiFFSvP5S4qjcpPGBqF5mfAnuzYfgHLM+xr7nutDLZXfcAclX6ep
lN7RMCpZEVve9AKU7geigBzV//sT6wIDAQABo4GoMIGlMB8GA1UdIwQYMBaAFOsQ
UcQthYZk+osgO4FcNl7KI4oEMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
AgHGMB0GA1UdDgQWBBTrEFHELYWGZPqLIDuBXDZeyiOKBDBCBggrBgEFBQcBAQQ2
MDQwMgYIKwYBBQUHMAGGJmh0dHA6Ly9tb3JrLmNjLnVtYW5pdG9iYS5jYTo4MC9j
YS9vY3NwMA0GCSqGSIb3DQEBCwUAA4IBAQCteJIO2uwNp7H/4yyG80VU8iGO9yn8
rj8wQM6lE0RGC0iNjzV/p+KltUxbuE2xJKoiqEFScXFQ6suQtco3MQAn6ZunCYLY
vlDosNsrgeA9ZsJzODP/y1WD+swB8ELWArAQQVxcFKSMmITEywO0x+dzM+1KCP4R
siTzN3uiiGjm3r3Zh1kWZhW44ArLD/e170df3rGP4m6U85a7ZfUXiRaOYj7D5M8p
VAHgx/zVZq8hPpIlqQvT0+HdD3Veh5vrZFkTzMSFCHqygKY3Bl+DWZ1mz/+X8KCi
yulmoyrUa5zGKDvahj1rM6hrYmrCnEExG3d7gBbt673UaKSdtWSkCY54
-----END CERTIFICATE-----
2016-03-14T19:02:54Z DEBUG stderr=
2016-03-14T19:02:54Z DEBUG Starting external process
2016-03-14T19:02:54Z DEBUG args='/usr/bin/certutil' '-d' '/etc/dirsrv/slapd-UOFMT1/' '-L'
2016-03-14T19:02:54Z DEBUG Process finished, return code=0
2016-03-14T19:02:54Z DEBUG stdout=
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Server-Cert u,u,u
UOFMT1 IPA CA CT,C,C
2016-03-14T19:02:54Z DEBUG stderr=
2016-03-14T19:02:54Z DEBUG Starting external process
2016-03-14T19:02:54Z DEBUG args='/usr/bin/certutil' '-d' '/etc/dirsrv/slapd-UOFMT1/' '-L' '-n' 'Server-Cert' '-a'
2016-03-14T19:02:54Z DEBUG Process finished, return code=0
2016-03-14T19:02:54Z DEBUG stdout=-----BEGIN CERTIFICATE-----
MIIDhDCCAmygAwIBAgIBGTANBgkqhkiG9w0BAQsFADAxMQ8wDQYDVQQKDAZVT0ZN
VDExHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjAzMTQxODU5
MjhaFw0xODAzMTUxODU5MjhaMEAxDDAKBgNVBAoMA0lQQTEQMA4GA1UECwwHcGtp
LWlwYTEeMBwGA1UEAwwVanV0dGEuY2MudW1hbml0b2JhLmNhMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/gCKz2M9oh4xryJ395DCM2xWzMv2ZOkgeIp
HnHIrlwIYF5nq+cuSnW/uO0QrXQQ3T7GEx6F/aN1zrfKeqLWI2ksqQlV6lsCEL9j
iycy7B7eqUh1HmoLNYxODPoso1YsBBZ2XIkOJvPdVJtH22BmAgf6TRBjo1rAUHls
al7sjYRkgIP/i2AdgmlwNTrgbNKQf7HF93E3gr/BRvx5FGo2A/e47l8o0fo5K4sS
k6j5dnD/SBxoYpjG9GI4yKP74GUcf5KLWxNOfA9fQp8NjhNvj9AN24/zzqABDP2a
LYPspB7KQu7hNUroHXVYycWDH9u8l34czNJA54IHsQ0pubBKHQIDAQABo4GXMIGU
MB8GA1UdIwQYMBaAFOsQUcQthYZk+osgO4FcNl7KI4oEMEIGCCsGAQUFBwEBBDYw
NDAyBggrBgEFBQcwAYYmaHR0cDovL21vcmsuY2MudW1hbml0b2JhLmNhOjgwL2Nh
L29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjANBgkqhkiG9w0BAQsFAAOCAQEApe9SdM0Vwd4txSVDr5We2hTmqRBKK0A3
i1vz7KxVGXUTib9SaXsgjq+NGOHPMDDyVXj81KFg+gwIzD7YRRf9z0zxOMTSthfD
dEb2pH8x12b1/Qkhwc7uUlVYWEhqivglGqbDn71vWQcRqk5Q0fDCA4GkXsMYzYnS
nCSv1FrjlhLZCUptkbjHmg+2RWMguNC/VbyIxVFPSmS29dj6eoxZ4zCigB+iq17E
zYvamQLgpcCXtO9ZKPZVCq+oO2OWv/VjxemhrRNDAwwowtwrCCAarQosbi33sgU7
+GsohIUghNpaM9ZAk9X7Awjlh0QpbZXkNDzNY2qnFT/+WgkkKqcx7w==
-----END CERTIFICATE-----
2016-03-14T19:02:54Z DEBUG stderr=
2016-03-14T19:02:54Z DEBUG Starting external process
2016-03-14T19:02:54Z DEBUG args='/usr/bin/certutil' '-d' '/etc/dirsrv/slapd-UOFMT1/' '-L' '-n' 'Server-Cert' '-a'
2016-03-14T19:02:54Z DEBUG Process finished, return code=0
2016-03-14T19:02:54Z DEBUG stdout=-----BEGIN CERTIFICATE-----
MIIDhDCCAmygAwIBAgIBGTANBgkqhkiG9w0BAQsFADAxMQ8wDQYDVQQKDAZVT0ZN
VDExHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjAzMTQxODU5
MjhaFw0xODAzMTUxODU5MjhaMEAxDDAKBgNVBAoMA0lQQTEQMA4GA1UECwwHcGtp
LWlwYTEeMBwGA1UEAwwVanV0dGEuY2MudW1hbml0b2JhLmNhMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/gCKz2M9oh4xryJ395DCM2xWzMv2ZOkgeIp
HnHIrlwIYF5nq+cuSnW/uO0QrXQQ3T7GEx6F/aN1zrfKeqLWI2ksqQlV6lsCEL9j
iycy7B7eqUh1HmoLNYxODPoso1YsBBZ2XIkOJvPdVJtH22BmAgf6TRBjo1rAUHls
al7sjYRkgIP/i2AdgmlwNTrgbNKQf7HF93E3gr/BRvx5FGo2A/e47l8o0fo5K4sS
k6j5dnD/SBxoYpjG9GI4yKP74GUcf5KLWxNOfA9fQp8NjhNvj9AN24/zzqABDP2a
LYPspB7KQu7hNUroHXVYycWDH9u8l34czNJA54IHsQ0pubBKHQIDAQABo4GXMIGU
MB8GA1UdIwQYMBaAFOsQUcQthYZk+osgO4FcNl7KI4oEMEIGCCsGAQUFBwEBBDYw
NDAyBggrBgEFBQcwAYYmaHR0cDovL21vcmsuY2MudW1hbml0b2JhLmNhOjgwL2Nh
L29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjANBgkqhkiG9w0BAQsFAAOCAQEApe9SdM0Vwd4txSVDr5We2hTmqRBKK0A3
i1vz7KxVGXUTib9SaXsgjq+NGOHPMDDyVXj81KFg+gwIzD7YRRf9z0zxOMTSthfD
dEb2pH8x12b1/Qkhwc7uUlVYWEhqivglGqbDn71vWQcRqk5Q0fDCA4GkXsMYzYnS
nCSv1FrjlhLZCUptkbjHmg+2RWMguNC/VbyIxVFPSmS29dj6eoxZ4zCigB+iq17E
zYvamQLgpcCXtO9ZKPZVCq+oO2OWv/VjxemhrRNDAwwowtwrCCAarQosbi33sgU7
+GsohIUghNpaM9ZAk9X7Awjlh0QpbZXkNDzNY2qnFT/+WgkkKqcx7w==
-----END CERTIFICATE-----
2016-03-14T19:02:54Z DEBUG stderr=
2016-03-14T19:02:54Z DEBUG flushing ldap://jutta.cc.umanitoba.ca:389 from SchemaCache
2016-03-14T19:02:54Z DEBUG retrieving schema for SchemaCache url=ldap://jutta.cc.umanitoba.ca:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x80d77a0>
2016-03-14T19:02:54Z DEBUG duration: 1 seconds
2016-03-14T19:02:54Z DEBUG [18/38]: configuring certmap.conf
2016-03-14T19:02:54Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
2016-03-14T19:02:54Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
2016-03-14T19:02:54Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
2016-03-14T19:02:54Z DEBUG duration: 0 seconds
2016-03-14T19:02:54Z DEBUG [19/38]: configure autobind for root
2016-03-14T19:02:54Z DEBUG Starting external process
2016-03-14T19:02:54Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/root-autobind.ldif' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpB1jALG'
2016-03-14T19:02:54Z DEBUG Process finished, return code=0
2016-03-14T19:02:54Z DEBUG stdout=add objectClass:
extensibleObject
top
add cn:
root-autobind
add uidNumber:
0
add gidNumber:
0
adding new entry "cn=root-autobind,cn=config"
modify complete
replace nsslapd-ldapiautobind:
on
modifying entry "cn=config"
modify complete
replace nsslapd-ldapimaptoentries:
on
modifying entry "cn=config"
modify complete
2016-03-14T19:02:54Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:02:54Z DEBUG duration: 0 seconds
2016-03-14T19:02:54Z DEBUG [20/38]: configure new location for managed entries
2016-03-14T19:02:54Z DEBUG Starting external process
2016-03-14T19:02:54Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpH5iyl7' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpTorcIV'
2016-03-14T19:02:54Z DEBUG Process finished, return code=0
2016-03-14T19:02:54Z DEBUG stdout=add nsslapd-pluginConfigArea:
cn=Definitions,cn=Managed Entries,cn=etc,dc=uofmt1
modifying entry "cn=Managed Entries,cn=plugins,cn=config"
modify complete
2016-03-14T19:02:54Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:02:54Z DEBUG duration: 0 seconds
2016-03-14T19:02:54Z DEBUG [21/38]: configure dirsrv ccache
2016-03-14T19:02:54Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv'
2016-03-14T19:02:54Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2016-03-14T19:02:54Z DEBUG Starting external process
2016-03-14T19:02:54Z DEBUG args='/usr/sbin/selinuxenabled'
2016-03-14T19:02:54Z DEBUG Process finished, return code=1
2016-03-14T19:02:54Z DEBUG stdout=
2016-03-14T19:02:54Z DEBUG stderr=
2016-03-14T19:02:54Z DEBUG duration: 0 seconds
2016-03-14T19:02:54Z DEBUG [22/38]: enable SASL mapping fallback
2016-03-14T19:02:54Z DEBUG Starting external process
2016-03-14T19:02:54Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmp9X5f6l' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpFCR62l'
2016-03-14T19:02:54Z DEBUG Process finished, return code=0
2016-03-14T19:02:54Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback:
on
modifying entry "cn=config"
modify complete
2016-03-14T19:02:54Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:02:54Z DEBUG duration: 0 seconds
2016-03-14T19:02:54Z DEBUG [23/38]: restarting directory server
2016-03-14T19:02:54Z DEBUG Starting external process
2016-03-14T19:02:54Z DEBUG args='/bin/systemctl' '--system' 'daemon-reload'
2016-03-14T19:02:54Z DEBUG Process finished, return code=0
2016-03-14T19:02:54Z DEBUG stdout=
2016-03-14T19:02:54Z DEBUG stderr=
2016-03-14T19:02:54Z DEBUG Starting external process
2016-03-14T19:02:54Z DEBUG args='/bin/systemctl' 'restart' 'dirsrv at UOFMT1.service'
2016-03-14T19:02:56Z DEBUG Process finished, return code=0
2016-03-14T19:02:56Z DEBUG stdout=
2016-03-14T19:02:56Z DEBUG stderr=
2016-03-14T19:02:56Z DEBUG Starting external process
2016-03-14T19:02:56Z DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at UOFMT1.service'
2016-03-14T19:02:56Z DEBUG Process finished, return code=0
2016-03-14T19:02:56Z DEBUG stdout=active
2016-03-14T19:02:56Z DEBUG stderr=
2016-03-14T19:02:56Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2016-03-14T19:02:57Z DEBUG Starting external process
2016-03-14T19:02:57Z DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at UOFMT1.service'
2016-03-14T19:02:57Z DEBUG Process finished, return code=0
2016-03-14T19:02:57Z DEBUG stdout=active
2016-03-14T19:02:57Z DEBUG stderr=
2016-03-14T19:02:57Z DEBUG duration: 2 seconds
2016-03-14T19:02:57Z DEBUG [24/38]: setting up initial replication
2016-03-14T19:02:57Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket from SchemaCache
2016-03-14T19:02:57Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x80d6a28>
2016-03-14T19:02:57Z DEBUG Starting external process
2016-03-14T19:02:57Z DEBUG args='/bin/systemctl' '--system' 'daemon-reload'
2016-03-14T19:02:57Z DEBUG Process finished, return code=0
2016-03-14T19:02:57Z DEBUG stdout=
2016-03-14T19:02:57Z DEBUG stderr=
2016-03-14T19:02:57Z DEBUG Starting external process
2016-03-14T19:02:57Z DEBUG args='/bin/systemctl' 'restart' 'dirsrv at UOFMT1.service'
2016-03-14T19:02:59Z DEBUG Process finished, return code=0
2016-03-14T19:02:59Z DEBUG stdout=
2016-03-14T19:02:59Z DEBUG stderr=
2016-03-14T19:02:59Z DEBUG Starting external process
2016-03-14T19:02:59Z DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at UOFMT1.service'
2016-03-14T19:02:59Z DEBUG Process finished, return code=0
2016-03-14T19:02:59Z DEBUG stdout=active
2016-03-14T19:02:59Z DEBUG stderr=
2016-03-14T19:02:59Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2016-03-14T19:03:00Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5]
2016-03-14T19:03:00Z DEBUG flushing ldap://mork.cc.umanitoba.ca:389 from SchemaCache
2016-03-14T19:03:00Z DEBUG retrieving schema for SchemaCache url=ldap://mork.cc.umanitoba.ca:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x8894908>
2016-03-14T19:03:01Z DEBUG Successfully updated nsDS5ReplicaId.
2016-03-14T19:03:01Z DEBUG flushing ldaps://jutta.cc.umanitoba.ca:636 from SchemaCache
2016-03-14T19:03:01Z DEBUG retrieving schema for SchemaCache url=ldaps://jutta.cc.umanitoba.ca:636 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x8894a70>
2016-03-14T19:04:27Z DEBUG duration: 89 seconds
2016-03-14T19:04:27Z DEBUG [25/38]: updating schema
2016-03-14T19:04:27Z DEBUG Starting external process
2016-03-14T19:04:27Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/usr/share/ipa/schema-update.ldif' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp4FSAvh'
2016-03-14T19:04:27Z DEBUG Process finished, return code=0
2016-03-14T19:04:27Z DEBUG stdout=add objectClasses:
( 2.16.840.1.113730.3.2.41 NAME 'nsslapdPlugin' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsslapd-pluginPath $ nsslapd-pluginInitFunc $ nsslapd-pluginType $ nsslapd-pluginId $ nsslapd-pluginVersion $ nsslapd-pluginVendor $ nsslapd-pluginDescription $ nsslapd-pluginEnabled ) MAY ( nsslapd-pluginConfigArea $ nsslapd-plugin-depends-on-type ) X-ORIGIN 'Netscape Directory Server' )
( 2.16.840.1.113730.3.2.317 NAME 'nsSaslMapping' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSaslMapRegexString $ nsSaslMapBaseDNTemplate $ nsSaslMapFilterTemplate ) MAY ( nsSaslMapPriority ) X-ORIGIN 'Netscape Directory Server' )
modifying entry "cn=schema"
modify complete
2016-03-14T19:04:27Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:04:27Z DEBUG duration: 0 seconds
2016-03-14T19:04:27Z DEBUG [26/38]: setting Auto Member configuration
2016-03-14T19:04:27Z DEBUG Starting external process
2016-03-14T19:04:27Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmppPfsY8' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmp8dCgrQ'
2016-03-14T19:04:27Z DEBUG Process finished, return code=0
2016-03-14T19:04:27Z DEBUG stdout=add nsslapd-pluginConfigArea:
cn=automember,cn=etc,dc=uofmt1
modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config"
modify complete
2016-03-14T19:04:27Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:04:27Z DEBUG duration: 0 seconds
2016-03-14T19:04:27Z DEBUG [27/38]: enabling S4U2Proxy delegation
2016-03-14T19:04:27Z DEBUG Starting external process
2016-03-14T19:04:27Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpjcs44D' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpGkBbVI'
2016-03-14T19:04:27Z DEBUG Process finished, return code=0
2016-03-14T19:04:27Z DEBUG stdout=add memberPrincipal:
HTTP/jutta.cc.umanitoba.ca at UOFMT1
modifying entry "cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=uofmt1"
modify complete
add memberPrincipal:
ldap/jutta.cc.umanitoba.ca at UOFMT1
modifying entry "cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=uofmt1"
modify complete
2016-03-14T19:04:27Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:04:27Z DEBUG duration: 0 seconds
2016-03-14T19:04:27Z DEBUG [28/38]: importing CA certificates from LDAP
2016-03-14T19:04:27Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2016-03-14T19:04:27Z DEBUG flushing ldap://jutta.cc.umanitoba.ca:389 from SchemaCache
2016-03-14T19:04:27Z DEBUG retrieving schema for SchemaCache url=ldap://jutta.cc.umanitoba.ca:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x82115a8>
2016-03-14T19:04:28Z DEBUG Starting external process
2016-03-14T19:04:28Z DEBUG args='/usr/bin/certutil' '-d' '/etc/dirsrv/slapd-UOFMT1/' '-A' '-n' 'UOFMT1 IPA CA' '-t' 'CT,C,C'
2016-03-14T19:04:28Z DEBUG Process finished, return code=0
2016-03-14T19:04:28Z DEBUG stdout=
2016-03-14T19:04:28Z DEBUG stderr=
2016-03-14T19:04:28Z DEBUG duration: 0 seconds
2016-03-14T19:04:28Z DEBUG [29/38]: initializing group membership
2016-03-14T19:04:28Z DEBUG duration: 0 seconds
2016-03-14T19:04:28Z DEBUG [30/38]: adding master entry
2016-03-14T19:04:28Z DEBUG Starting external process
2016-03-14T19:04:28Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpJrjtBl' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpdRaaAA'
2016-03-14T19:04:28Z DEBUG Process finished, return code=0
2016-03-14T19:04:28Z DEBUG stdout=add objectclass:
top
nsContainer
ipaReplTopoManagedServer
ipaConfigObject
ipaSupportedDomainLevelConfig
add cn:
jutta.cc.umanitoba.ca
add ipaReplTopoManagedSuffix:
dc=uofmt1
add ipaMinDomainLevel:
0
add ipaMaxDomainLevel:
0
adding new entry "cn=jutta.cc.umanitoba.ca,cn=masters,cn=ipa,cn=etc,dc=uofmt1"
modify complete
2016-03-14T19:04:28Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:04:28Z DEBUG duration: 0 seconds
2016-03-14T19:04:28Z DEBUG [31/38]: initializing domain level
2016-03-14T19:04:28Z DEBUG duration: 0 seconds
2016-03-14T19:04:28Z DEBUG [32/38]: configuring Posix uid/gid generation
2016-03-14T19:04:28Z DEBUG Starting external process
2016-03-14T19:04:28Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmps2cRll' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpx5LpDm'
2016-03-14T19:04:28Z DEBUG Process finished, return code=0
2016-03-14T19:04:28Z DEBUG stdout=add objectclass:
top
extensibleObject
add cn:
Posix IDs
add dnaType:
uidNumber
gidNumber
add dnaNextValue:
1101
add dnaMaxValue:
1100
add dnaMagicRegen:
-1
add dnaFilter:
(|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject))
add dnaScope:
dc=uofmt1
add dnaThreshold:
500
add dnaSharedCfgDN:
cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=uofmt1
adding new entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"
modify complete
2016-03-14T19:04:28Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:04:28Z DEBUG duration: 0 seconds
2016-03-14T19:04:28Z DEBUG [33/38]: adding replication acis
2016-03-14T19:04:28Z DEBUG Starting external process
2016-03-14T19:04:28Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpouAg7i' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpGY7lZG'
2016-03-14T19:04:28Z DEBUG Process finished, return code=0
2016-03-14T19:04:28Z DEBUG stdout=add aci:
(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=uofmt1";)
modifying entry "cn="dc=uofmt1",cn=mapping tree,cn=config"
modify complete
add aci:
(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=uofmt1";)
modifying entry "cn="dc=uofmt1",cn=mapping tree,cn=config"
modify complete
add aci:
(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=uofmt1";)
modifying entry "cn="dc=uofmt1",cn=mapping tree,cn=config"
modify complete
add aci:
(targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=uofmt1";)
modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"
modify complete
add aci:
(targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=uofmt1";)
modifying entry "cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete
add aci:
(targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=uofmt1";)
modifying entry "cn=tasks,cn=config"
modify complete
2016-03-14T19:04:28Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:04:28Z DEBUG duration: 0 seconds
2016-03-14T19:04:28Z DEBUG [34/38]: enabling compatibility plugin
2016-03-14T19:04:28Z DEBUG importing all plugin modules in ipalib.plugins...
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.aci
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.automember
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.automount
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.baseldap
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.baseuser
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.batch
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.caacl
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.cert
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.certprofile
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.config
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.delegation
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.dns
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.domainlevel
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.group
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.hbacrule
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.hbacsvc
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.hbacsvcgroup
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.hbactest
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.host
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.hostgroup
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.idrange
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.idviews
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.internal
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.kerberos
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.krbtpolicy
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.migration
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.misc
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.netgroup
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.otpconfig
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.otptoken
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.otptoken_yubikey
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.passwd
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.permission
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.ping
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.pkinit
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.privilege
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.pwpolicy
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.radiusproxy
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.realmdomains
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.role
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.rpcclient
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.selfservice
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.selinuxusermap
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.server
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.service
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.servicedelegation
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.session
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.stageuser
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.sudocmd
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.sudocmdgroup
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.sudorule
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.topology
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.trust
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.user
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.vault
2016-03-14T19:04:28Z DEBUG importing plugin module ipalib.plugins.virtual
2016-03-14T19:04:28Z DEBUG importing all plugin modules in ipaserver.plugins...
2016-03-14T19:04:28Z DEBUG importing plugin module ipaserver.plugins.dogtag
2016-03-14T19:04:28Z DEBUG importing plugin module ipaserver.plugins.join
2016-03-14T19:04:28Z DEBUG importing plugin module ipaserver.plugins.ldap2
2016-03-14T19:04:28Z DEBUG importing plugin module ipaserver.plugins.rabase
2016-03-14T19:04:28Z DEBUG importing plugin module ipaserver.plugins.xmlserver
2016-03-14T19:04:28Z DEBUG importing all plugin modules in ipaserver.install.plugins...
2016-03-14T19:04:28Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
2016-03-14T19:04:28Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
2016-03-14T19:04:28Z DEBUG importing plugin module ipaserver.install.plugins.dns
2016-03-14T19:04:28Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
2016-03-14T19:04:28Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
2016-03-14T19:04:28Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
2016-03-14T19:04:28Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
2016-03-14T19:04:28Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
2016-03-14T19:04:28Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
2016-03-14T19:04:28Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
2016-03-14T19:04:28Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
2016-03-14T19:04:28Z DEBUG importing plugin module ipaserver.install.plugins.update_services
2016-03-14T19:04:28Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
2016-03-14T19:04:28Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
2016-03-14T19:04:28Z DEBUG SessionAuthManager.register: name=jsonserver_session_153210384
2016-03-14T19:04:28Z DEBUG SessionAuthManager.register: name=xmlserver_session_153236816
2016-03-14T19:04:29Z DEBUG Mounting ipaserver.rpcserver.login_password() at '/session/login_password'
2016-03-14T19:04:29Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:04:29Z DEBUG Mounting ipaserver.rpcserver.xmlserver() at '/xml'
2016-03-14T19:04:29Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:04:29Z DEBUG Mounting ipaserver.rpcserver.xmlserver_session() at '/session/xml'
2016-03-14T19:04:29Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:04:29Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:04:29Z DEBUG Mounting ipaserver.rpcserver.jsonserver_session() at '/session/json'
2016-03-14T19:04:29Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:04:29Z DEBUG Mounting ipaserver.rpcserver.login_kerberos() at '/session/login_kerberos'
2016-03-14T19:04:29Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:04:29Z DEBUG Mounting ipaserver.rpcserver.change_password() at '/session/change_password'
2016-03-14T19:04:30Z DEBUG Mounting ipaserver.rpcserver.sync_token() at '/session/sync_token'
2016-03-14T19:04:30Z DEBUG Mounting ipaserver.rpcserver.jsonserver_kerb() at '/json'
2016-03-14T19:04:30Z DEBUG session_auth_duration: 0:20:00
2016-03-14T19:04:30Z DEBUG Created connection context.ldap2_153210000
2016-03-14T19:04:30Z DEBUG Destroyed connection context.ldap2_153210000
2016-03-14T19:04:30Z DEBUG Created connection context.ldap2_153210000
2016-03-14T19:04:30Z DEBUG Parsing update file '/usr/share/ipa/schema_compat.uldif'
2016-03-14T19:04:30Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket from SchemaCache
2016-03-14T19:04:30Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x809eb90>
2016-03-14T19:04:30Z DEBUG New entry: cn=Schema Compatibility,cn=plugins,cn=config
2016-03-14T19:04:30Z DEBUG ---------------------------------------------
2016-03-14T19:04:30Z DEBUG Initial value
2016-03-14T19:04:30Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config
2016-03-14T19:04:30Z DEBUG nsslapd-pluginid:
2016-03-14T19:04:30Z DEBUG schema-compat-plugin
2016-03-14T19:04:30Z DEBUG cn:
2016-03-14T19:04:30Z DEBUG Schema Compatibility
2016-03-14T19:04:30Z DEBUG nsslapd-pluginbetxn:
2016-03-14T19:04:30Z DEBUG on
2016-03-14T19:04:30Z DEBUG objectclass:
2016-03-14T19:04:30Z DEBUG top
2016-03-14T19:04:30Z DEBUG nsSlapdPlugin
2016-03-14T19:04:30Z DEBUG extensibleObject
2016-03-14T19:04:30Z DEBUG nsslapd-plugindescription:
2016-03-14T19:04:30Z DEBUG Schema Compatibility Plugin
2016-03-14T19:04:30Z DEBUG nsslapd-pluginenabled:
2016-03-14T19:04:30Z DEBUG on
2016-03-14T19:04:30Z DEBUG nsslapd-pluginpath:
2016-03-14T19:04:30Z DEBUG /usr/lib64/dirsrv/plugins/schemacompat-plugin.so
2016-03-14T19:04:30Z DEBUG nsslapd-pluginversion:
2016-03-14T19:04:30Z DEBUG 0.8
2016-03-14T19:04:30Z DEBUG nsslapd-pluginvendor:
2016-03-14T19:04:30Z DEBUG redhat.com
2016-03-14T19:04:30Z DEBUG nsslapd-pluginprecedence:
2016-03-14T19:04:30Z DEBUG 49
2016-03-14T19:04:30Z DEBUG nsslapd-plugintype:
2016-03-14T19:04:30Z DEBUG object
2016-03-14T19:04:30Z DEBUG nsslapd-plugininitfunc:
2016-03-14T19:04:30Z DEBUG schema_compat_plugin_init
2016-03-14T19:04:30Z DEBUG ---------------------------------------------
2016-03-14T19:04:30Z DEBUG Final value after applying updates
2016-03-14T19:04:30Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config
2016-03-14T19:04:30Z DEBUG nsslapd-pluginid:
2016-03-14T19:04:30Z DEBUG schema-compat-plugin
2016-03-14T19:04:30Z DEBUG cn:
2016-03-14T19:04:30Z DEBUG Schema Compatibility
2016-03-14T19:04:30Z DEBUG nsslapd-pluginbetxn:
2016-03-14T19:04:30Z DEBUG on
2016-03-14T19:04:30Z DEBUG objectclass:
2016-03-14T19:04:30Z DEBUG top
2016-03-14T19:04:30Z DEBUG nsSlapdPlugin
2016-03-14T19:04:30Z DEBUG extensibleObject
2016-03-14T19:04:30Z DEBUG nsslapd-plugindescription:
2016-03-14T19:04:30Z DEBUG Schema Compatibility Plugin
2016-03-14T19:04:30Z DEBUG nsslapd-pluginenabled:
2016-03-14T19:04:30Z DEBUG on
2016-03-14T19:04:30Z DEBUG nsslapd-pluginpath:
2016-03-14T19:04:30Z DEBUG /usr/lib64/dirsrv/plugins/schemacompat-plugin.so
2016-03-14T19:04:30Z DEBUG nsslapd-pluginversion:
2016-03-14T19:04:30Z DEBUG 0.8
2016-03-14T19:04:30Z DEBUG nsslapd-pluginvendor:
2016-03-14T19:04:30Z DEBUG redhat.com
2016-03-14T19:04:30Z DEBUG nsslapd-pluginprecedence:
2016-03-14T19:04:30Z DEBUG 49
2016-03-14T19:04:30Z DEBUG nsslapd-plugintype:
2016-03-14T19:04:30Z DEBUG object
2016-03-14T19:04:30Z DEBUG nsslapd-plugininitfunc:
2016-03-14T19:04:30Z DEBUG schema_compat_plugin_init
2016-03-14T19:04:30Z DEBUG New entry: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
2016-03-14T19:04:30Z DEBUG ---------------------------------------------
2016-03-14T19:04:30Z DEBUG Initial value
2016-03-14T19:04:30Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
2016-03-14T19:04:30Z DEBUG schema-compat-entry-attribute:
2016-03-14T19:04:30Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
2016-03-14T19:04:30Z DEBUG cn=%{cn}
2016-03-14T19:04:30Z DEBUG objectclass=posixAccount
2016-03-14T19:04:30Z DEBUG gidNumber=%{gidNumber}
2016-03-14T19:04:30Z DEBUG gecos=%{cn}
2016-03-14T19:04:30Z DEBUG ipaanchoruuid=%{ipaanchoruuid}
2016-03-14T19:04:30Z DEBUG uidNumber=%{uidNumber}
2016-03-14T19:04:30Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
2016-03-14T19:04:30Z DEBUG loginShell=%{loginShell}
2016-03-14T19:04:30Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:uofmt1:%{ipauniqueid}","")
2016-03-14T19:04:30Z DEBUG homeDirectory=%{homeDirectory}
2016-03-14T19:04:30Z DEBUG cn:
2016-03-14T19:04:30Z DEBUG users
2016-03-14T19:04:30Z DEBUG objectClass:
2016-03-14T19:04:30Z DEBUG top
2016-03-14T19:04:30Z DEBUG extensibleObject
2016-03-14T19:04:30Z DEBUG schema-compat-search-filter:
2016-03-14T19:04:30Z DEBUG objectclass=posixAccount
2016-03-14T19:04:30Z DEBUG schema-compat-container-rdn:
2016-03-14T19:04:30Z DEBUG cn=users
2016-03-14T19:04:30Z DEBUG schema-compat-entry-rdn:
2016-03-14T19:04:30Z DEBUG uid=%{uid}
2016-03-14T19:04:30Z DEBUG schema-compat-search-base:
2016-03-14T19:04:30Z DEBUG cn=users, cn=accounts, dc=uofmt1
2016-03-14T19:04:30Z DEBUG schema-compat-container-group:
2016-03-14T19:04:30Z DEBUG cn=compat, dc=uofmt1
2016-03-14T19:04:30Z DEBUG ---------------------------------------------
2016-03-14T19:04:30Z DEBUG Final value after applying updates
2016-03-14T19:04:30Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
2016-03-14T19:04:30Z DEBUG schema-compat-entry-attribute:
2016-03-14T19:04:30Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
2016-03-14T19:04:30Z DEBUG cn=%{cn}
2016-03-14T19:04:30Z DEBUG objectclass=posixAccount
2016-03-14T19:04:30Z DEBUG gidNumber=%{gidNumber}
2016-03-14T19:04:30Z DEBUG gecos=%{cn}
2016-03-14T19:04:30Z DEBUG ipaanchoruuid=%{ipaanchoruuid}
2016-03-14T19:04:30Z DEBUG uidNumber=%{uidNumber}
2016-03-14T19:04:30Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
2016-03-14T19:04:30Z DEBUG loginShell=%{loginShell}
2016-03-14T19:04:30Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:uofmt1:%{ipauniqueid}","")
2016-03-14T19:04:30Z DEBUG homeDirectory=%{homeDirectory}
2016-03-14T19:04:30Z DEBUG cn:
2016-03-14T19:04:30Z DEBUG users
2016-03-14T19:04:30Z DEBUG objectClass:
2016-03-14T19:04:30Z DEBUG top
2016-03-14T19:04:30Z DEBUG extensibleObject
2016-03-14T19:04:30Z DEBUG schema-compat-search-filter:
2016-03-14T19:04:30Z DEBUG objectclass=posixAccount
2016-03-14T19:04:30Z DEBUG schema-compat-container-rdn:
2016-03-14T19:04:30Z DEBUG cn=users
2016-03-14T19:04:30Z DEBUG schema-compat-entry-rdn:
2016-03-14T19:04:30Z DEBUG uid=%{uid}
2016-03-14T19:04:30Z DEBUG schema-compat-search-base:
2016-03-14T19:04:30Z DEBUG cn=users, cn=accounts, dc=uofmt1
2016-03-14T19:04:30Z DEBUG schema-compat-container-group:
2016-03-14T19:04:30Z DEBUG cn=compat, dc=uofmt1
2016-03-14T19:04:30Z DEBUG New entry: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
2016-03-14T19:04:30Z DEBUG ---------------------------------------------
2016-03-14T19:04:30Z DEBUG Initial value
2016-03-14T19:04:30Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
2016-03-14T19:04:30Z DEBUG schema-compat-entry-attribute:
2016-03-14T19:04:30Z DEBUG gidNumber=%{gidNumber}
2016-03-14T19:04:30Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
2016-03-14T19:04:30Z DEBUG memberUid=%deref_r("member","uid")
2016-03-14T19:04:30Z DEBUG ipaanchoruuid=%{ipaanchoruuid}
2016-03-14T19:04:30Z DEBUG objectclass=posixGroup
2016-03-14T19:04:30Z DEBUG memberUid=%{memberUid}
2016-03-14T19:04:30Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
2016-03-14T19:04:30Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:uofmt1:%{ipauniqueid}","")
2016-03-14T19:04:30Z DEBUG cn:
2016-03-14T19:04:30Z DEBUG groups
2016-03-14T19:04:30Z DEBUG objectClass:
2016-03-14T19:04:30Z DEBUG top
2016-03-14T19:04:30Z DEBUG extensibleObject
2016-03-14T19:04:30Z DEBUG schema-compat-search-filter:
2016-03-14T19:04:30Z DEBUG objectclass=posixGroup
2016-03-14T19:04:30Z DEBUG schema-compat-container-rdn:
2016-03-14T19:04:30Z DEBUG cn=groups
2016-03-14T19:04:30Z DEBUG schema-compat-entry-rdn:
2016-03-14T19:04:30Z DEBUG cn=%{cn}
2016-03-14T19:04:30Z DEBUG schema-compat-search-base:
2016-03-14T19:04:30Z DEBUG cn=groups, cn=accounts, dc=uofmt1
2016-03-14T19:04:30Z DEBUG schema-compat-container-group:
2016-03-14T19:04:30Z DEBUG cn=compat, dc=uofmt1
2016-03-14T19:04:30Z DEBUG ---------------------------------------------
2016-03-14T19:04:30Z DEBUG Final value after applying updates
2016-03-14T19:04:30Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
2016-03-14T19:04:30Z DEBUG schema-compat-entry-attribute:
2016-03-14T19:04:30Z DEBUG gidNumber=%{gidNumber}
2016-03-14T19:04:30Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
2016-03-14T19:04:30Z DEBUG memberUid=%deref_r("member","uid")
2016-03-14T19:04:30Z DEBUG ipaanchoruuid=%{ipaanchoruuid}
2016-03-14T19:04:30Z DEBUG objectclass=posixGroup
2016-03-14T19:04:30Z DEBUG memberUid=%{memberUid}
2016-03-14T19:04:30Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
2016-03-14T19:04:30Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:uofmt1:%{ipauniqueid}","")
2016-03-14T19:04:30Z DEBUG cn:
2016-03-14T19:04:30Z DEBUG groups
2016-03-14T19:04:30Z DEBUG objectClass:
2016-03-14T19:04:30Z DEBUG top
2016-03-14T19:04:30Z DEBUG extensibleObject
2016-03-14T19:04:30Z DEBUG schema-compat-search-filter:
2016-03-14T19:04:30Z DEBUG objectclass=posixGroup
2016-03-14T19:04:30Z DEBUG schema-compat-container-rdn:
2016-03-14T19:04:30Z DEBUG cn=groups
2016-03-14T19:04:30Z DEBUG schema-compat-entry-rdn:
2016-03-14T19:04:30Z DEBUG cn=%{cn}
2016-03-14T19:04:30Z DEBUG schema-compat-search-base:
2016-03-14T19:04:30Z DEBUG cn=groups, cn=accounts, dc=uofmt1
2016-03-14T19:04:30Z DEBUG schema-compat-container-group:
2016-03-14T19:04:30Z DEBUG cn=compat, dc=uofmt1
2016-03-14T19:04:30Z DEBUG New entry: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
2016-03-14T19:04:30Z DEBUG ---------------------------------------------
2016-03-14T19:04:30Z DEBUG Initial value
2016-03-14T19:04:30Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
2016-03-14T19:04:30Z DEBUG add: 'top' to objectClass, current value []
2016-03-14T19:04:30Z DEBUG add: updated value ['top']
2016-03-14T19:04:30Z DEBUG add: 'extensibleObject' to objectClass, current value ['top']
2016-03-14T19:04:30Z DEBUG add: updated value ['top', 'extensibleObject']
2016-03-14T19:04:30Z DEBUG add: 'ng' to cn, current value []
2016-03-14T19:04:30Z DEBUG add: updated value ['ng']
2016-03-14T19:04:30Z DEBUG add: 'cn=compat, dc=uofmt1' to schema-compat-container-group, current value []
2016-03-14T19:04:30Z DEBUG add: updated value ['cn=compat, dc=uofmt1']
2016-03-14T19:04:30Z DEBUG add: 'cn=ng' to schema-compat-container-rdn, current value []
2016-03-14T19:04:30Z DEBUG add: updated value ['cn=ng']
2016-03-14T19:04:30Z DEBUG add: 'yes' to schema-compat-check-access, current value []
2016-03-14T19:04:30Z DEBUG add: updated value ['yes']
2016-03-14T19:04:30Z DEBUG add: 'cn=ng, cn=alt, dc=uofmt1' to schema-compat-search-base, current value []
2016-03-14T19:04:30Z DEBUG add: updated value ['cn=ng, cn=alt, dc=uofmt1']
2016-03-14T19:04:30Z DEBUG add: '(objectclass=ipaNisNetgroup)' to schema-compat-search-filter, current value []
2016-03-14T19:04:30Z DEBUG add: updated value ['(objectclass=ipaNisNetgroup)']
2016-03-14T19:04:30Z DEBUG add: 'cn=%{cn}' to schema-compat-entry-rdn, current value []
2016-03-14T19:04:30Z DEBUG add: updated value ['cn=%{cn}']
2016-03-14T19:04:30Z DEBUG add: 'objectclass=nisNetgroup' to schema-compat-entry-attribute, current value []
2016-03-14T19:04:30Z DEBUG add: updated value ['objectclass=nisNetgroup']
2016-03-14T19:04:30Z DEBUG add: 'memberNisNetgroup=%deref_r("member","cn")' to schema-compat-entry-attribute, current value ['objectclass=nisNetgroup']
2016-03-14T19:04:30Z DEBUG add: updated value ['objectclass=nisNetgroup', 'memberNisNetgroup=%deref_r("member","cn")']
2016-03-14T19:04:30Z DEBUG add: 'nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})' to schema-compat-entry-attribute, current value ['memberNisNetgroup=%deref_r("member","cn")', 'objectclass=nisNetgroup']
2016-03-14T19:04:30Z DEBUG add: updated value ['memberNisNetgroup=%deref_r("member","cn")', 'objectclass=nisNetgroup', 'nisNetgroupTriple=(%link("%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%{externalHost}\\\\\\",\\\\\\"%deref(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\")\\")","-",",","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%deref(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\")\\")","-"),%{nisDomainName:-})']
2016-03-14T19:04:30Z DEBUG ---------------------------------------------
2016-03-14T19:04:30Z DEBUG Final value after applying updates
2016-03-14T19:04:30Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
2016-03-14T19:04:30Z DEBUG schema-compat-entry-attribute:
2016-03-14T19:04:30Z DEBUG memberNisNetgroup=%deref_r("member","cn")
2016-03-14T19:04:30Z DEBUG objectclass=nisNetgroup
2016-03-14T19:04:30Z DEBUG nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})
2016-03-14T19:04:30Z DEBUG schema-compat-check-access:
2016-03-14T19:04:30Z DEBUG yes
2016-03-14T19:04:30Z DEBUG cn:
2016-03-14T19:04:30Z DEBUG ng
2016-03-14T19:04:30Z DEBUG objectClass:
2016-03-14T19:04:30Z DEBUG top
2016-03-14T19:04:30Z DEBUG extensibleObject
2016-03-14T19:04:30Z DEBUG schema-compat-search-filter:
2016-03-14T19:04:30Z DEBUG (objectclass=ipaNisNetgroup)
2016-03-14T19:04:30Z DEBUG schema-compat-container-rdn:
2016-03-14T19:04:30Z DEBUG cn=ng
2016-03-14T19:04:30Z DEBUG schema-compat-entry-rdn:
2016-03-14T19:04:30Z DEBUG cn=%{cn}
2016-03-14T19:04:30Z DEBUG schema-compat-search-base:
2016-03-14T19:04:30Z DEBUG cn=ng, cn=alt, dc=uofmt1
2016-03-14T19:04:30Z DEBUG schema-compat-container-group:
2016-03-14T19:04:30Z DEBUG cn=compat, dc=uofmt1
2016-03-14T19:04:30Z DEBUG New entry: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
2016-03-14T19:04:30Z DEBUG ---------------------------------------------
2016-03-14T19:04:30Z DEBUG Initial value
2016-03-14T19:04:30Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
2016-03-14T19:04:30Z DEBUG add: 'top' to objectClass, current value []
2016-03-14T19:04:30Z DEBUG add: updated value ['top']
2016-03-14T19:04:30Z DEBUG add: 'extensibleObject' to objectClass, current value ['top']
2016-03-14T19:04:30Z DEBUG add: updated value ['top', 'extensibleObject']
2016-03-14T19:04:30Z DEBUG add: 'sudoers' to cn, current value []
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoers']
2016-03-14T19:04:30Z DEBUG add: 'ou=SUDOers, dc=uofmt1' to schema-compat-container-group, current value []
2016-03-14T19:04:30Z DEBUG add: updated value ['ou=SUDOers, dc=uofmt1']
2016-03-14T19:04:30Z DEBUG add: 'cn=sudorules, cn=sudo, dc=uofmt1' to schema-compat-search-base, current value []
2016-03-14T19:04:30Z DEBUG add: updated value ['cn=sudorules, cn=sudo, dc=uofmt1']
2016-03-14T19:04:30Z DEBUG add: '(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))' to schema-compat-search-filter, current value []
2016-03-14T19:04:30Z DEBUG add: updated value ['(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))']
2016-03-14T19:04:30Z DEBUG add: '%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")' to schema-compat-entry-rdn, current value []
2016-03-14T19:04:30Z DEBUG add: updated value ['%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")']
2016-03-14T19:04:30Z DEBUG add: 'objectclass=sudoRole' to schema-compat-entry-attribute, current value []
2016-03-14T19:04:30Z DEBUG add: updated value ['objectclass=sudoRole']
2016-03-14T19:04:30Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole']
2016-03-14T19:04:30Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")']
2016-03-14T19:04:30Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole']
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")']
2016-03-14T19:04:30Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")']
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")']
2016-03-14T19:04:30Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")']
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")']
2016-03-14T19:04:30Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")']
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")']
2016-03-14T19:04:30Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")']
2016-03-14T19:04:30Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")']
2016-03-14T19:04:30Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole']
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")']
2016-03-14T19:04:30Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole']
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")']
2016-03-14T19:04:30Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole']
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")']
2016-03-14T19:04:30Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")']
2016-03-14T19:04:30Z DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")']
2016-03-14T19:04:30Z DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
2016-03-14T19:04:30Z DEBUG add: 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")']
2016-03-14T19:04:30Z DEBUG add: 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")']
2016-03-14T19:04:30Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")']
2016-03-14T19:04:30Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
2016-03-14T19:04:30Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")']
2016-03-14T19:04:30Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
2016-03-14T19:04:30Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")']
2016-03-14T19:04:30Z DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
2016-03-14T19:04:30Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")']
2016-03-14T19:04:30Z DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")']
2016-03-14T19:04:30Z DEBUG add: 'sudoOption=%{ipaSudoOpt}' to schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")']
2016-03-14T19:04:30Z DEBUG add: updated value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}']
2016-03-14T19:04:30Z DEBUG ---------------------------------------------
2016-03-14T19:04:30Z DEBUG Final value after applying updates
2016-03-14T19:04:30Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
2016-03-14T19:04:30Z DEBUG schema-compat-entry-attribute:
2016-03-14T19:04:30Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")
2016-03-14T19:04:30Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")
2016-03-14T19:04:30Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")")
2016-03-14T19:04:30Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")")
2016-03-14T19:04:30Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")")
2016-03-14T19:04:30Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")
2016-03-14T19:04:30Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")")
2016-03-14T19:04:30Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")
2016-03-14T19:04:30Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")
2016-03-14T19:04:30Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")")
2016-03-14T19:04:30Z DEBUG objectclass=sudoRole
2016-03-14T19:04:30Z DEBUG sudoOption=%{ipaSudoOpt}
2016-03-14T19:04:30Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")")
2016-03-14T19:04:30Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")")
2016-03-14T19:04:30Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")
2016-03-14T19:04:30Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")
2016-03-14T19:04:30Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")
2016-03-14T19:04:30Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")")
2016-03-14T19:04:30Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")
2016-03-14T19:04:30Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd")
2016-03-14T19:04:30Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")
2016-03-14T19:04:30Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")")
2016-03-14T19:04:30Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")
2016-03-14T19:04:30Z DEBUG cn:
2016-03-14T19:04:30Z DEBUG sudoers
2016-03-14T19:04:30Z DEBUG objectClass:
2016-03-14T19:04:30Z DEBUG top
2016-03-14T19:04:30Z DEBUG extensibleObject
2016-03-14T19:04:30Z DEBUG schema-compat-search-filter:
2016-03-14T19:04:30Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))
2016-03-14T19:04:30Z DEBUG schema-compat-entry-rdn:
2016-03-14T19:04:30Z DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")
2016-03-14T19:04:30Z DEBUG schema-compat-search-base:
2016-03-14T19:04:30Z DEBUG cn=sudorules, cn=sudo, dc=uofmt1
2016-03-14T19:04:30Z DEBUG schema-compat-container-group:
2016-03-14T19:04:30Z DEBUG ou=SUDOers, dc=uofmt1
2016-03-14T19:04:30Z DEBUG New entry: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config
2016-03-14T19:04:30Z DEBUG ---------------------------------------------
2016-03-14T19:04:30Z DEBUG Initial value
2016-03-14T19:04:30Z DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config
2016-03-14T19:04:30Z DEBUG schema-compat-entry-attribute:
2016-03-14T19:04:30Z DEBUG objectclass=device
2016-03-14T19:04:30Z DEBUG cn=%{fqdn}
2016-03-14T19:04:30Z DEBUG macAddress=%{macAddress}
2016-03-14T19:04:30Z DEBUG objectclass=ieee802Device
2016-03-14T19:04:30Z DEBUG cn:
2016-03-14T19:04:30Z DEBUG computers
2016-03-14T19:04:30Z DEBUG objectClass:
2016-03-14T19:04:30Z DEBUG top
2016-03-14T19:04:30Z DEBUG extensibleObject
2016-03-14T19:04:30Z DEBUG schema-compat-search-filter:
2016-03-14T19:04:30Z DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
2016-03-14T19:04:30Z DEBUG schema-compat-container-rdn:
2016-03-14T19:04:30Z DEBUG cn=computers
2016-03-14T19:04:30Z DEBUG schema-compat-entry-rdn:
2016-03-14T19:04:30Z DEBUG cn=%first("%{fqdn}")
2016-03-14T19:04:30Z DEBUG schema-compat-search-base:
2016-03-14T19:04:30Z DEBUG cn=computers, cn=accounts, dc=uofmt1
2016-03-14T19:04:30Z DEBUG schema-compat-container-group:
2016-03-14T19:04:30Z DEBUG cn=compat, dc=uofmt1
2016-03-14T19:04:30Z DEBUG ---------------------------------------------
2016-03-14T19:04:30Z DEBUG Final value after applying updates
2016-03-14T19:04:30Z DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config
2016-03-14T19:04:30Z DEBUG schema-compat-entry-attribute:
2016-03-14T19:04:30Z DEBUG objectclass=device
2016-03-14T19:04:30Z DEBUG cn=%{fqdn}
2016-03-14T19:04:30Z DEBUG macAddress=%{macAddress}
2016-03-14T19:04:30Z DEBUG objectclass=ieee802Device
2016-03-14T19:04:30Z DEBUG cn:
2016-03-14T19:04:30Z DEBUG computers
2016-03-14T19:04:30Z DEBUG objectClass:
2016-03-14T19:04:30Z DEBUG top
2016-03-14T19:04:30Z DEBUG extensibleObject
2016-03-14T19:04:30Z DEBUG schema-compat-search-filter:
2016-03-14T19:04:30Z DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
2016-03-14T19:04:30Z DEBUG schema-compat-container-rdn:
2016-03-14T19:04:30Z DEBUG cn=computers
2016-03-14T19:04:30Z DEBUG schema-compat-entry-rdn:
2016-03-14T19:04:30Z DEBUG cn=%first("%{fqdn}")
2016-03-14T19:04:30Z DEBUG schema-compat-search-base:
2016-03-14T19:04:30Z DEBUG cn=computers, cn=accounts, dc=uofmt1
2016-03-14T19:04:30Z DEBUG schema-compat-container-group:
2016-03-14T19:04:30Z DEBUG cn=compat, dc=uofmt1
2016-03-14T19:04:31Z DEBUG Updating existing entry: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
2016-03-14T19:04:31Z DEBUG ---------------------------------------------
2016-03-14T19:04:31Z DEBUG Initial value
2016-03-14T19:04:31Z DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
2016-03-14T19:04:31Z DEBUG objectClass:
2016-03-14T19:04:31Z DEBUG top
2016-03-14T19:04:31Z DEBUG directoryServerFeature
2016-03-14T19:04:31Z DEBUG aci:
2016-03-14T19:04:31Z DEBUG (targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)
2016-03-14T19:04:31Z DEBUG oid:
2016-03-14T19:04:31Z DEBUG 2.16.840.1.113730.3.4.9
2016-03-14T19:04:31Z DEBUG cn:
2016-03-14T19:04:31Z DEBUG VLV Request Control
2016-03-14T19:04:31Z DEBUG only: set aci to '(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )', current value ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)']
2016-03-14T19:04:31Z DEBUG only: updated value ['(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )']
2016-03-14T19:04:31Z DEBUG ---------------------------------------------
2016-03-14T19:04:31Z DEBUG Final value after applying updates
2016-03-14T19:04:31Z DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
2016-03-14T19:04:31Z DEBUG objectClass:
2016-03-14T19:04:31Z DEBUG top
2016-03-14T19:04:31Z DEBUG directoryServerFeature
2016-03-14T19:04:31Z DEBUG aci:
2016-03-14T19:04:31Z DEBUG (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )
2016-03-14T19:04:31Z DEBUG oid:
2016-03-14T19:04:31Z DEBUG 2.16.840.1.113730.3.4.9
2016-03-14T19:04:31Z DEBUG cn:
2016-03-14T19:04:31Z DEBUG VLV Request Control
2016-03-14T19:04:31Z DEBUG [(0, u'aci', ['(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )']), (1, u'aci', ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)'])]
2016-03-14T19:04:31Z DEBUG Updated 1
2016-03-14T19:04:31Z DEBUG Done
2016-03-14T19:04:31Z DEBUG Destroyed connection context.ldap2_153210000
2016-03-14T19:04:31Z DEBUG duration: 2 seconds
2016-03-14T19:04:31Z DEBUG [35/38]: activating sidgen plugin
2016-03-14T19:04:31Z DEBUG Starting external process
2016-03-14T19:04:31Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpALrjvG' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpB0DItQ'
2016-03-14T19:04:31Z DEBUG Process finished, return code=0
2016-03-14T19:04:31Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA SIDGEN
add nsslapd-pluginpath:
libipa_sidgen
add nsslapd-plugininitfunc:
ipa_sidgen_init
add nsslapd-plugintype:
postoperation
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipa_sidgen_postop
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA SIDGEN post operation
add nsslapd-plugin-depends-on-type:
database
add nsslapd-basedn:
dc=uofmt1
adding new entry "cn=IPA SIDGEN,cn=plugins,cn=config"
modify complete
2016-03-14T19:04:31Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:04:31Z DEBUG duration: 0 seconds
2016-03-14T19:04:31Z DEBUG [36/38]: activating extdom plugin
2016-03-14T19:04:31Z DEBUG Starting external process
2016-03-14T19:04:31Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpUHeKKl' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpVKuXdM'
2016-03-14T19:04:31Z DEBUG Process finished, return code=0
2016-03-14T19:04:31Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
ipa_extdom_extop
add nsslapd-pluginpath:
libipa_extdom_extop
add nsslapd-plugininitfunc:
ipa_extdom_init
add nsslapd-plugintype:
extendedop
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipa_extdom_extop
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
RedHat
add nsslapd-plugindescription:
Support resolving IDs in trusted domains to names and back
add nsslapd-plugin-depends-on-type:
database
add nsslapd-basedn:
dc=uofmt1
adding new entry "cn=ipa_extdom_extop,cn=plugins,cn=config"
modify complete
2016-03-14T19:04:31Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:04:31Z DEBUG duration: 0 seconds
2016-03-14T19:04:31Z DEBUG [37/38]: tuning directory server
2016-03-14T19:04:31Z DEBUG Starting external process
2016-03-14T19:04:31Z DEBUG args='/usr/sbin/selinuxenabled'
2016-03-14T19:04:31Z DEBUG Process finished, return code=1
2016-03-14T19:04:31Z DEBUG stdout=
2016-03-14T19:04:31Z DEBUG stderr=
2016-03-14T19:04:31Z DEBUG Starting external process
2016-03-14T19:04:31Z DEBUG args='/bin/systemctl' '--system' 'daemon-reload'
2016-03-14T19:04:31Z DEBUG Process finished, return code=0
2016-03-14T19:04:31Z DEBUG stdout=
2016-03-14T19:04:31Z DEBUG stderr=
2016-03-14T19:04:31Z DEBUG Starting external process
2016-03-14T19:04:31Z DEBUG args='/bin/systemctl' '--system' 'daemon-reload'
2016-03-14T19:04:31Z DEBUG Process finished, return code=0
2016-03-14T19:04:31Z DEBUG stdout=
2016-03-14T19:04:31Z DEBUG stderr=
2016-03-14T19:04:31Z DEBUG Starting external process
2016-03-14T19:04:31Z DEBUG args='/bin/systemctl' 'restart' 'dirsrv at UOFMT1.service'
2016-03-14T19:04:33Z DEBUG Process finished, return code=0
2016-03-14T19:04:33Z DEBUG stdout=
2016-03-14T19:04:33Z DEBUG stderr=
2016-03-14T19:04:33Z DEBUG Starting external process
2016-03-14T19:04:33Z DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at UOFMT1.service'
2016-03-14T19:04:33Z DEBUG Process finished, return code=0
2016-03-14T19:04:33Z DEBUG stdout=active
2016-03-14T19:04:33Z DEBUG stderr=
2016-03-14T19:04:33Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2016-03-14T19:05:49Z DEBUG Starting external process
2016-03-14T19:05:49Z DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at UOFMT1.service'
2016-03-14T19:05:49Z DEBUG Process finished, return code=0
2016-03-14T19:05:49Z DEBUG stdout=active
2016-03-14T19:05:49Z DEBUG stderr=
2016-03-14T19:05:49Z DEBUG Starting external process
2016-03-14T19:05:49Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmpOL5ONg' '-H' 'ldap://jutta.cc.umanitoba.ca:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpOCGeA9'
2016-03-14T19:05:49Z DEBUG Process finished, return code=0
2016-03-14T19:05:49Z DEBUG stdout=replace nsslapd-maxdescriptors:
8192
replace nsslapd-reservedescriptors:
64
modifying entry "cn=config"
modify complete
2016-03-14T19:05:49Z DEBUG stderr=ldap_initialize( ldap://jutta.cc.umanitoba.ca:389/??base )
2016-03-14T19:05:49Z DEBUG duration: 78 seconds
2016-03-14T19:05:49Z DEBUG [38/38]: configuring directory to start on boot
2016-03-14T19:05:49Z DEBUG Starting external process
2016-03-14T19:05:49Z DEBUG args='/bin/systemctl' 'is-enabled' 'dirsrv at UOFMT1.service'
2016-03-14T19:05:49Z DEBUG Process finished, return code=0
2016-03-14T19:05:49Z DEBUG stdout=enabled
2016-03-14T19:05:49Z DEBUG stderr=
2016-03-14T19:05:49Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:05:49Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:05:49Z DEBUG Starting external process
2016-03-14T19:05:49Z DEBUG args='/bin/systemctl' 'disable' 'dirsrv at UOFMT1.service'
2016-03-14T19:05:49Z DEBUG Process finished, return code=0
2016-03-14T19:05:49Z DEBUG stdout=
2016-03-14T19:05:49Z DEBUG stderr=Removed symlink /etc/systemd/system/dirsrv.target.wants/dirsrv at UOFMT1.service.
2016-03-14T19:05:49Z DEBUG duration: 0 seconds
2016-03-14T19:05:49Z DEBUG Done configuring directory server (dirsrv).
2016-03-14T19:05:49Z DEBUG Destroyed connection context.ldap2_97498768
2016-03-14T19:05:49Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:05:49Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:05:49Z DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds
2016-03-14T19:05:49Z DEBUG [1/23]: creating certificate server user
2016-03-14T19:05:49Z DEBUG group pkiuser exists
2016-03-14T19:05:49Z DEBUG user pkiuser exists
2016-03-14T19:05:49Z DEBUG duration: 0 seconds
2016-03-14T19:05:49Z DEBUG [2/23]: configuring certificate server instance
2016-03-14T19:05:49Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:05:49Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:05:49Z DEBUG Contents of pkispawn configuration file (/tmp/tmpxQAXLl):
[CA]
pki_security_domain_name = IPA
pki_enable_proxy = True
pki_restart_configured_instance = False
pki_backup_keys = True
pki_backup_password = XXXXXXXX
pki_profiles_in_ldap = True
pki_client_database_dir = /tmp/tmp-OVm7fY
pki_client_database_password = XXXXXXXX
pki_client_database_purge = False
pki_client_pkcs12_password = XXXXXXXX
pki_admin_name = admin
pki_admin_uid = admin
pki_admin_email = root at localhost
pki_admin_password = XXXXXXXX
pki_admin_nickname = ipa-ca-agent
pki_admin_subject_dn = cn=ipa-ca-agent,O=UOFMT1
pki_client_admin_cert_p12 = /root/ca-agent.p12
pki_ds_ldap_port = 389
pki_ds_password = XXXXXXXX
pki_ds_base_dn = o=ipaca
pki_ds_database = ipaca
pki_subsystem_subject_dn = cn=CA Subsystem,O=UOFMT1
pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=UOFMT1
pki_ssl_server_subject_dn = cn=jutta.cc.umanitoba.ca,O=UOFMT1
pki_audit_signing_subject_dn = cn=CA Audit,O=UOFMT1
pki_ca_signing_subject_dn = cn=Certificate Authority,O=UOFMT1
pki_subsystem_nickname = subsystemCert cert-pki-ca
pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca
pki_ssl_server_nickname = Server-Cert cert-pki-ca
pki_audit_signing_nickname = auditSigningCert cert-pki-ca
pki_ca_signing_nickname = caSigningCert cert-pki-ca
pki_ca_signing_key_algorithm = SHA256withRSA
pki_security_domain_hostname = mork.cc.umanitoba.ca
pki_security_domain_https_port = 443
pki_security_domain_user = admin
pki_security_domain_password = XXXXXXXX
pki_clone = True
pki_clone_pkcs12_path = /tmp/ca.p12
pki_clone_pkcs12_password = XXXXXXXX
pki_clone_replication_security = TLS
pki_clone_replication_master_port = 389
pki_clone_replication_clone_port = 389
pki_clone_replicate_schema = False
pki_clone_uri = https://mork.cc.umanitoba.ca:443
2016-03-14T19:05:49Z DEBUG Starting external process
2016-03-14T19:05:49Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpxQAXLl'
2016-03-14T19:09:06Z DEBUG Process finished, return code=0
2016-03-14T19:09:06Z DEBUG stdout=Log file: /var/log/pki/pki-ca-spawn.20160314140549.log
Loading deployment configuration from /tmp/tmpxQAXLl.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
==========================================================================
INSTALLATION SUMMARY
==========================================================================
Administrator's username: admin
Administrator's certificate nickname:
ipa-ca-agent
Administrator's certificate database:
/tmp/tmp-OVm7fY
To check the status of the subsystem:
systemctl status pki-tomcatd at pki-tomcat.service
To restart the subsystem:
systemctl restart pki-tomcatd at pki-tomcat.service
The URL for the subsystem is:
https://jutta.cc.umanitoba.ca:8443/ca
PKI instances will be enabled upon system boot
==========================================================================
2016-03-14T19:09:06Z DEBUG stderr=/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
Created symlink from /etc/systemd/system/multi-user.target.wants/pki-tomcatd.target to /usr/lib/systemd/system/pki-tomcatd.target.
2016-03-14T19:09:06Z DEBUG completed creating ca instance
2016-03-14T19:09:06Z DEBUG duration: 197 seconds
2016-03-14T19:09:06Z DEBUG [3/23]: stopping certificate server instance to update CS.cfg
2016-03-14T19:09:06Z DEBUG Starting external process
2016-03-14T19:09:06Z DEBUG args='/bin/systemctl' 'stop' 'pki-tomcatd at pki-tomcat.service'
2016-03-14T19:09:07Z DEBUG Process finished, return code=0
2016-03-14T19:09:07Z DEBUG stdout=
2016-03-14T19:09:07Z DEBUG stderr=
2016-03-14T19:09:07Z DEBUG duration: 0 seconds
2016-03-14T19:09:07Z DEBUG [4/23]: backing up CS.cfg
2016-03-14T19:09:07Z DEBUG Starting external process
2016-03-14T19:09:07Z DEBUG args='/bin/systemctl' 'is-active' 'pki-tomcatd at pki-tomcat.service'
2016-03-14T19:09:07Z DEBUG Process finished, return code=3
2016-03-14T19:09:07Z DEBUG stdout=inactive
2016-03-14T19:09:07Z DEBUG stderr=
2016-03-14T19:09:07Z DEBUG duration: 0 seconds
2016-03-14T19:09:07Z DEBUG [5/23]: disabling nonces
2016-03-14T19:09:07Z DEBUG duration: 0 seconds
2016-03-14T19:09:07Z DEBUG [6/23]: set up CRL publishing
2016-03-14T19:09:07Z DEBUG Starting external process
2016-03-14T19:09:07Z DEBUG args='/usr/sbin/selinuxenabled'
2016-03-14T19:09:07Z DEBUG Process finished, return code=1
2016-03-14T19:09:07Z DEBUG stdout=
2016-03-14T19:09:07Z DEBUG stderr=
2016-03-14T19:09:07Z DEBUG duration: 0 seconds
2016-03-14T19:09:07Z DEBUG [7/23]: enable PKIX certificate path discovery and validation
2016-03-14T19:09:07Z DEBUG duration: 0 seconds
2016-03-14T19:09:07Z DEBUG [8/23]: starting certificate server instance
2016-03-14T19:09:07Z DEBUG Starting external process
2016-03-14T19:09:07Z DEBUG args='/bin/systemctl' 'start' 'pki-tomcatd at pki-tomcat.service'
2016-03-14T19:09:08Z DEBUG Process finished, return code=0
2016-03-14T19:09:08Z DEBUG stdout=
2016-03-14T19:09:08Z DEBUG stderr=
2016-03-14T19:09:08Z DEBUG Starting external process
2016-03-14T19:09:08Z DEBUG args='/bin/systemctl' 'is-active' 'pki-tomcatd at pki-tomcat.service'
2016-03-14T19:09:08Z DEBUG Process finished, return code=0
2016-03-14T19:09:08Z DEBUG stdout=active
2016-03-14T19:09:08Z DEBUG stderr=
2016-03-14T19:09:08Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
2016-03-14T19:09:10Z DEBUG Waiting until the CA is running
2016-03-14T19:09:10Z DEBUG Starting external process
2016-03-14T19:09:10Z DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://jutta.cc.umanitoba.ca:8443/ca/admin/ca/getStatus'
2016-03-14T19:09:17Z DEBUG Process finished, return code=0
2016-03-14T19:09:17Z DEBUG stdout=<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.2.5-6.el7</Version></XMLResponse>
2016-03-14T19:09:17Z DEBUG stderr=--2016-03-14 14:09:10-- https://jutta.cc.umanitoba.ca:8443/ca/admin/ca/getStatus
Resolving jutta.cc.umanitoba.ca (jutta.cc.umanitoba.ca)... 130.179.19.176
Connecting to jutta.cc.umanitoba.ca (jutta.cc.umanitoba.ca)|130.179.19.176|:8443... connected.
WARNING: cannot verify jutta.cc.umanitoba.ca's certificate, issued by ‘/O=UOFMT1/CN=Certificate Authority’:
Self-signed certificate encountered.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Content-Length: 167
Date: Mon, 14 Mar 2016 19:09:17 GMT
Length: 167 [application/xml]
Saving to: ‘STDOUT’
0K 100% 26.8M=0s
2016-03-14 14:09:17 (26.8 MB/s) - written to stdout [167/167]
2016-03-14T19:09:17Z DEBUG The CA status is: running
2016-03-14T19:09:17Z DEBUG duration: 9 seconds
2016-03-14T19:09:17Z DEBUG [9/23]: creating RA agent certificate database
2016-03-14T19:09:17Z DEBUG Starting external process
2016-03-14T19:09:17Z DEBUG args='/usr/bin/certutil' '-d' '/etc/httpd/alias' '-f' XXXXXXXX '-N'
2016-03-14T19:09:17Z DEBUG Process finished, return code=0
2016-03-14T19:09:17Z DEBUG stdout=
2016-03-14T19:09:17Z DEBUG stderr=
2016-03-14T19:09:17Z DEBUG duration: 0 seconds
2016-03-14T19:09:17Z DEBUG [10/23]: importing CA chain to RA certificate database
2016-03-14T19:09:17Z DEBUG Starting external process
2016-03-14T19:09:17Z DEBUG args='/usr/bin/openssl' 'pkcs7' '-inform' 'DER' '-print_certs'
2016-03-14T19:09:17Z DEBUG Process finished, return code=0
2016-03-14T19:09:17Z DEBUG stdout=subject=/O=UOFMT1/CN=Certificate Authority
issuer=/O=UOFMT1/CN=Certificate Authority
-----BEGIN CERTIFICATE-----
MIIDhjCCAm6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAxMQ8wDQYDVQQKDAZVT0ZN
VDExHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjAyMTIxMzQ3
MDdaFw0zNjAyMTIxMzQ3MDdaMDExDzANBgNVBAoMBlVPRk1UMTEeMBwGA1UEAwwV
Q2VydGlmaWNhdGUgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAxyrEHq/FMY5OV7bh0MM+JItSh/PDDcbcp2Q793vtnTFfFX1oEJTu5A6S
1ATshlPfq9vbjkph0WuLZetbivBodLevCFCfIxBp+PJqPk+FpahowmT8lheFOXs/
Tu/IthqL9ykXOc8HBUK6WU83ICNYwDjFD95ShbWy9oM//kkRJvdC4dRZU6g5UDav
0/bWol76UauFHLRiDPSri0G5eIP0YDUkrFtXhezVZJZX4y/FNYhXRFqLPVplV6dY
izoCIOABMpuiNiFFSvP5S4qjcpPGBqF5mfAnuzYfgHLM+xr7nutDLZXfcAclX6ep
lN7RMCpZEVve9AKU7geigBzV//sT6wIDAQABo4GoMIGlMB8GA1UdIwQYMBaAFOsQ
UcQthYZk+osgO4FcNl7KI4oEMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
AgHGMB0GA1UdDgQWBBTrEFHELYWGZPqLIDuBXDZeyiOKBDBCBggrBgEFBQcBAQQ2
MDQwMgYIKwYBBQUHMAGGJmh0dHA6Ly9tb3JrLmNjLnVtYW5pdG9iYS5jYTo4MC9j
YS9vY3NwMA0GCSqGSIb3DQEBCwUAA4IBAQCteJIO2uwNp7H/4yyG80VU8iGO9yn8
rj8wQM6lE0RGC0iNjzV/p+KltUxbuE2xJKoiqEFScXFQ6suQtco3MQAn6ZunCYLY
vlDosNsrgeA9ZsJzODP/y1WD+swB8ELWArAQQVxcFKSMmITEywO0x+dzM+1KCP4R
siTzN3uiiGjm3r3Zh1kWZhW44ArLD/e170df3rGP4m6U85a7ZfUXiRaOYj7D5M8p
VAHgx/zVZq8hPpIlqQvT0+HdD3Veh5vrZFkTzMSFCHqygKY3Bl+DWZ1mz/+X8KCi
yulmoyrUa5zGKDvahj1rM6hrYmrCnEExG3d7gBbt673UaKSdtWSkCY54
-----END CERTIFICATE-----
2016-03-14T19:09:17Z DEBUG stderr=
2016-03-14T19:09:17Z DEBUG Starting external process
2016-03-14T19:09:17Z DEBUG args='/usr/bin/certutil' '-d' '/etc/httpd/alias' '-f' XXXXXXXX '-A' '-t' 'CT,C,C' '-n' 'UOFMT1 IPA CA' '-a' '-i' '/tmp/tmp5p55LP'
2016-03-14T19:09:18Z DEBUG Process finished, return code=0
2016-03-14T19:09:18Z DEBUG stdout=
2016-03-14T19:09:18Z DEBUG stderr=
2016-03-14T19:09:18Z DEBUG duration: 0 seconds
2016-03-14T19:09:18Z DEBUG [11/23]: fixing RA database permissions
2016-03-14T19:09:18Z DEBUG duration: 0 seconds
2016-03-14T19:09:18Z DEBUG [12/23]: setting up signing cert profile
2016-03-14T19:09:18Z DEBUG duration: 0 seconds
2016-03-14T19:09:18Z DEBUG [13/23]: setting audit signing renewal to 2 years
2016-03-14T19:09:18Z DEBUG caSignedLogCert.cfg profile validity range is 720
2016-03-14T19:09:18Z DEBUG duration: 0 seconds
2016-03-14T19:09:18Z DEBUG [14/23]: importing RA certificate from PKCS #12 file
2016-03-14T19:09:18Z DEBUG Starting external process
2016-03-14T19:09:18Z DEBUG args='/usr/bin/pk12util' '-d' '/etc/httpd/alias' '-i' '/tmp/tmpCOFxLUipa/realm_info/ra.p12' '-k' '/etc/httpd/alias/pwdfile.txt' '-w' '/tmp/tmp0xGNvO'
2016-03-14T19:09:18Z DEBUG Process finished, return code=0
2016-03-14T19:09:18Z DEBUG stdout=pk12util: PKCS12 IMPORT SUCCESSFUL
2016-03-14T19:09:18Z DEBUG stderr=
2016-03-14T19:09:18Z DEBUG Starting external process
2016-03-14T19:09:18Z DEBUG args='/usr/bin/pki' '-d' '/etc/httpd/alias' '-C' '/etc/httpd/alias/pwdfile.txt' 'client-cert-show' 'ipaCert' '--client-cert' '/etc/httpd/alias/tmpwrOm3Z'
2016-03-14T19:09:19Z DEBUG Process finished, return code=0
2016-03-14T19:09:19Z DEBUG stdout=
2016-03-14T19:09:19Z DEBUG stderr=
2016-03-14T19:09:19Z DEBUG duration: 1 seconds
2016-03-14T19:09:19Z DEBUG [15/23]: authorizing RA to modify profiles
2016-03-14T19:09:20Z DEBUG Created connection context.ldap2_181018832
2016-03-14T19:09:20Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket from SchemaCache
2016-03-14T19:09:20Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x87fc7e8>
2016-03-14T19:09:20Z DEBUG Destroyed connection context.ldap2_181018832
2016-03-14T19:09:20Z DEBUG duration: 1 seconds
2016-03-14T19:09:20Z DEBUG [16/23]: configure certmonger for renewals
2016-03-14T19:09:20Z DEBUG Starting external process
2016-03-14T19:09:20Z DEBUG args='/bin/systemctl' 'enable' 'certmonger.service'
2016-03-14T19:09:20Z DEBUG Process finished, return code=0
2016-03-14T19:09:20Z DEBUG stdout=
2016-03-14T19:09:20Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/certmonger.service to /usr/lib/systemd/system/certmonger.service.
2016-03-14T19:09:20Z DEBUG Starting external process
2016-03-14T19:09:20Z DEBUG args='/bin/systemctl' 'start' 'messagebus.service'
2016-03-14T19:09:20Z DEBUG Process finished, return code=0
2016-03-14T19:09:20Z DEBUG stdout=
2016-03-14T19:09:20Z DEBUG stderr=
2016-03-14T19:09:20Z DEBUG Starting external process
2016-03-14T19:09:20Z DEBUG args='/bin/systemctl' 'is-active' 'messagebus.service'
2016-03-14T19:09:20Z DEBUG Process finished, return code=0
2016-03-14T19:09:20Z DEBUG stdout=active
2016-03-14T19:09:20Z DEBUG stderr=
2016-03-14T19:09:20Z DEBUG Starting external process
2016-03-14T19:09:20Z DEBUG args='/bin/systemctl' 'start' 'certmonger.service'
2016-03-14T19:09:20Z DEBUG Process finished, return code=0
2016-03-14T19:09:20Z DEBUG stdout=
2016-03-14T19:09:20Z DEBUG stderr=
2016-03-14T19:09:20Z DEBUG Starting external process
2016-03-14T19:09:20Z DEBUG args='/bin/systemctl' 'is-active' 'certmonger.service'
2016-03-14T19:09:20Z DEBUG Process finished, return code=0
2016-03-14T19:09:20Z DEBUG stdout=active
2016-03-14T19:09:20Z DEBUG stderr=
2016-03-14T19:09:21Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:09:21Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:09:21Z DEBUG duration: 0 seconds
2016-03-14T19:09:21Z DEBUG [17/23]: configure certificate renewals
2016-03-14T19:09:24Z DEBUG duration: 2 seconds
2016-03-14T19:09:24Z DEBUG [18/23]: configure Server-Cert certificate renewal
2016-03-14T19:09:25Z DEBUG duration: 0 seconds
2016-03-14T19:09:25Z DEBUG [19/23]: Configure HTTP to proxy connections
2016-03-14T19:09:25Z DEBUG duration: 0 seconds
2016-03-14T19:09:25Z DEBUG [20/23]: restarting certificate server
2016-03-14T19:09:25Z DEBUG Starting external process
2016-03-14T19:09:25Z DEBUG args='/bin/systemctl' 'restart' 'pki-tomcatd at pki-tomcat.service'
2016-03-14T19:09:26Z DEBUG Process finished, return code=0
2016-03-14T19:09:26Z DEBUG stdout=
2016-03-14T19:09:26Z DEBUG stderr=
2016-03-14T19:09:26Z DEBUG Starting external process
2016-03-14T19:09:26Z DEBUG args='/bin/systemctl' 'is-active' 'pki-tomcatd at pki-tomcat.service'
2016-03-14T19:09:26Z DEBUG Process finished, return code=0
2016-03-14T19:09:26Z DEBUG stdout=active
2016-03-14T19:09:26Z DEBUG stderr=
2016-03-14T19:09:26Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
2016-03-14T19:09:28Z DEBUG Waiting until the CA is running
2016-03-14T19:09:28Z DEBUG Starting external process
2016-03-14T19:09:28Z DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://jutta.cc.umanitoba.ca:8443/ca/admin/ca/getStatus'
2016-03-14T19:09:34Z DEBUG Process finished, return code=0
2016-03-14T19:09:34Z DEBUG stdout=<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.2.5-6.el7</Version></XMLResponse>
2016-03-14T19:09:34Z DEBUG stderr=--2016-03-14 14:09:28-- https://jutta.cc.umanitoba.ca:8443/ca/admin/ca/getStatus
Resolving jutta.cc.umanitoba.ca (jutta.cc.umanitoba.ca)... 130.179.19.176
Connecting to jutta.cc.umanitoba.ca (jutta.cc.umanitoba.ca)|130.179.19.176|:8443... connected.
WARNING: cannot verify jutta.cc.umanitoba.ca's certificate, issued by ‘/O=UOFMT1/CN=Certificate Authority’:
Self-signed certificate encountered.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Content-Length: 167
Date: Mon, 14 Mar 2016 19:09:34 GMT
Length: 167 [application/xml]
Saving to: ‘STDOUT’
0K 100% 41.6M=0s
2016-03-14 14:09:34 (41.6 MB/s) - written to stdout [167/167]
2016-03-14T19:09:34Z DEBUG The CA status is: running
2016-03-14T19:09:34Z DEBUG duration: 9 seconds
2016-03-14T19:09:34Z DEBUG [21/23]: migrating certificate profiles to LDAP
2016-03-14T19:09:35Z DEBUG Created connection context.ldap2_182082512
2016-03-14T19:09:35Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket from SchemaCache
2016-03-14T19:09:35Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xaca64d0>
2016-03-14T19:09:36Z DEBUG Destroyed connection context.ldap2_182082512
2016-03-14T19:09:36Z INFO Migrating profile 'caUserCert' to LDAP
2016-03-14T19:09:36Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:36Z DEBUG request body ''
2016-03-14T19:09:36Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:36Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:36Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:36Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:36Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:36Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:36Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:36Z DEBUG response status 200 OK
2016-03-14T19:09:36Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=2BB49E6BD78CB463934714800E3BAC08; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:36 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:36Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:36Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:36Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates.\nvisible=true\nenable=true\nenableBy=admin\nname=Manual User Dual-Use Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:36Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:36Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:36Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:36Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:36Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:36Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:36Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:36Z DEBUG response status 400 Bad Request
2016-03-14T19:09:36Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:36 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:36Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:36Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caUserCert?action=disable
2016-03-14T19:09:36Z DEBUG request body ''
2016-03-14T19:09:36Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:36Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:36Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:36Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:36Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:36Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:36Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:36Z DEBUG response status 204 No Content
2016-03-14T19:09:36Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:36 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:36Z DEBUG response body ''
2016-03-14T19:09:36Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caUserCert/raw
2016-03-14T19:09:36Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates.\nvisible=true\nenable=true\nenableBy=admin\nname=Manual User Dual-Use Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:36Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:36Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:36Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:36Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:36Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:36Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:36Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:36Z DEBUG response status 200 OK
2016-03-14T19:09:36Z DEBUG response headers {'content-length': '6170', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:36 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:36Z DEBUG response body '#Mon Mar 14 14:09:36 CDT 2016\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.3.constraint.params.keyType=-\ninput.i2.class_id=subjectNameInputImpl\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\noutput.o1.class_id=certOutputImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\noutput.list=o1\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\ninput.list=i1,i2,i3\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.2.constraint.params.range=365\nvisible=true\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.2.default.name=Validity Default\ndesc=This certificate profile is for enrolling user certificates.\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.9.default.params.signingAlg=-\nauth.class_id=\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\nenable=true\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.9.constraint.name=No Constraint\ninput.i1.class_id=keyGenInputImpl\nenableBy=admin\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.constraint.name=Validity Constraint\ninput.i3.class_id=submitterInfoInputImpl\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\nname=Manual User Dual-Use Certificate Enrollment\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.list=userCertSet\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\n'
2016-03-14T19:09:36Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caUserCert?action=enable
2016-03-14T19:09:36Z DEBUG request body ''
2016-03-14T19:09:36Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:36Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:36Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:36Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:36Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:36Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:36Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:37Z DEBUG response status 204 No Content
2016-03-14T19:09:37Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:36 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:37Z DEBUG response body ''
2016-03-14T19:09:37Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:37Z DEBUG request body ''
2016-03-14T19:09:37Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:37Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:37Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:37Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:37Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:37Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:37Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 204 No Content
2016-03-14T19:09:38Z DEBUG response headers {'set-cookie': 'JSESSIONID=4D00384B2F64BF62BD14FE6A4E5500B2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:38Z DEBUG response body ''
2016-03-14T19:09:38Z INFO Migrating profile 'caECUserCert' to LDAP
2016-03-14T19:09:38Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:38Z DEBUG request body ''
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 200 OK
2016-03-14T19:09:38Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=F728E25827F574EDAFBC6401C1687931; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:38Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:38Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:38Z DEBUG request body 'desc=This certificate profile is for enrolling user ECC certificates.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Dual-Use ECC Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=EC\npolicyset.userCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caECUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 400 Bad Request
2016-03-14T19:09:38Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:38Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:38Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caECUserCert?action=disable
2016-03-14T19:09:38Z DEBUG request body ''
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 204 No Content
2016-03-14T19:09:38Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:38Z DEBUG response body ''
2016-03-14T19:09:38Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caECUserCert/raw
2016-03-14T19:09:38Z DEBUG request body 'desc=This certificate profile is for enrolling user ECC certificates.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Dual-Use ECC Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=EC\npolicyset.userCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caECUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 200 OK
2016-03-14T19:09:38Z DEBUG response headers {'content-length': '6160', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:38Z DEBUG response body '#Mon Mar 14 14:09:38 CDT 2016\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.3.constraint.params.keyType=EC\ninput.i2.class_id=subjectNameInputImpl\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\noutput.o1.class_id=certOutputImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\noutput.list=o1\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\ninput.list=i1,i2,i3\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.2.constraint.params.range=365\nvisible=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.2.default.name=Validity Default\ndesc=This certificate profile is for enrolling user ECC certificates.\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.9.default.params.signingAlg=-\nauth.class_id=\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\nenable=true\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.9.constraint.name=No Constraint\ninput.i1.class_id=keyGenInputImpl\nenableBy=admin\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.constraint.name=Validity Constraint\ninput.i3.class_id=submitterInfoInputImpl\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\nname=Manual User Dual-Use ECC Certificate Enrollment\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.list=userCertSet\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\n'
2016-03-14T19:09:38Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caECUserCert?action=enable
2016-03-14T19:09:38Z DEBUG request body ''
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 204 No Content
2016-03-14T19:09:38Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:38Z DEBUG response body ''
2016-03-14T19:09:38Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:38Z DEBUG request body ''
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 204 No Content
2016-03-14T19:09:38Z DEBUG response headers {'set-cookie': 'JSESSIONID=7ADB905812C12D8E1B397E49EAE0D57B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:38Z DEBUG response body ''
2016-03-14T19:09:38Z INFO Migrating profile 'caUserSMIMEcapCert' to LDAP
2016-03-14T19:09:38Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:38Z DEBUG request body ''
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 200 OK
2016-03-14T19:09:38Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=362D2E418A46894A67BC07D9626AE959; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:38Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:38Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:38Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with S/MIME capabilities extension - OID: 1.2.840.113549.1.9.15\nvisible=true\nenable=true\nenableBy=admin\nname=Manual User Dual-Use S/MIME capabilities Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9,11\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\npolicyset.userCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.11.constraint.name=No Constraint\npolicyset.userCertSet.11.default.class_id=genericExtDefaultImpl\npolicyset.userCertSet.11.default.name=Generic Extension\npolicyset.userCertSet.11.default.params.genericExtOID=1.2.840.113549.1.9.15\npolicyset.userCertSet.11.default.params.genericExtData=3067300B06092A864886F70D010105300B06092A864886F70D01010B300B06092A864886F70D01010C300B06092A864886F70D01010D300A06082A864886F70D0307300B0609608648016503040102300B060960864801650304012A300B06092A864886F70D010101\nprofileId=caUserSMIMEcapCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 400 Bad Request
2016-03-14T19:09:38Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:38Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:38Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caUserSMIMEcapCert?action=disable
2016-03-14T19:09:38Z DEBUG request body ''
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 204 No Content
2016-03-14T19:09:38Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:38Z DEBUG response body ''
2016-03-14T19:09:38Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caUserSMIMEcapCert/raw
2016-03-14T19:09:38Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with S/MIME capabilities extension - OID: 1.2.840.113549.1.9.15\nvisible=true\nenable=true\nenableBy=admin\nname=Manual User Dual-Use S/MIME capabilities Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9,11\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\npolicyset.userCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.11.constraint.name=No Constraint\npolicyset.userCertSet.11.default.class_id=genericExtDefaultImpl\npolicyset.userCertSet.11.default.name=Generic Extension\npolicyset.userCertSet.11.default.params.genericExtOID=1.2.840.113549.1.9.15\npolicyset.userCertSet.11.default.params.genericExtData=3067300B06092A864886F70D010105300B06092A864886F70D01010B300B06092A864886F70D01010C300B06092A864886F70D01010D300A06082A864886F70D0307300B0609608648016503040102300B060960864801650304012A300B06092A864886F70D010101\nprofileId=caUserSMIMEcapCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 200 OK
2016-03-14T19:09:38Z DEBUG response headers {'content-length': '6835', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:38Z DEBUG response body '#Mon Mar 14 14:09:38 CDT 2016\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.3.constraint.params.keyType=-\ninput.i2.class_id=subjectNameInputImpl\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\noutput.o1.class_id=certOutputImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\noutput.list=o1\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\ninput.list=i1,i2,i3\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.2.constraint.params.range=365\nvisible=true\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.2.default.name=Validity Default\ndesc=This certificate profile is for enrolling user certificates with S/MIME capabilities extension - OID: 1.2.840.113549.1.9.15\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.11.default.name=Generic Extension\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.9.default.params.signingAlg=-\nauth.class_id=\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.11.default.class_id=genericExtDefaultImpl\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\nenable=true\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.11.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.name=No Constraint\ninput.i1.class_id=keyGenInputImpl\nenableBy=admin\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.constraint.name=Validity Constraint\ninput.i3.class_id=submitterInfoInputImpl\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\nname=Manual User Dual-Use S/MIME capabilities Certificate Enrollment\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9,11\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.list=userCertSet\npolicyset.userCertSet.11.default.params.genericExtOID=1.2.840.113549.1.9.15\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.11.default.params.genericExtData=3067300B06092A864886F70D010105300B06092A864886F70D01010B300B06092A864886F70D01010C300B06092A864886F70D01010D300A06082A864886F70D0307300B0609608648016503040102300B060960864801650304012A300B06092A864886F70D010101\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\n'
2016-03-14T19:09:38Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caUserSMIMEcapCert?action=enable
2016-03-14T19:09:38Z DEBUG request body ''
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 204 No Content
2016-03-14T19:09:38Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:38Z DEBUG response body ''
2016-03-14T19:09:38Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:38Z DEBUG request body ''
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 204 No Content
2016-03-14T19:09:38Z DEBUG response headers {'set-cookie': 'JSESSIONID=68E85FA9F6E0C8837D1B31D3EFDE5FB7; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:38Z DEBUG response body ''
2016-03-14T19:09:38Z INFO Migrating profile 'caDualCert' to LDAP
2016-03-14T19:09:38Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:38Z DEBUG request body ''
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 200 OK
2016-03-14T19:09:38Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=5A7BD7E79D0EBDD6D81B7F1FC6838FBF; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:38Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:38Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:38Z DEBUG request body 'desc=This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later.\nvisible=true\nenable=true\nenableBy=admin\nname=Manual User Signing & Encryption Certificates Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=dualKeyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=60\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=RSA\npolicyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\nprofileId=caDualCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 400 Bad Request
2016-03-14T19:09:38Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:38Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:38Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caDualCert?action=disable
2016-03-14T19:09:38Z DEBUG request body ''
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 204 No Content
2016-03-14T19:09:38Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:38Z DEBUG response body ''
2016-03-14T19:09:38Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caDualCert/raw
2016-03-14T19:09:38Z DEBUG request body 'desc=This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later.\nvisible=true\nenable=true\nenableBy=admin\nname=Manual User Signing & Encryption Certificates Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=dualKeyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=60\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=RSA\npolicyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\nprofileId=caDualCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 200 OK
2016-03-14T19:09:38Z DEBUG response headers {'transfer-encoding': 'chunked', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:38Z DEBUG response body '#Mon Mar 14 14:09:38 CDT 2016\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\nenable=true\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\noutput.o1.class_id=certOutputImpl\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\noutput.list=o1\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\nname=Manual User Signing & Encryption Certificates Enrollment\npolicyset.signingCertSet.3.constraint.params.keyType=RSA\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.2.default.params.startTime=60\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\ninput.list=i1,i2,i3\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.1.default.params.name=\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\nenableBy=admin\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\ndesc=This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later.\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\ninput.i1.class_id=dualKeyGenInputImpl\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\nvisible=true\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\ninput.i2.class_id=subjectNameInputImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\ninput.i3.class_id=submitterInfoInputImpl\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\nauth.class_id=\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\n'
2016-03-14T19:09:38Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caDualCert?action=enable
2016-03-14T19:09:38Z DEBUG request body ''
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 204 No Content
2016-03-14T19:09:38Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:38Z DEBUG response body ''
2016-03-14T19:09:38Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:38Z DEBUG request body ''
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 204 No Content
2016-03-14T19:09:38Z DEBUG response headers {'set-cookie': 'JSESSIONID=93435B41B79198259BBFCAD5B88DE61F; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:38Z DEBUG response body ''
2016-03-14T19:09:38Z INFO Migrating profile 'caECDualCert' to LDAP
2016-03-14T19:09:38Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:38Z DEBUG request body ''
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 200 OK
2016-03-14T19:09:38Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=0D3C658D864651D2DA35F784050BD668; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:38Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:38Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:38Z DEBUG request body 'desc=This certificate profile is for enrolling dual user ECC certificates. It works only with Netscape 7.0 or later.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Signing & Encryption ECC Certificates Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=dualKeyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=EC\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=60\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=EC\npolicyset.signingCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\nprofileId=caECDualCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:38Z DEBUG response status 400 Bad Request
2016-03-14T19:09:38Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:38Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:38Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caECDualCert?action=disable
2016-03-14T19:09:38Z DEBUG request body ''
2016-03-14T19:09:38Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:38Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:38Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:38Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:38Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:38Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:38Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 204 No Content
2016-03-14T19:09:39Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:38 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:39Z DEBUG response body ''
2016-03-14T19:09:39Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caECDualCert/raw
2016-03-14T19:09:39Z DEBUG request body 'desc=This certificate profile is for enrolling dual user ECC certificates. It works only with Netscape 7.0 or later.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Signing & Encryption ECC Certificates Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=dualKeyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=EC\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=60\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=EC\npolicyset.signingCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\nprofileId=caECDualCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 200 OK
2016-03-14T19:09:39Z DEBUG response headers {'transfer-encoding': 'chunked', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:39Z DEBUG response body '#Mon Mar 14 14:09:39 CDT 2016\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.3.constraint.params.keyType=EC\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\nenable=true\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\noutput.o1.class_id=certOutputImpl\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\noutput.list=o1\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\nname=Manual User Signing & Encryption ECC Certificates Enrollment\npolicyset.signingCertSet.3.constraint.params.keyType=EC\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.signingCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.2.default.params.startTime=60\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\ninput.list=i1,i2,i3\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.1.default.params.name=\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\nenableBy=admin\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\ndesc=This certificate profile is for enrolling dual user ECC certificates. It works only with Netscape 7.0 or later.\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\ninput.i1.class_id=dualKeyGenInputImpl\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\nvisible=false\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\ninput.i2.class_id=subjectNameInputImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\ninput.i3.class_id=submitterInfoInputImpl\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\nauth.class_id=\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\n'
2016-03-14T19:09:39Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caECDualCert?action=enable
2016-03-14T19:09:39Z DEBUG request body ''
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 204 No Content
2016-03-14T19:09:39Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:39Z DEBUG response body ''
2016-03-14T19:09:39Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:39Z DEBUG request body ''
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 204 No Content
2016-03-14T19:09:39Z DEBUG response headers {'set-cookie': 'JSESSIONID=C804A1E8761CECE2DC82D206F4C1541E; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:39Z DEBUG response body ''
2016-03-14T19:09:39Z INFO Migrating profile 'AdminCert' to LDAP
2016-03-14T19:09:39Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:39Z DEBUG request body ''
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 200 OK
2016-03-14T19:09:39Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=58C2F2F8544474D62F4223D1F6C632A0; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:39Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:39Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:39Z DEBUG request body "desc=This certificate profile is for enrolling Administrator's certificates suitable for use by clients such as browsers.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=\nname=Manual Administrator Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=adminCertSet\npolicyset.adminCertSet.list=1,2,3,4,5,6,7,8\npolicyset.adminCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.adminCertSet.1.constraint.name=Subject Name Constraint\npolicyset.adminCertSet.1.constraint.params.pattern=.*\npolicyset.adminCertSet.1.constraint.params.accept=true\npolicyset.adminCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.adminCertSet.1.default.name=Subject Name Default\npolicyset.adminCertSet.1.default.params.name=\npolicyset.adminCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.adminCertSet.2.constraint.name=Validity Constraint\npolicyset.adminCertSet.2.constraint.params.range=365\npolicyset.adminCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.adminCertSet.2.constraint.params.notAfterCheck=false\npolicyset.adminCertSet.2.default.class_id=validityDefaultImpl\npolicyset.adminCertSet.2.default.name=Validity Default\npolicyset.adminCertSet.2.default.params.range=365\npolicyset.adminCertSet.2.default.params.startTime=0\npolicyset.adminCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.adminCertSet.3.constraint.name=Key Constraint\npolicyset.adminCertSet.3.constraint.params.keyType=RSA\npolicyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.adminCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.adminCertSet.3.default.name=Key Default\npolicyset.adminCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.4.constraint.name=No Constraint\npolicyset.adminCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.adminCertSet.4.default.name=Authority Key Identifier Default\npolicyset.adminCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.5.constraint.name=No Constraint\npolicyset.adminCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.adminCertSet.5.default.name=AIA Extension Default\npolicyset.adminCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.adminCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.adminCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.adminCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.adminCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.adminCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.adminCertSet.6.default.name=Key Usage Default\npolicyset.adminCertSet.6.default.params.keyUsageCritical=true\npolicyset.adminCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.7.constraint.name=No Constraint\npolicyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.adminCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.adminCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.adminCertSet.8.constraint.name=No Constraint\npolicyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.adminCertSet.8.default.name=Signing Alg\npolicyset.adminCertSet.8.default.params.signingAlg=-\nprofileId=AdminCert\nclassId=caEnrollImpl\n"
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 400 Bad Request
2016-03-14T19:09:39Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:39Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:39Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/AdminCert?action=disable
2016-03-14T19:09:39Z DEBUG request body ''
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 204 No Content
2016-03-14T19:09:39Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:39Z DEBUG response body ''
2016-03-14T19:09:39Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/AdminCert/raw
2016-03-14T19:09:39Z DEBUG request body "desc=This certificate profile is for enrolling Administrator's certificates suitable for use by clients such as browsers.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=\nname=Manual Administrator Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=adminCertSet\npolicyset.adminCertSet.list=1,2,3,4,5,6,7,8\npolicyset.adminCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.adminCertSet.1.constraint.name=Subject Name Constraint\npolicyset.adminCertSet.1.constraint.params.pattern=.*\npolicyset.adminCertSet.1.constraint.params.accept=true\npolicyset.adminCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.adminCertSet.1.default.name=Subject Name Default\npolicyset.adminCertSet.1.default.params.name=\npolicyset.adminCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.adminCertSet.2.constraint.name=Validity Constraint\npolicyset.adminCertSet.2.constraint.params.range=365\npolicyset.adminCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.adminCertSet.2.constraint.params.notAfterCheck=false\npolicyset.adminCertSet.2.default.class_id=validityDefaultImpl\npolicyset.adminCertSet.2.default.name=Validity Default\npolicyset.adminCertSet.2.default.params.range=365\npolicyset.adminCertSet.2.default.params.startTime=0\npolicyset.adminCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.adminCertSet.3.constraint.name=Key Constraint\npolicyset.adminCertSet.3.constraint.params.keyType=RSA\npolicyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.adminCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.adminCertSet.3.default.name=Key Default\npolicyset.adminCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.4.constraint.name=No Constraint\npolicyset.adminCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.adminCertSet.4.default.name=Authority Key Identifier Default\npolicyset.adminCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.5.constraint.name=No Constraint\npolicyset.adminCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.adminCertSet.5.default.name=AIA Extension Default\npolicyset.adminCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.adminCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.adminCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.adminCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.adminCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.adminCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.adminCertSet.6.default.name=Key Usage Default\npolicyset.adminCertSet.6.default.params.keyUsageCritical=true\npolicyset.adminCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.7.constraint.name=No Constraint\npolicyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.adminCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.adminCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.adminCertSet.8.constraint.name=No Constraint\npolicyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.adminCertSet.8.default.name=Signing Alg\npolicyset.adminCertSet.8.default.params.signingAlg=-\nprofileId=AdminCert\nclassId=caEnrollImpl\n"
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 200 OK
2016-03-14T19:09:39Z DEBUG response headers {'content-length': '5299', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:39Z DEBUG response body "#Mon Mar 14 14:09:39 CDT 2016\npolicyset.adminCertSet.7.constraint.class_id=noConstraintImpl\ninput.i2.class_id=submitterInfoInputImpl\npolicyset.adminCertSet.2.constraint.name=Validity Constraint\nauth.instance_id=\npolicyset.adminCertSet.6.default.class_id=keyUsageExtDefaultImpl\noutput.o1.class_id=certOutputImpl\npolicyset.adminCertSet.8.constraint.name=No Constraint\npolicyset.adminCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.adminCertSet.1.default.params.name=\npolicyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.adminCertSet.4.default.name=Authority Key Identifier Default\noutput.list=o1\npolicyset.adminCertSet.2.default.params.range=365\ninput.list=i1,i2,i3\npolicyset.adminCertSet.2.default.params.startTime=0\npolicyset.adminCertSet.8.default.params.signingAlg=-\nvisible=true\npolicyset.adminCertSet.1.constraint.name=Subject Name Constraint\ndesc=This certificate profile is for enrolling Administrator's certificates suitable for use by clients such as browsers.\npolicyset.adminCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.adminCertSet.7.constraint.name=No Constraint\npolicyset.adminCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.adminCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.adminCertSet.3.default.name=Key Default\npolicyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.list=1,2,3,4,5,6,7,8\npolicyset.adminCertSet.1.constraint.params.accept=true\npolicyset.adminCertSet.2.default.class_id=validityDefaultImpl\nenable=true\npolicyset.adminCertSet.2.constraint.params.range=365\npolicyset.adminCertSet.8.default.name=Signing Alg\npolicyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint\ninput.i1.class_id=certReqInputImpl\npolicyset.adminCertSet.7.default.params.exKeyUsageCritical=false\nenableBy=admin\npolicyset.adminCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.adminCertSet.3.constraint.params.keyType=RSA\npolicyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.2.constraint.params.notAfterCheck=false\ninput.i3.class_id=subjectDNInputImpl\npolicyset.adminCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.adminCertSet.5.constraint.name=No Constraint\npolicyset.adminCertSet.2.default.name=Validity Default\npolicyset.adminCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.5.constraint.class_id=noConstraintImpl\nname=Manual Administrator Certificate Enrollment\npolicyset.adminCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.adminCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.adminCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.adminCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.adminCertSet.4.constraint.name=No Constraint\npolicyset.adminCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.adminCertSet.1.default.name=Subject Name Default\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.adminCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.list=adminCertSet\npolicyset.adminCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.adminCertSet.3.constraint.name=Key Constraint\npolicyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.adminCertSet.6.default.name=Key Usage Default\npolicyset.adminCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.1.constraint.params.pattern=.*\npolicyset.adminCertSet.6.default.params.keyUsageCritical=true\npolicyset.adminCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.5.default.name=AIA Extension Default\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.adminCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.4.constraint.class_id=noConstraintImpl\n"
2016-03-14T19:09:39Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/AdminCert?action=enable
2016-03-14T19:09:39Z DEBUG request body ''
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 204 No Content
2016-03-14T19:09:39Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:39Z DEBUG response body ''
2016-03-14T19:09:39Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:39Z DEBUG request body ''
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 204 No Content
2016-03-14T19:09:39Z DEBUG response headers {'set-cookie': 'JSESSIONID=E4D0075648385CB4879F342DDCC039C3; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:39Z DEBUG response body ''
2016-03-14T19:09:39Z INFO Migrating profile 'caSignedLogCert' to LDAP
2016-03-14T19:09:39Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:39Z DEBUG request body ''
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 200 OK
2016-03-14T19:09:39Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=4514197732B6242B1934C3B4A4E30F50; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:39Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:39Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:39Z DEBUG request body 'desc=This profile is for enrolling audit log signing certificates\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Log Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caLogSigningSet\npolicyset.caLogSigningSet.list=1,2,3,4,6,8,9\npolicyset.caLogSigningSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caLogSigningSet.1.constraint.name=Subject Name Constraint\npolicyset.caLogSigningSet.1.constraint.params.pattern=CN=.*\npolicyset.caLogSigningSet.1.constraint.params.accept=true\npolicyset.caLogSigningSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caLogSigningSet.1.default.name=Subject Name Default\npolicyset.caLogSigningSet.1.default.params.name=\npolicyset.caLogSigningSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caLogSigningSet.2.constraint.name=Validity Constraint\npolicyset.caLogSigningSet.2.constraint.params.range=720\npolicyset.caLogSigningSet.2.constraint.params.notBeforeCheck=false\npolicyset.caLogSigningSet.2.constraint.params.notAfterCheck=false\npolicyset.caLogSigningSet.2.default.class_id=validityDefaultImpl\npolicyset.caLogSigningSet.2.default.name=Validity Default\npolicyset.caLogSigningSet.2.default.params.range=720\npolicyset.caLogSigningSet.2.default.params.startTime=60\npolicyset.caLogSigningSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caLogSigningSet.3.constraint.name=Key Constraint\npolicyset.caLogSigningSet.3.constraint.params.keyType=RSA\npolicyset.caLogSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.caLogSigningSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caLogSigningSet.3.default.name=Key Default\npolicyset.caLogSigningSet.4.constraint.class_id=noConstraintImpl\npolicyset.caLogSigningSet.4.constraint.name=No Constraint\npolicyset.caLogSigningSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caLogSigningSet.4.default.name=Authority Key Identifier Default\npolicyset.caLogSigningSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caLogSigningSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caLogSigningSet.6.constraint.params.keyUsageCritical=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caLogSigningSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caLogSigningSet.6.default.name=Key Usage Default\npolicyset.caLogSigningSet.6.default.params.keyUsageCritical=true\npolicyset.caLogSigningSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caLogSigningSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caLogSigningSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.caLogSigningSet.6.default.params.keyUsageCrlSign=false\npolicyset.caLogSigningSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caLogSigningSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caLogSigningSet.8.constraint.class_id=noConstraintImpl\npolicyset.caLogSigningSet.8.constraint.name=No Constraint\npolicyset.caLogSigningSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caLogSigningSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caLogSigningSet.8.default.params.critical=false\npolicyset.caLogSigningSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caLogSigningSet.9.constraint.name=No Constraint\npolicyset.caLogSigningSet.9.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.caLogSigningSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caLogSigningSet.9.default.name=Signing Alg\npolicyset.caLogSigningSet.9.default.params.signingAlg=-\nprofileId=caSignedLogCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 400 Bad Request
2016-03-14T19:09:39Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:39Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:39Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caSignedLogCert?action=disable
2016-03-14T19:09:39Z DEBUG request body ''
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 204 No Content
2016-03-14T19:09:39Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:39Z DEBUG response body ''
2016-03-14T19:09:39Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caSignedLogCert/raw
2016-03-14T19:09:39Z DEBUG request body 'desc=This profile is for enrolling audit log signing certificates\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Log Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caLogSigningSet\npolicyset.caLogSigningSet.list=1,2,3,4,6,8,9\npolicyset.caLogSigningSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caLogSigningSet.1.constraint.name=Subject Name Constraint\npolicyset.caLogSigningSet.1.constraint.params.pattern=CN=.*\npolicyset.caLogSigningSet.1.constraint.params.accept=true\npolicyset.caLogSigningSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caLogSigningSet.1.default.name=Subject Name Default\npolicyset.caLogSigningSet.1.default.params.name=\npolicyset.caLogSigningSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caLogSigningSet.2.constraint.name=Validity Constraint\npolicyset.caLogSigningSet.2.constraint.params.range=720\npolicyset.caLogSigningSet.2.constraint.params.notBeforeCheck=false\npolicyset.caLogSigningSet.2.constraint.params.notAfterCheck=false\npolicyset.caLogSigningSet.2.default.class_id=validityDefaultImpl\npolicyset.caLogSigningSet.2.default.name=Validity Default\npolicyset.caLogSigningSet.2.default.params.range=720\npolicyset.caLogSigningSet.2.default.params.startTime=60\npolicyset.caLogSigningSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caLogSigningSet.3.constraint.name=Key Constraint\npolicyset.caLogSigningSet.3.constraint.params.keyType=RSA\npolicyset.caLogSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.caLogSigningSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caLogSigningSet.3.default.name=Key Default\npolicyset.caLogSigningSet.4.constraint.class_id=noConstraintImpl\npolicyset.caLogSigningSet.4.constraint.name=No Constraint\npolicyset.caLogSigningSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caLogSigningSet.4.default.name=Authority Key Identifier Default\npolicyset.caLogSigningSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caLogSigningSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caLogSigningSet.6.constraint.params.keyUsageCritical=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caLogSigningSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caLogSigningSet.6.default.name=Key Usage Default\npolicyset.caLogSigningSet.6.default.params.keyUsageCritical=true\npolicyset.caLogSigningSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caLogSigningSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caLogSigningSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.caLogSigningSet.6.default.params.keyUsageCrlSign=false\npolicyset.caLogSigningSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caLogSigningSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caLogSigningSet.8.constraint.class_id=noConstraintImpl\npolicyset.caLogSigningSet.8.constraint.name=No Constraint\npolicyset.caLogSigningSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caLogSigningSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caLogSigningSet.8.default.params.critical=false\npolicyset.caLogSigningSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caLogSigningSet.9.constraint.name=No Constraint\npolicyset.caLogSigningSet.9.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.caLogSigningSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caLogSigningSet.9.default.name=Signing Alg\npolicyset.caLogSigningSet.9.default.params.signingAlg=-\nprofileId=caSignedLogCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 200 OK
2016-03-14T19:09:39Z DEBUG response headers {'content-length': '4619', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:39Z DEBUG response body '#Mon Mar 14 14:09:39 CDT 2016\ninput.i2.class_id=submitterInfoInputImpl\noutput.o1.class_id=certOutputImpl\npolicyset.caLogSigningSet.9.default.params.signingAlg=-\npolicyset.caLogSigningSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caLogSigningSet.3.constraint.name=Key Constraint\npolicyset.caLogSigningSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caLogSigningSet.1.constraint.params.pattern=CN=.*\npolicyset.caLogSigningSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caLogSigningSet.9.constraint.name=No Constraint\npolicyset.caLogSigningSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caLogSigningSet.3.constraint.class_id=keyConstraintImpl\noutput.list=o1\npolicyset.caLogSigningSet.2.default.params.range=720\ninput.list=i1,i2\npolicyset.caLogSigningSet.4.default.name=Authority Key Identifier Default\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyEncipherment=false\nvisible=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caLogSigningSet.2.constraint.name=Validity Constraint\ndesc=This profile is for enrolling audit log signing certificates\npolicyset.caLogSigningSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caLogSigningSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caLogSigningSet.2.default.class_id=validityDefaultImpl\npolicyset.caLogSigningSet.8.constraint.name=No Constraint\npolicyset.caLogSigningSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.caLogSigningSet.9.default.name=Signing Alg\npolicyset.caLogSigningSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caLogSigningSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caLogSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.caLogSigningSet.2.constraint.params.range=720\npolicyset.caLogSigningSet.2.constraint.params.notAfterCheck=false\npolicyset.caLogSigningSet.1.constraint.name=Subject Name Constraint\nauth.class_id=\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caLogSigningSet.8.default.params.critical=false\npolicyset.caLogSigningSet.list=1,2,3,4,6,8,9\npolicyset.caLogSigningSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caLogSigningSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caLogSigningSet.2.constraint.class_id=validityConstraintImpl\nenable=true\npolicyset.caLogSigningSet.3.default.name=Key Default\npolicyset.caLogSigningSet.2.default.name=Validity Default\npolicyset.caLogSigningSet.8.default.name=Subject Key Identifier Extension Default\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.caLogSigningSet.2.default.params.startTime=60\npolicyset.caLogSigningSet.6.default.params.keyUsageCrlSign=false\npolicyset.caLogSigningSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caLogSigningSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caLogSigningSet.6.default.params.keyUsageEncipherOnly=false\nname=Manual Log Signing Certificate Enrollment\npolicyset.caLogSigningSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caLogSigningSet.9.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.caLogSigningSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caLogSigningSet.6.default.params.keyUsageCritical=true\npolicyset.caLogSigningSet.8.constraint.class_id=noConstraintImpl\npolicyset.caLogSigningSet.1.default.name=Subject Name Default\npolicyset.caLogSigningSet.3.constraint.params.keyType=RSA\npolicyset.caLogSigningSet.1.constraint.params.accept=true\npolicyset.list=caLogSigningSet\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.caLogSigningSet.6.default.name=Key Usage Default\npolicyset.caLogSigningSet.6.constraint.params.keyUsageCritical=true\npolicyset.caLogSigningSet.4.constraint.class_id=noConstraintImpl\npolicyset.caLogSigningSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caLogSigningSet.4.constraint.name=No Constraint\npolicyset.caLogSigningSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caLogSigningSet.2.constraint.params.notBeforeCheck=false\npolicyset.caLogSigningSet.1.default.params.name=\n'
2016-03-14T19:09:39Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caSignedLogCert?action=enable
2016-03-14T19:09:39Z DEBUG request body ''
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 204 No Content
2016-03-14T19:09:39Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:39Z DEBUG response body ''
2016-03-14T19:09:39Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:39Z DEBUG request body ''
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 204 No Content
2016-03-14T19:09:39Z DEBUG response headers {'set-cookie': 'JSESSIONID=BA0A163C9020D36A3AB0FCE45E6E03A6; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:39Z DEBUG response body ''
2016-03-14T19:09:39Z INFO Migrating profile 'caTPSCert' to LDAP
2016-03-14T19:09:39Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:39Z DEBUG request body ''
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 200 OK
2016-03-14T19:09:39Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=263575B84018FB82F951D34D3998B0A3; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:39Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:39Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:39Z DEBUG request body 'desc=This certificate profile is for enrolling TPS server certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual TPS Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caTPSCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 400 Bad Request
2016-03-14T19:09:39Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:39Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:39Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTPSCert?action=disable
2016-03-14T19:09:39Z DEBUG request body ''
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 204 No Content
2016-03-14T19:09:39Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:39Z DEBUG response body ''
2016-03-14T19:09:39Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTPSCert/raw
2016-03-14T19:09:39Z DEBUG request body 'desc=This certificate profile is for enrolling TPS server certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual TPS Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caTPSCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 200 OK
2016-03-14T19:09:39Z DEBUG response headers {'content-length': '5323', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:39Z DEBUG response body '#Mon Mar 14 14:09:39 CDT 2016\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\ninput.i2.class_id=submitterInfoInputImpl\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\ndesc=This certificate profile is for enrolling TPS server certificates.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\nauth.class_id=\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=Manual TPS Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\n'
2016-03-14T19:09:39Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTPSCert?action=enable
2016-03-14T19:09:39Z DEBUG request body ''
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 204 No Content
2016-03-14T19:09:39Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:39Z DEBUG response body ''
2016-03-14T19:09:39Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:39Z DEBUG request body ''
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 204 No Content
2016-03-14T19:09:39Z DEBUG response headers {'set-cookie': 'JSESSIONID=5035245D22A324392928EE4EEC7C8592; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:39Z DEBUG response body ''
2016-03-14T19:09:39Z INFO Migrating profile 'caRARouterCert' to LDAP
2016-03-14T19:09:39Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:39Z DEBUG request body ''
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 200 OK
2016-03-14T19:09:39Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=3BED34D6204D5BED1A3A8DD4DBB4C396; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:39Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:39Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:39Z DEBUG request body 'desc=This certificate profile is for enrolling router certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated Router Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRARouterCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 400 Bad Request
2016-03-14T19:09:39Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:39Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:39Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caRARouterCert?action=disable
2016-03-14T19:09:39Z DEBUG request body ''
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:39Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:39Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:39Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:39Z DEBUG response status 204 No Content
2016-03-14T19:09:39Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:39Z DEBUG response body ''
2016-03-14T19:09:39Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caRARouterCert/raw
2016-03-14T19:09:39Z DEBUG request body 'desc=This certificate profile is for enrolling router certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated Router Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRARouterCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:39Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:39Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:39Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:39Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 200 OK
2016-03-14T19:09:40Z DEBUG response headers {'content-length': '5301', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:39 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:40Z DEBUG response body '#Mon Mar 14 14:09:40 CDT 2016\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=false\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\ndesc=This certificate profile is for enrolling router certificates.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=.*\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=RA Agent-Authenticated Router Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\n'
2016-03-14T19:09:40Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caRARouterCert?action=enable
2016-03-14T19:09:40Z DEBUG request body ''
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 204 No Content
2016-03-14T19:09:40Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:40Z DEBUG response body ''
2016-03-14T19:09:40Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:40Z DEBUG request body ''
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 204 No Content
2016-03-14T19:09:40Z DEBUG response headers {'set-cookie': 'JSESSIONID=AE2F0C3EFDC7441CBC33785C6C2AD524; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:40Z DEBUG response body ''
2016-03-14T19:09:40Z INFO Migrating profile 'caRouterCert' to LDAP
2016-03-14T19:09:40Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:40Z DEBUG request body ''
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 200 OK
2016-03-14T19:09:40Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=4F1E3DDE232F22C77F4D81BE2D817D47; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:40Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:40Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:40Z DEBUG request body 'desc=This certificate profile is for enrolling router certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=flatFileAuth\nname=One Time Pin Router Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRouterCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 400 Bad Request
2016-03-14T19:09:40Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:40Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:40Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caRouterCert?action=disable
2016-03-14T19:09:40Z DEBUG request body ''
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 204 No Content
2016-03-14T19:09:40Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:40Z DEBUG response body ''
2016-03-14T19:09:40Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caRouterCert/raw
2016-03-14T19:09:40Z DEBUG request body 'desc=This certificate profile is for enrolling router certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=flatFileAuth\nname=One Time Pin Router Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRouterCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 200 OK
2016-03-14T19:09:40Z DEBUG response headers {'content-length': '5293', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:40Z DEBUG response body '#Mon Mar 14 14:09:40 CDT 2016\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=flatFileAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=false\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\ndesc=This certificate profile is for enrolling router certificates.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=.*\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=One Time Pin Router Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\n'
2016-03-14T19:09:40Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caRouterCert?action=enable
2016-03-14T19:09:40Z DEBUG request body ''
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 204 No Content
2016-03-14T19:09:40Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:40Z DEBUG response body ''
2016-03-14T19:09:40Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:40Z DEBUG request body ''
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 204 No Content
2016-03-14T19:09:40Z DEBUG response headers {'set-cookie': 'JSESSIONID=4371FA3239504064D9784E3F4C6CD03F; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:40Z DEBUG response body ''
2016-03-14T19:09:40Z INFO Migrating profile 'caServerCert' to LDAP
2016-03-14T19:09:40Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:40Z DEBUG request body ''
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 200 OK
2016-03-14T19:09:40Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=02C4208C06E218A19CCEBE1E390D64B2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:40Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:40Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:40Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caServerCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 400 Bad Request
2016-03-14T19:09:40Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:40Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:40Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caServerCert?action=disable
2016-03-14T19:09:40Z DEBUG request body ''
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 204 No Content
2016-03-14T19:09:40Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:40Z DEBUG response body ''
2016-03-14T19:09:40Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caServerCert/raw
2016-03-14T19:09:40Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caServerCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 200 OK
2016-03-14T19:09:40Z DEBUG response headers {'content-length': '5299', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:40Z DEBUG response body '#Mon Mar 14 14:09:40 CDT 2016\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\ninput.i2.class_id=submitterInfoInputImpl\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\ndesc=This certificate profile is for enrolling server certificates.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\nauth.class_id=\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=.*CN=.*\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=Manual Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\n'
2016-03-14T19:09:40Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caServerCert?action=enable
2016-03-14T19:09:40Z DEBUG request body ''
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 204 No Content
2016-03-14T19:09:40Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:40Z DEBUG response body ''
2016-03-14T19:09:40Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:40Z DEBUG request body ''
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 204 No Content
2016-03-14T19:09:40Z DEBUG response headers {'set-cookie': 'JSESSIONID=9B5B7864D23A20CD224EE17EB3AD37CD; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:40Z DEBUG response body ''
2016-03-14T19:09:40Z INFO Migrating profile 'caSubsystemCert' to LDAP
2016-03-14T19:09:40Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:40Z DEBUG request body ''
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 200 OK
2016-03-14T19:09:40Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=F0B5C2EC5E09E218AC964211DF296EF3; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:40Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:40Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:40Z DEBUG request body 'desc=This certificate profile is for enrolling subsystem certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Subsystem Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caSubsystemCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 400 Bad Request
2016-03-14T19:09:40Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:40Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:40Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caSubsystemCert?action=disable
2016-03-14T19:09:40Z DEBUG request body ''
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 204 No Content
2016-03-14T19:09:40Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:40Z DEBUG response body ''
2016-03-14T19:09:40Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caSubsystemCert/raw
2016-03-14T19:09:40Z DEBUG request body 'desc=This certificate profile is for enrolling subsystem certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Subsystem Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caSubsystemCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 200 OK
2016-03-14T19:09:40Z DEBUG response headers {'content-length': '5285', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:40Z DEBUG response body '#Mon Mar 14 14:09:40 CDT 2016\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\ninput.i2.class_id=submitterInfoInputImpl\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\ndesc=This certificate profile is for enrolling subsystem certificates.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\nauth.class_id=\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=Manual Subsystem Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\n'
2016-03-14T19:09:40Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caSubsystemCert?action=enable
2016-03-14T19:09:40Z DEBUG request body ''
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 204 No Content
2016-03-14T19:09:40Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:40Z DEBUG response body ''
2016-03-14T19:09:40Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:40Z DEBUG request body ''
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 204 No Content
2016-03-14T19:09:40Z DEBUG response headers {'set-cookie': 'JSESSIONID=74837A55B84F3915EC4FFADE58C8809A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:40Z DEBUG response body ''
2016-03-14T19:09:40Z INFO Migrating profile 'caOtherCert' to LDAP
2016-03-14T19:09:40Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:40Z DEBUG request body ''
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 200 OK
2016-03-14T19:09:40Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=693B8A972A115A6BDB57B6103212B28A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:40Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:40Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:40Z DEBUG request body 'desc=This certificate profile is for enrolling other certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Other Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=otherCertSet\npolicyset.otherCertSet.list=1,2,3,4,5,6,7,8\npolicyset.otherCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.otherCertSet.1.constraint.name=Subject Name Constraint\npolicyset.otherCertSet.1.constraint.params.pattern=CN=.*\npolicyset.otherCertSet.1.constraint.params.accept=true\npolicyset.otherCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.otherCertSet.1.default.name=Subject Name Default\npolicyset.otherCertSet.1.default.params.name=\npolicyset.otherCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.otherCertSet.2.constraint.name=Validity Constraint\npolicyset.otherCertSet.2.constraint.params.range=720\npolicyset.otherCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.otherCertSet.2.constraint.params.notAfterCheck=false\npolicyset.otherCertSet.2.default.class_id=validityDefaultImpl\npolicyset.otherCertSet.2.default.name=Validity Default\npolicyset.otherCertSet.2.default.params.range=720\npolicyset.otherCertSet.2.default.params.startTime=0\npolicyset.otherCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.otherCertSet.3.constraint.name=Key Constraint\npolicyset.otherCertSet.3.constraint.params.keyType=-\npolicyset.otherCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.otherCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.otherCertSet.3.default.name=Key Default\npolicyset.otherCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.4.constraint.name=No Constraint\npolicyset.otherCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.otherCertSet.4.default.name=Authority Key Identifier Default\npolicyset.otherCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.5.constraint.name=No Constraint\npolicyset.otherCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.otherCertSet.5.default.name=AIA Extension Default\npolicyset.otherCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.otherCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.otherCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.otherCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.otherCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.otherCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.otherCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.otherCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.otherCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.otherCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.otherCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.otherCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.otherCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.otherCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.otherCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.otherCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.otherCertSet.6.default.name=Key Usage Default\npolicyset.otherCertSet.6.default.params.keyUsageCritical=true\npolicyset.otherCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.otherCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.otherCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.otherCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.otherCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.otherCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.otherCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.otherCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.otherCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.otherCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.7.constraint.name=No Constraint\npolicyset.otherCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.otherCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.otherCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.otherCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.otherCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.otherCertSet.8.constraint.name=No Constraint\npolicyset.otherCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.otherCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.otherCertSet.8.default.name=Signing Alg\npolicyset.otherCertSet.8.default.params.signingAlg=-\nprofileId=caOtherCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 400 Bad Request
2016-03-14T19:09:40Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:40Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:40Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caOtherCert?action=disable
2016-03-14T19:09:40Z DEBUG request body ''
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:40Z DEBUG response status 204 No Content
2016-03-14T19:09:40Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:40Z DEBUG response body ''
2016-03-14T19:09:40Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caOtherCert/raw
2016-03-14T19:09:40Z DEBUG request body 'desc=This certificate profile is for enrolling other certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Other Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=otherCertSet\npolicyset.otherCertSet.list=1,2,3,4,5,6,7,8\npolicyset.otherCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.otherCertSet.1.constraint.name=Subject Name Constraint\npolicyset.otherCertSet.1.constraint.params.pattern=CN=.*\npolicyset.otherCertSet.1.constraint.params.accept=true\npolicyset.otherCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.otherCertSet.1.default.name=Subject Name Default\npolicyset.otherCertSet.1.default.params.name=\npolicyset.otherCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.otherCertSet.2.constraint.name=Validity Constraint\npolicyset.otherCertSet.2.constraint.params.range=720\npolicyset.otherCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.otherCertSet.2.constraint.params.notAfterCheck=false\npolicyset.otherCertSet.2.default.class_id=validityDefaultImpl\npolicyset.otherCertSet.2.default.name=Validity Default\npolicyset.otherCertSet.2.default.params.range=720\npolicyset.otherCertSet.2.default.params.startTime=0\npolicyset.otherCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.otherCertSet.3.constraint.name=Key Constraint\npolicyset.otherCertSet.3.constraint.params.keyType=-\npolicyset.otherCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.otherCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.otherCertSet.3.default.name=Key Default\npolicyset.otherCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.4.constraint.name=No Constraint\npolicyset.otherCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.otherCertSet.4.default.name=Authority Key Identifier Default\npolicyset.otherCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.5.constraint.name=No Constraint\npolicyset.otherCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.otherCertSet.5.default.name=AIA Extension Default\npolicyset.otherCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.otherCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.otherCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.otherCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.otherCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.otherCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.otherCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.otherCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.otherCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.otherCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.otherCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.otherCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.otherCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.otherCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.otherCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.otherCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.otherCertSet.6.default.name=Key Usage Default\npolicyset.otherCertSet.6.default.params.keyUsageCritical=true\npolicyset.otherCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.otherCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.otherCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.otherCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.otherCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.otherCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.otherCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.otherCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.otherCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.otherCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.7.constraint.name=No Constraint\npolicyset.otherCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.otherCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.otherCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.otherCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.otherCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.otherCertSet.8.constraint.name=No Constraint\npolicyset.otherCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.otherCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.otherCertSet.8.default.name=Signing Alg\npolicyset.otherCertSet.8.default.params.signingAlg=-\nprofileId=caOtherCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:40Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:40Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:40Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:40Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:40Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:40Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:40Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 200 OK
2016-03-14T19:09:41Z DEBUG response headers {'content-length': '5214', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:41Z DEBUG response body '#Mon Mar 14 14:09:40 CDT 2016\npolicyset.otherCertSet.3.default.name=Key Default\npolicyset.otherCertSet.1.constraint.params.pattern=CN=.*\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyCertSign=false\ninput.i2.class_id=submitterInfoInputImpl\npolicyset.otherCertSet.2.constraint.params.range=720\npolicyset.otherCertSet.1.default.class_id=userSubjectNameDefaultImpl\noutput.o1.class_id=certOutputImpl\npolicyset.otherCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.otherCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.otherCertSet.8.default.name=Signing Alg\npolicyset.otherCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.otherCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.otherCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.otherCertSet.2.constraint.name=Validity Constraint\npolicyset.otherCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.otherCertSet.2.default.class_id=validityDefaultImpl\noutput.list=o1\npolicyset.otherCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.otherCertSet.8.constraint.name=No Constraint\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyEncipherment=true\ninput.list=i1,i2\npolicyset.otherCertSet.2.default.name=Validity Default\nvisible=true\npolicyset.otherCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.otherCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\ndesc=This certificate profile is for enrolling other certificates.\npolicyset.otherCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.otherCertSet.2.constraint.params.notAfterCheck=false\npolicyset.otherCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.otherCertSet.list=1,2,3,4,5,6,7,8\npolicyset.otherCertSet.1.constraint.name=Subject Name Constraint\npolicyset.otherCertSet.8.default.params.signingAlg=-\nauth.class_id=\npolicyset.otherCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.otherCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.otherCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.otherCertSet.7.constraint.name=No Constraint\npolicyset.otherCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.otherCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.otherCertSet.1.default.name=Subject Name Default\nenable=true\npolicyset.otherCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.otherCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.otherCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.otherCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.otherCertSet.6.default.name=Key Usage Default\npolicyset.otherCertSet.6.default.params.keyUsageCritical=true\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.otherCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.otherCertSet.6.constraint.params.keyUsageDigitalSignature=true\nname=Other Certificate Enrollment\npolicyset.otherCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.otherCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.otherCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.otherCertSet.5.constraint.name=No Constraint\npolicyset.otherCertSet.3.constraint.params.keyType=-\npolicyset.otherCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.otherCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.otherCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.otherCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.otherCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.otherCertSet.5.default.name=AIA Extension Default\npolicyset.otherCertSet.2.default.params.startTime=0\npolicyset.otherCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.otherCertSet.4.default.name=Authority Key Identifier Default\npolicyset.list=otherCertSet\npolicyset.otherCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.otherCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.otherCertSet.4.constraint.name=No Constraint\npolicyset.otherCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.otherCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.otherCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.otherCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.otherCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.otherCertSet.2.default.params.range=720\npolicyset.otherCertSet.3.constraint.name=Key Constraint\npolicyset.otherCertSet.1.default.params.name=\npolicyset.otherCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.otherCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.otherCertSet.1.constraint.params.accept=true\npolicyset.otherCertSet.7.constraint.class_id=noConstraintImpl\n'
2016-03-14T19:09:41Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caOtherCert?action=enable
2016-03-14T19:09:41Z DEBUG request body ''
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 204 No Content
2016-03-14T19:09:41Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:41Z DEBUG response body ''
2016-03-14T19:09:41Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:41Z DEBUG request body ''
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 204 No Content
2016-03-14T19:09:41Z DEBUG response headers {'set-cookie': 'JSESSIONID=8A9990212EF7D10927D83DC35731371F; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:40 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:41Z DEBUG response body ''
2016-03-14T19:09:41Z INFO Migrating profile 'caCACert' to LDAP
2016-03-14T19:09:41Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:41Z DEBUG request body ''
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 200 OK
2016-03-14T19:09:41Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=290D2B2E721B4DC8ACE4960696CABCA6; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:41Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:41Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:41Z DEBUG request body 'desc=This certificate profile is for enrolling Certificate Authority certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Certificate Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=Subject Name Constraint\npolicyset.caCertSet.1.constraint.params.pattern=CN=.*\npolicyset.caCertSet.1.constraint.params.accept=true\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=Subject Name Default\npolicyset.caCertSet.1.default.params.name=\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=7305\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=caValidityDefaultImpl\npolicyset.caCertSet.2.default.name=CA Certificate Validity Default\npolicyset.caCertSet.2.default.params.range=7305\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caCACert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 400 Bad Request
2016-03-14T19:09:41Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:41Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:41Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caCACert?action=disable
2016-03-14T19:09:41Z DEBUG request body ''
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 204 No Content
2016-03-14T19:09:41Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:41Z DEBUG response body ''
2016-03-14T19:09:41Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caCACert/raw
2016-03-14T19:09:41Z DEBUG request body 'desc=This certificate profile is for enrolling Certificate Authority certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Certificate Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=Subject Name Constraint\npolicyset.caCertSet.1.constraint.params.pattern=CN=.*\npolicyset.caCertSet.1.constraint.params.accept=true\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=Subject Name Default\npolicyset.caCertSet.1.default.params.name=\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=7305\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=caValidityDefaultImpl\npolicyset.caCertSet.2.default.name=CA Certificate Validity Default\npolicyset.caCertSet.2.default.params.range=7305\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caCACert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 200 OK
2016-03-14T19:09:41Z DEBUG response headers {'content-length': '5742', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:41Z DEBUG response body '#Mon Mar 14 14:09:41 CDT 2016\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\ninput.i2.class_id=submitterInfoInputImpl\noutput.o1.class_id=certOutputImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\noutput.list=o1\npolicyset.caCertSet.1.constraint.params.accept=true\ninput.list=i1,i2\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.2.default.name=CA Certificate Validity Default\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\nvisible=true\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\ndesc=This certificate profile is for enrolling Certificate Authority certificates.\npolicyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.2.default.class_id=caValidityDefaultImpl\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\nauth.class_id=\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.1.default.name=Subject Name Default\nenable=true\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.2.constraint.params.range=7305\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.1.constraint.params.pattern=CN=.*\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.8.default.params.critical=false\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.1.default.params.name=\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.9.constraint.name=No Constraint\nname=Manual Certificate Manager Signing Certificate Enrollment\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.2.default.params.range=7305\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.list=caCertSet\npolicyset.caCertSet.1.constraint.name=Subject Name Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.9.default.name=Signing Alg\n'
2016-03-14T19:09:41Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caCACert?action=enable
2016-03-14T19:09:41Z DEBUG request body ''
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 204 No Content
2016-03-14T19:09:41Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:41Z DEBUG response body ''
2016-03-14T19:09:41Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:41Z DEBUG request body ''
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 204 No Content
2016-03-14T19:09:41Z DEBUG response headers {'set-cookie': 'JSESSIONID=2B9B7EA65306843C2657A5656E8B19CA; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:41Z DEBUG response body ''
2016-03-14T19:09:41Z INFO Migrating profile 'caCrossSignedCACert' to LDAP
2016-03-14T19:09:41Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:41Z DEBUG request body ''
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 200 OK
2016-03-14T19:09:41Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=996C296CC1C23C85EF2ECE6EFA614F43; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:41Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:41Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:41Z DEBUG request body 'desc=This certificate profile is for enrolling Cross Signed Certificate Authority certificates.\nvisible=false\nenable=false\nenableBy=admin\nauth.class_id=\nname=Manual Cross Signed Certificate Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=userSubjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=User Subject Name Constraint\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=User Supplied Subject Name Default\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=7305\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=caValidityDefaultImpl\npolicyset.caCertSet.2.default.name=CA Certificate Validity Default\npolicyset.caCertSet.2.default.params.range=7305\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caCrossSignedCACert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 400 Bad Request
2016-03-14T19:09:41Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:41Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:41Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caCrossSignedCACert?action=disable
2016-03-14T19:09:41Z DEBUG request body ''
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 204 No Content
2016-03-14T19:09:41Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:41Z DEBUG response body ''
2016-03-14T19:09:41Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caCrossSignedCACert/raw
2016-03-14T19:09:41Z DEBUG request body 'desc=This certificate profile is for enrolling Cross Signed Certificate Authority certificates.\nvisible=false\nenable=false\nenableBy=admin\nauth.class_id=\nname=Manual Cross Signed Certificate Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=userSubjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=User Subject Name Constraint\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=User Supplied Subject Name Default\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=7305\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=caValidityDefaultImpl\npolicyset.caCertSet.2.default.name=CA Certificate Validity Default\npolicyset.caCertSet.2.default.params.range=7305\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caCrossSignedCACert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 200 OK
2016-03-14T19:09:41Z DEBUG response headers {'content-length': '5644', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:41Z DEBUG response body '#Mon Mar 14 14:09:41 CDT 2016\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\ninput.i2.class_id=submitterInfoInputImpl\noutput.o1.class_id=certOutputImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\noutput.list=o1\ninput.list=i1,i2\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.2.default.name=CA Certificate Validity Default\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\nvisible=false\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\ndesc=This certificate profile is for enrolling Cross Signed Certificate Authority certificates.\npolicyset.caCertSet.1.constraint.class_id=userSubjectNameConstraintImpl\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.2.default.class_id=caValidityDefaultImpl\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\nauth.class_id=\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.1.default.name=User Supplied Subject Name Default\nenable=false\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.2.constraint.params.range=7305\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.8.default.params.critical=false\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.9.constraint.name=No Constraint\nname=Manual Cross Signed Certificate Manager Signing Certificate Enrollment\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.2.default.params.range=7305\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.list=caCertSet\npolicyset.caCertSet.1.constraint.name=User Subject Name Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.9.default.name=Signing Alg\n'
2016-03-14T19:09:41Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caCrossSignedCACert?action=enable
2016-03-14T19:09:41Z DEBUG request body ''
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 204 No Content
2016-03-14T19:09:41Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:41Z DEBUG response body ''
2016-03-14T19:09:41Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:41Z DEBUG request body ''
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 204 No Content
2016-03-14T19:09:41Z DEBUG response headers {'set-cookie': 'JSESSIONID=A2F0EAC4118A770C19E4917D98FB6D52; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:41Z DEBUG response body ''
2016-03-14T19:09:41Z INFO Migrating profile 'caInstallCACert' to LDAP
2016-03-14T19:09:41Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:41Z DEBUG request body ''
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 200 OK
2016-03-14T19:09:41Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=E6E27D3433097C2CDB448CAE73035A4A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:41Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:41Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:41Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain Certificate Authority certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Manual Security Domain Certificate Authority Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=Subject Name Constraint\npolicyset.caCertSet.1.constraint.params.pattern=CN=.*\npolicyset.caCertSet.1.constraint.params.accept=true\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=Subject Name Default\npolicyset.caCertSet.1.default.params.name=\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=720\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=validityDefaultImpl\npolicyset.caCertSet.2.default.name=Validity Default\npolicyset.caCertSet.2.default.params.range=720\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caInstallCACert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 400 Bad Request
2016-03-14T19:09:41Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:41Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:41Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInstallCACert?action=disable
2016-03-14T19:09:41Z DEBUG request body ''
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 204 No Content
2016-03-14T19:09:41Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:41Z DEBUG response body ''
2016-03-14T19:09:41Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInstallCACert/raw
2016-03-14T19:09:41Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain Certificate Authority certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Manual Security Domain Certificate Authority Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=Subject Name Constraint\npolicyset.caCertSet.1.constraint.params.pattern=CN=.*\npolicyset.caCertSet.1.constraint.params.accept=true\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=Subject Name Default\npolicyset.caCertSet.1.default.params.name=\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=720\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=validityDefaultImpl\npolicyset.caCertSet.2.default.name=Validity Default\npolicyset.caCertSet.2.default.params.range=720\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caInstallCACert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 200 OK
2016-03-14T19:09:41Z DEBUG response headers {'content-length': '5981', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:41Z DEBUG response body '#Mon Mar 14 14:09:41 CDT 2016\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=TokenAuth\noutput.o1.class_id=certOutputImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\noutput.list=o1\npolicyset.caCertSet.1.constraint.params.accept=true\ninput.list=i1,i2\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.2.default.name=Validity Default\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\nvisible=true\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\ndesc=This certificate profile is for enrolling Security Domain Certificate Authority certificates.\npolicyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.2.default.class_id=validityDefaultImpl\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.1.default.name=Subject Name Default\nenable=true\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.2.constraint.params.range=720\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.1.constraint.params.pattern=CN=.*\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.8.default.params.critical=false\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.1.default.params.name=\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.9.constraint.name=No Constraint\nname=Manual Security Domain Certificate Authority Signing Certificate Enrollment\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.2.default.params.range=720\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.list=caCertSet\npolicyset.caCertSet.1.constraint.name=Subject Name Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.9.default.name=Signing Alg\n'
2016-03-14T19:09:41Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInstallCACert?action=enable
2016-03-14T19:09:41Z DEBUG request body ''
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 204 No Content
2016-03-14T19:09:41Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:41Z DEBUG response body ''
2016-03-14T19:09:41Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:41Z DEBUG request body ''
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 204 No Content
2016-03-14T19:09:41Z DEBUG response headers {'set-cookie': 'JSESSIONID=016EF8AABF3F0DFC923DC6BD1C02FD73; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:41Z DEBUG response body ''
2016-03-14T19:09:41Z INFO Migrating profile 'caRACert' to LDAP
2016-03-14T19:09:41Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:41Z DEBUG request body ''
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 200 OK
2016-03-14T19:09:41Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=C574DE56803C5C90241533F7D49CD0D8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:41Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:41Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:41Z DEBUG request body 'desc=This certificate profile is for enrolling Registration Manager certificates.\nvisible=false\nenable=false\nenableBy=admin\nauth.class_id=\nname=Manual Registration Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=raCertSet\npolicyset.raCertSet.list=1,2,3,4,5,6,7,8\npolicyset.raCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.raCertSet.1.constraint.name=Subject Name Constraint\npolicyset.raCertSet.1.constraint.params.pattern=CN=.*\npolicyset.raCertSet.1.constraint.params.accept=true\npolicyset.raCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.raCertSet.1.default.name=Subject Name Default\npolicyset.raCertSet.1.default.params.name=\npolicyset.raCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.raCertSet.2.constraint.name=Validity Constraint\npolicyset.raCertSet.2.constraint.params.range=720\npolicyset.raCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.raCertSet.2.constraint.params.notAfterCheck=false\npolicyset.raCertSet.2.default.class_id=validityDefaultImpl\npolicyset.raCertSet.2.default.name=Validity Default\npolicyset.raCertSet.2.default.params.range=720\npolicyset.raCertSet.2.default.params.startTime=0\npolicyset.raCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.raCertSet.3.constraint.name=Key Constraint\npolicyset.raCertSet.3.constraint.params.keyType=RSA\npolicyset.raCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.raCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.raCertSet.3.default.name=Key Default\npolicyset.raCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.4.constraint.name=No Constraint\npolicyset.raCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.raCertSet.4.default.name=Authority Key Identifier Default\npolicyset.raCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.5.constraint.name=No Constraint\npolicyset.raCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.raCertSet.5.default.name=AIA Extension Default\npolicyset.raCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.raCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.raCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.raCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.raCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.raCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.raCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.raCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.raCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.raCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.raCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.raCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.raCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.raCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.raCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.raCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.raCertSet.6.default.name=Key Usage Default\npolicyset.raCertSet.6.default.params.keyUsageCritical=true\npolicyset.raCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.raCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.raCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.raCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.raCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.raCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.raCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.raCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.raCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.raCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.7.constraint.name=No Constraint\npolicyset.raCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.raCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.raCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.raCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.raCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.raCertSet.8.constraint.name=No Constraint\npolicyset.raCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.raCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.raCertSet.8.default.name=Signing Alg\npolicyset.raCertSet.8.default.params.signingAlg=-\nprofileId=caRACert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 400 Bad Request
2016-03-14T19:09:41Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:41Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:41Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caRACert?action=disable
2016-03-14T19:09:41Z DEBUG request body ''
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:41Z DEBUG response status 204 No Content
2016-03-14T19:09:41Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:41Z DEBUG response body ''
2016-03-14T19:09:41Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caRACert/raw
2016-03-14T19:09:41Z DEBUG request body 'desc=This certificate profile is for enrolling Registration Manager certificates.\nvisible=false\nenable=false\nenableBy=admin\nauth.class_id=\nname=Manual Registration Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=raCertSet\npolicyset.raCertSet.list=1,2,3,4,5,6,7,8\npolicyset.raCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.raCertSet.1.constraint.name=Subject Name Constraint\npolicyset.raCertSet.1.constraint.params.pattern=CN=.*\npolicyset.raCertSet.1.constraint.params.accept=true\npolicyset.raCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.raCertSet.1.default.name=Subject Name Default\npolicyset.raCertSet.1.default.params.name=\npolicyset.raCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.raCertSet.2.constraint.name=Validity Constraint\npolicyset.raCertSet.2.constraint.params.range=720\npolicyset.raCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.raCertSet.2.constraint.params.notAfterCheck=false\npolicyset.raCertSet.2.default.class_id=validityDefaultImpl\npolicyset.raCertSet.2.default.name=Validity Default\npolicyset.raCertSet.2.default.params.range=720\npolicyset.raCertSet.2.default.params.startTime=0\npolicyset.raCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.raCertSet.3.constraint.name=Key Constraint\npolicyset.raCertSet.3.constraint.params.keyType=RSA\npolicyset.raCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.raCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.raCertSet.3.default.name=Key Default\npolicyset.raCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.4.constraint.name=No Constraint\npolicyset.raCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.raCertSet.4.default.name=Authority Key Identifier Default\npolicyset.raCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.5.constraint.name=No Constraint\npolicyset.raCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.raCertSet.5.default.name=AIA Extension Default\npolicyset.raCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.raCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.raCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.raCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.raCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.raCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.raCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.raCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.raCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.raCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.raCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.raCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.raCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.raCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.raCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.raCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.raCertSet.6.default.name=Key Usage Default\npolicyset.raCertSet.6.default.params.keyUsageCritical=true\npolicyset.raCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.raCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.raCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.raCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.raCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.raCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.raCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.raCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.raCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.raCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.7.constraint.name=No Constraint\npolicyset.raCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.raCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.raCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.raCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.raCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.raCertSet.8.constraint.name=No Constraint\npolicyset.raCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.raCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.raCertSet.8.default.name=Signing Alg\npolicyset.raCertSet.8.default.params.signingAlg=-\nprofileId=caRACert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:41Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:41Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:41Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:41Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:41Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:41Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:41Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 200 OK
2016-03-14T19:09:42Z DEBUG response headers {'content-length': '5000', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:42Z DEBUG response body '#Mon Mar 14 14:09:41 CDT 2016\npolicyset.raCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.raCertSet.5.constraint.name=No Constraint\ninput.i2.class_id=submitterInfoInputImpl\npolicyset.raCertSet.1.default.params.name=\noutput.o1.class_id=certOutputImpl\npolicyset.raCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.raCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.raCertSet.2.constraint.params.range=720\npolicyset.raCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.raCertSet.list=1,2,3,4,5,6,7,8\npolicyset.raCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.raCertSet.5.default.name=AIA Extension Default\noutput.list=o1\npolicyset.raCertSet.1.constraint.params.accept=true\ninput.list=i1,i2\npolicyset.raCertSet.3.constraint.class_id=keyConstraintImpl\nvisible=false\npolicyset.raCertSet.4.constraint.name=No Constraint\npolicyset.raCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.raCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\ndesc=This certificate profile is for enrolling Registration Manager certificates.\npolicyset.raCertSet.3.constraint.params.keyType=RSA\npolicyset.raCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.raCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.raCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.raCertSet.3.constraint.name=Key Constraint\npolicyset.raCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.raCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.raCertSet.4.default.name=Authority Key Identifier Default\nauth.class_id=\npolicyset.raCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.raCertSet.2.default.class_id=validityDefaultImpl\npolicyset.raCertSet.2.constraint.params.notAfterCheck=false\nenable=false\npolicyset.raCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.raCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.raCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.raCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.raCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.raCertSet.2.constraint.name=Validity Constraint\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.raCertSet.8.constraint.name=No Constraint\npolicyset.raCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.raCertSet.2.default.params.range=720\npolicyset.raCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.raCertSet.3.default.name=Key Default\npolicyset.raCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.raCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.raCertSet.1.constraint.name=Subject Name Constraint\npolicyset.raCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\nname=Manual Registration Manager Signing Certificate Enrollment\npolicyset.raCertSet.1.constraint.params.pattern=CN=.*\npolicyset.raCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.2.default.name=Validity Default\npolicyset.raCertSet.8.default.name=Signing Alg\npolicyset.raCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.raCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.raCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.raCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.raCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.raCertSet.7.constraint.name=No Constraint\npolicyset.raCertSet.6.default.params.keyUsageCritical=true\npolicyset.raCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.raCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.raCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.raCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.raCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.list=raCertSet\npolicyset.raCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.raCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.raCertSet.1.default.name=Subject Name Default\npolicyset.raCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.raCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.raCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.raCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.raCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.raCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.raCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.6.default.name=Key Usage Default\npolicyset.raCertSet.8.default.params.signingAlg=-\npolicyset.raCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.raCertSet.2.default.params.startTime=0\npolicyset.raCertSet.6.default.class_id=keyUsageExtDefaultImpl\n'
2016-03-14T19:09:42Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caRACert?action=enable
2016-03-14T19:09:42Z DEBUG request body ''
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 204 No Content
2016-03-14T19:09:42Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:42Z DEBUG response body ''
2016-03-14T19:09:42Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:42Z DEBUG request body ''
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 204 No Content
2016-03-14T19:09:42Z DEBUG response headers {'set-cookie': 'JSESSIONID=2CB67761B1D2AD5AC2D5CFB56A4B8B14; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:42Z DEBUG response body ''
2016-03-14T19:09:42Z INFO Migrating profile 'caOCSPCert' to LDAP
2016-03-14T19:09:42Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:42Z DEBUG request body ''
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 200 OK
2016-03-14T19:09:42Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=3BF4BE9620078732E5DCF023094ADB71; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:42Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:42Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:42Z DEBUG request body 'desc=This certificate profile is for enrolling OCSP Manager certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual OCSP Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=ocspCertSet\npolicyset.ocspCertSet.list=1,2,3,4,5,6,8,9\npolicyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.ocspCertSet.1.constraint.name=Subject Name Constraint\npolicyset.ocspCertSet.1.constraint.params.pattern=CN=.*\npolicyset.ocspCertSet.1.constraint.params.accept=true\npolicyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.ocspCertSet.1.default.name=Subject Name Default\npolicyset.ocspCertSet.1.default.params.name=\npolicyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.ocspCertSet.2.constraint.name=Validity Constraint\npolicyset.ocspCertSet.2.constraint.params.range=720\npolicyset.ocspCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.ocspCertSet.2.constraint.params.notAfterCheck=false\npolicyset.ocspCertSet.2.default.class_id=validityDefaultImpl\npolicyset.ocspCertSet.2.default.name=Validity Default\npolicyset.ocspCertSet.2.default.params.range=720\npolicyset.ocspCertSet.2.default.params.startTime=0\npolicyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.ocspCertSet.3.constraint.name=Key Constraint\npolicyset.ocspCertSet.3.constraint.params.keyType=-\npolicyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.ocspCertSet.3.default.name=Key Default\npolicyset.ocspCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.4.constraint.name=No Constraint\npolicyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.ocspCertSet.4.default.name=Authority Key Identifier Default\npolicyset.ocspCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.5.constraint.name=No Constraint\npolicyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.ocspCertSet.5.default.name=AIA Extension Default\npolicyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.ocspCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl\npolicyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.ocspCertSet.6.default.name=Extended Key Usage Default\npolicyset.ocspCertSet.6.default.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl\npolicyset.ocspCertSet.8.constraint.name=No Constraint\npolicyset.ocspCertSet.8.constraint.params.extCritical=false\npolicyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5\npolicyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl\npolicyset.ocspCertSet.8.default.name=OCSP No Check Extension\npolicyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false\npolicyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.ocspCertSet.9.constraint.name=No Constraint\npolicyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.ocspCertSet.9.default.name=Signing Alg\npolicyset.ocspCertSet.9.default.params.signingAlg=-\nprofileId=caOCSPCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 400 Bad Request
2016-03-14T19:09:42Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:41 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:42Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:42Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caOCSPCert?action=disable
2016-03-14T19:09:42Z DEBUG request body ''
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 204 No Content
2016-03-14T19:09:42Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:42Z DEBUG response body ''
2016-03-14T19:09:42Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caOCSPCert/raw
2016-03-14T19:09:42Z DEBUG request body 'desc=This certificate profile is for enrolling OCSP Manager certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual OCSP Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=ocspCertSet\npolicyset.ocspCertSet.list=1,2,3,4,5,6,8,9\npolicyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.ocspCertSet.1.constraint.name=Subject Name Constraint\npolicyset.ocspCertSet.1.constraint.params.pattern=CN=.*\npolicyset.ocspCertSet.1.constraint.params.accept=true\npolicyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.ocspCertSet.1.default.name=Subject Name Default\npolicyset.ocspCertSet.1.default.params.name=\npolicyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.ocspCertSet.2.constraint.name=Validity Constraint\npolicyset.ocspCertSet.2.constraint.params.range=720\npolicyset.ocspCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.ocspCertSet.2.constraint.params.notAfterCheck=false\npolicyset.ocspCertSet.2.default.class_id=validityDefaultImpl\npolicyset.ocspCertSet.2.default.name=Validity Default\npolicyset.ocspCertSet.2.default.params.range=720\npolicyset.ocspCertSet.2.default.params.startTime=0\npolicyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.ocspCertSet.3.constraint.name=Key Constraint\npolicyset.ocspCertSet.3.constraint.params.keyType=-\npolicyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.ocspCertSet.3.default.name=Key Default\npolicyset.ocspCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.4.constraint.name=No Constraint\npolicyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.ocspCertSet.4.default.name=Authority Key Identifier Default\npolicyset.ocspCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.5.constraint.name=No Constraint\npolicyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.ocspCertSet.5.default.name=AIA Extension Default\npolicyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.ocspCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl\npolicyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.ocspCertSet.6.default.name=Extended Key Usage Default\npolicyset.ocspCertSet.6.default.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl\npolicyset.ocspCertSet.8.constraint.name=No Constraint\npolicyset.ocspCertSet.8.constraint.params.extCritical=false\npolicyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5\npolicyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl\npolicyset.ocspCertSet.8.default.name=OCSP No Check Extension\npolicyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false\npolicyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.ocspCertSet.9.constraint.name=No Constraint\npolicyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.ocspCertSet.9.default.name=Signing Alg\npolicyset.ocspCertSet.9.default.params.signingAlg=-\nprofileId=caOCSPCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 200 OK
2016-03-14T19:09:42Z DEBUG response headers {'content-length': '4154', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:42Z DEBUG response body '#Mon Mar 14 14:09:42 CDT 2016\npolicyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.ocspCertSet.2.constraint.name=Validity Constraint\npolicyset.ocspCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.ocspCertSet.3.default.name=Key Default\npolicyset.ocspCertSet.1.constraint.params.accept=true\npolicyset.ocspCertSet.9.default.params.signingAlg=-\npolicyset.ocspCertSet.2.default.class_id=validityDefaultImpl\npolicyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl\nenable=true\npolicyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5\npolicyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension\npolicyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl\nenableBy=admin\npolicyset.ocspCertSet.1.constraint.name=Subject Name Constraint\npolicyset.ocspCertSet.6.default.name=Extended Key Usage Default\npolicyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false\npolicyset.ocspCertSet.4.constraint.class_id=noConstraintImpl\nname=Manual OCSP Manager Signing Certificate Enrollment\npolicyset.ocspCertSet.1.default.params.name=\npolicyset.ocspCertSet.2.default.name=Validity Default\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false\nauth.class_id=\npolicyset.ocspCertSet.8.constraint.params.extCritical=false\npolicyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl\npolicyset.ocspCertSet.5.constraint.name=No Constraint\ninput.list=i1,i2\npolicyset.ocspCertSet.9.default.name=Signing Alg\npolicyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\nvisible=true\npolicyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl\npolicyset.ocspCertSet.2.constraint.params.notAfterCheck=false\npolicyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.5.default.name=AIA Extension Default\ninput.i1.class_id=certReqInputImpl\npolicyset.ocspCertSet.9.constraint.name=No Constraint\npolicyset.ocspCertSet.1.constraint.params.pattern=CN=.*\npolicyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.ocspCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.list=ocspCertSet\npolicyset.ocspCertSet.1.default.name=Subject Name Default\npolicyset.ocspCertSet.4.constraint.name=No Constraint\npolicyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.ocspCertSet.list=1,2,3,4,5,6,8,9\npolicyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.ocspCertSet.8.default.name=OCSP No Check Extension\ninput.i2.class_id=submitterInfoInputImpl\npolicyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl\ndesc=This certificate profile is for enrolling OCSP Manager certificates.\npolicyset.ocspCertSet.8.constraint.name=No Constraint\npolicyset.ocspCertSet.6.default.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.4.default.name=Authority Key Identifier Default\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.ocspCertSet.3.constraint.name=Key Constraint\npolicyset.ocspCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.ocspCertSet.2.default.params.range=720\npolicyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.ocspCertSet.2.default.params.startTime=0\npolicyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.ocspCertSet.2.constraint.params.range=720\npolicyset.ocspCertSet.3.constraint.params.keyType=-\noutput.list=o1\npolicyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\noutput.o1.class_id=certOutputImpl\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\n'
2016-03-14T19:09:42Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caOCSPCert?action=enable
2016-03-14T19:09:42Z DEBUG request body ''
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 204 No Content
2016-03-14T19:09:42Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:42Z DEBUG response body ''
2016-03-14T19:09:42Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:42Z DEBUG request body ''
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 204 No Content
2016-03-14T19:09:42Z DEBUG response headers {'set-cookie': 'JSESSIONID=63A2F9A0ADC6709787059696975EA6FE; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:42Z DEBUG response body ''
2016-03-14T19:09:42Z INFO Migrating profile 'caStorageCert' to LDAP
2016-03-14T19:09:42Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:42Z DEBUG request body ''
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 200 OK
2016-03-14T19:09:42Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=3083AD2982A0D495D8EABF1A2E9527DC; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:42Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:42Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:42Z DEBUG request body 'desc=This certificate profile is for enrolling Data Recovery Manager storage certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class.id=\nname=Manual Data Recovery Manager Storage Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=drmStorageCertSet\npolicyset.drmStorageCertSet.list=1,2,3,4,5,6,7,9\npolicyset.drmStorageCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.drmStorageCertSet.1.constraint.name=Subject Name Constraint\npolicyset.drmStorageCertSet.1.constraint.params.pattern=CN=.*\npolicyset.drmStorageCertSet.1.constraint.params.accept=true\npolicyset.drmStorageCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.drmStorageCertSet.1.default.name=Subject Name Default\npolicyset.drmStorageCertSet.1.default.params.name=\npolicyset.drmStorageCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.drmStorageCertSet.2.constraint.name=Validity Constraint\npolicyset.drmStorageCertSet.2.constraint.params.range=720\npolicyset.drmStorageCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.drmStorageCertSet.2.constraint.params.notAfterCheck=false\npolicyset.drmStorageCertSet.2.default.class_id=validityDefaultImpl\npolicyset.drmStorageCertSet.2.default.name=Validity Default\npolicyset.drmStorageCertSet.2.default.params.range=720\npolicyset.drmStorageCertSet.2.default.params.startTime=0\npolicyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.drmStorageCertSet.3.constraint.name=Key Constraint\npolicyset.drmStorageCertSet.3.constraint.params.keyType=RSA\npolicyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.drmStorageCertSet.3.default.name=Key Default\npolicyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.4.constraint.name=No Constraint\npolicyset.drmStorageCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.drmStorageCertSet.4.default.name=Authority Key Identifier Default\npolicyset.drmStorageCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.5.constraint.name=No Constraint\npolicyset.drmStorageCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.drmStorageCertSet.5.default.name=AIA Extension Default\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.drmStorageCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.drmStorageCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.6.default.name=Key Usage Default\npolicyset.drmStorageCertSet.6.default.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.7.constraint.name=No Constraint\npolicyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.drmStorageCertSet.9.constraint.name=No Constraint\npolicyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.drmStorageCertSet.9.default.name=Signing Alg\npolicyset.drmStorageCertSet.9.default.params.signingAlg=-\nprofileId=caStorageCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 400 Bad Request
2016-03-14T19:09:42Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:42Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:42Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caStorageCert?action=disable
2016-03-14T19:09:42Z DEBUG request body ''
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 204 No Content
2016-03-14T19:09:42Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:42Z DEBUG response body ''
2016-03-14T19:09:42Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caStorageCert/raw
2016-03-14T19:09:42Z DEBUG request body 'desc=This certificate profile is for enrolling Data Recovery Manager storage certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class.id=\nname=Manual Data Recovery Manager Storage Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=drmStorageCertSet\npolicyset.drmStorageCertSet.list=1,2,3,4,5,6,7,9\npolicyset.drmStorageCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.drmStorageCertSet.1.constraint.name=Subject Name Constraint\npolicyset.drmStorageCertSet.1.constraint.params.pattern=CN=.*\npolicyset.drmStorageCertSet.1.constraint.params.accept=true\npolicyset.drmStorageCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.drmStorageCertSet.1.default.name=Subject Name Default\npolicyset.drmStorageCertSet.1.default.params.name=\npolicyset.drmStorageCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.drmStorageCertSet.2.constraint.name=Validity Constraint\npolicyset.drmStorageCertSet.2.constraint.params.range=720\npolicyset.drmStorageCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.drmStorageCertSet.2.constraint.params.notAfterCheck=false\npolicyset.drmStorageCertSet.2.default.class_id=validityDefaultImpl\npolicyset.drmStorageCertSet.2.default.name=Validity Default\npolicyset.drmStorageCertSet.2.default.params.range=720\npolicyset.drmStorageCertSet.2.default.params.startTime=0\npolicyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.drmStorageCertSet.3.constraint.name=Key Constraint\npolicyset.drmStorageCertSet.3.constraint.params.keyType=RSA\npolicyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.drmStorageCertSet.3.default.name=Key Default\npolicyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.4.constraint.name=No Constraint\npolicyset.drmStorageCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.drmStorageCertSet.4.default.name=Authority Key Identifier Default\npolicyset.drmStorageCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.5.constraint.name=No Constraint\npolicyset.drmStorageCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.drmStorageCertSet.5.default.name=AIA Extension Default\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.drmStorageCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.drmStorageCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.6.default.name=Key Usage Default\npolicyset.drmStorageCertSet.6.default.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.7.constraint.name=No Constraint\npolicyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.drmStorageCertSet.9.constraint.name=No Constraint\npolicyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.drmStorageCertSet.9.default.name=Signing Alg\npolicyset.drmStorageCertSet.9.default.params.signingAlg=-\nprofileId=caStorageCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 200 OK
2016-03-14T19:09:42Z DEBUG response headers {'content-length': '5596', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:42Z DEBUG response body '#Mon Mar 14 14:09:42 CDT 2016\npolicyset.drmStorageCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\ninput.i2.class_id=submitterInfoInputImpl\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCrlSign=false\noutput.o1.class_id=certOutputImpl\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.drmStorageCertSet.5.constraint.name=No Constraint\npolicyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.drmStorageCertSet.2.default.params.range=720\npolicyset.drmStorageCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.1.constraint.params.accept=true\noutput.list=o1\npolicyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.drmStorageCertSet.2.constraint.class_id=validityConstraintImpl\ninput.list=i1,i2\npolicyset.drmStorageCertSet.4.default.name=Authority Key Identifier Default\npolicyset.drmStorageCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.5.constraint.class_id=noConstraintImpl\nvisible=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyEncipherment=true\ndesc=This certificate profile is for enrolling Data Recovery Manager storage certificates.\npolicyset.drmStorageCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.drmStorageCertSet.9.default.name=Signing Alg\npolicyset.drmStorageCertSet.4.constraint.name=No Constraint\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.2.default.class_id=validityDefaultImpl\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.3.constraint.name=Key Constraint\npolicyset.drmStorageCertSet.3.default.name=Key Default\npolicyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false\nenable=true\npolicyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.drmStorageCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.drmStorageCertSet.2.constraint.params.notAfterCheck=false\npolicyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.drmStorageCertSet.9.constraint.name=No Constraint\npolicyset.drmStorageCertSet.list=1,2,3,4,5,6,7,9\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.3.constraint.params.keyType=RSA\npolicyset.drmStorageCertSet.2.constraint.name=Validity Constraint\npolicyset.drmStorageCertSet.2.default.name=Validity Default\npolicyset.drmStorageCertSet.1.default.params.name=\nname=Manual Data Recovery Manager Storage Certificate Enrollment\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.2.constraint.params.range=720\npolicyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.1.default.name=Subject Name Default\npolicyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.drmStorageCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.drmStorageCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.drmStorageCertSet.1.constraint.name=Subject Name Constraint\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.drmStorageCertSet.9.default.params.signingAlg=-\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.list=drmStorageCertSet\npolicyset.drmStorageCertSet.6.default.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.drmStorageCertSet.7.constraint.name=No Constraint\npolicyset.drmStorageCertSet.1.constraint.params.pattern=CN=.*\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl\nauth.class.id=\npolicyset.drmStorageCertSet.6.default.name=Key Usage Default\npolicyset.drmStorageCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.drmStorageCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.2.default.params.startTime=0\npolicyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.5.default.name=AIA Extension Default\n'
2016-03-14T19:09:42Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caStorageCert?action=enable
2016-03-14T19:09:42Z DEBUG request body ''
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 204 No Content
2016-03-14T19:09:42Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:42Z DEBUG response body ''
2016-03-14T19:09:42Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:42Z DEBUG request body ''
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 204 No Content
2016-03-14T19:09:42Z DEBUG response headers {'set-cookie': 'JSESSIONID=60775D32E546613CFAD4FC84509F8BEA; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:42Z DEBUG response body ''
2016-03-14T19:09:42Z INFO Migrating profile 'caTransportCert' to LDAP
2016-03-14T19:09:42Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:42Z DEBUG request body ''
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 200 OK
2016-03-14T19:09:42Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=DF8E447851438C1FFF34D2DA587A8DE3; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:42Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:42Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:42Z DEBUG request body 'desc=This certificate profile is for enrolling Data Recovery Manager transport certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Data Recovery Manager Transport Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=transportCertSet\npolicyset.transportCertSet.list=1,2,3,4,5,6,7,8\npolicyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.transportCertSet.1.constraint.name=Subject Name Constraint\npolicyset.transportCertSet.1.constraint.params.pattern=CN=.*\npolicyset.transportCertSet.1.constraint.params.accept=true\npolicyset.transportCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.transportCertSet.1.default.name=Subject Name Default\npolicyset.transportCertSet.1.default.params.name=\npolicyset.transportCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.transportCertSet.2.constraint.name=Validity Constraint\npolicyset.transportCertSet.2.constraint.params.range=720\npolicyset.transportCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.transportCertSet.2.constraint.params.notAfterCheck=false\npolicyset.transportCertSet.2.default.class_id=validityDefaultImpl\npolicyset.transportCertSet.2.default.name=Validity Default\npolicyset.transportCertSet.2.default.params.range=720\npolicyset.transportCertSet.2.default.params.startTime=0\npolicyset.transportCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.transportCertSet.3.constraint.name=Key Constraint\npolicyset.transportCertSet.3.constraint.params.keyType=RSA\npolicyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.transportCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.transportCertSet.3.default.name=Key Default\npolicyset.transportCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.4.constraint.name=No Constraint\npolicyset.transportCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.transportCertSet.4.default.name=Authority Key Identifier Default\npolicyset.transportCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.5.constraint.name=No Constraint\npolicyset.transportCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.transportCertSet.5.default.name=AIA Extension Default\npolicyset.transportCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.transportCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.transportCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.transportCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.transportCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.transportCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.transportCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.transportCertSet.6.default.name=Key Usage Default\npolicyset.transportCertSet.6.default.params.keyUsageCritical=true\npolicyset.transportCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.7.constraint.name=No Constraint\npolicyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.transportCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.transportCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.transportCertSet.8.constraint.name=No Constraint\npolicyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.transportCertSet.8.default.name=Signing Alg\npolicyset.transportCertSet.8.default.params.signingAlg=-\nprofileId=caTransportCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 400 Bad Request
2016-03-14T19:09:42Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:42Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:42Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTransportCert?action=disable
2016-03-14T19:09:42Z DEBUG request body ''
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 204 No Content
2016-03-14T19:09:42Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:42Z DEBUG response body ''
2016-03-14T19:09:42Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTransportCert/raw
2016-03-14T19:09:42Z DEBUG request body 'desc=This certificate profile is for enrolling Data Recovery Manager transport certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Data Recovery Manager Transport Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=transportCertSet\npolicyset.transportCertSet.list=1,2,3,4,5,6,7,8\npolicyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.transportCertSet.1.constraint.name=Subject Name Constraint\npolicyset.transportCertSet.1.constraint.params.pattern=CN=.*\npolicyset.transportCertSet.1.constraint.params.accept=true\npolicyset.transportCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.transportCertSet.1.default.name=Subject Name Default\npolicyset.transportCertSet.1.default.params.name=\npolicyset.transportCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.transportCertSet.2.constraint.name=Validity Constraint\npolicyset.transportCertSet.2.constraint.params.range=720\npolicyset.transportCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.transportCertSet.2.constraint.params.notAfterCheck=false\npolicyset.transportCertSet.2.default.class_id=validityDefaultImpl\npolicyset.transportCertSet.2.default.name=Validity Default\npolicyset.transportCertSet.2.default.params.range=720\npolicyset.transportCertSet.2.default.params.startTime=0\npolicyset.transportCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.transportCertSet.3.constraint.name=Key Constraint\npolicyset.transportCertSet.3.constraint.params.keyType=RSA\npolicyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.transportCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.transportCertSet.3.default.name=Key Default\npolicyset.transportCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.4.constraint.name=No Constraint\npolicyset.transportCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.transportCertSet.4.default.name=Authority Key Identifier Default\npolicyset.transportCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.5.constraint.name=No Constraint\npolicyset.transportCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.transportCertSet.5.default.name=AIA Extension Default\npolicyset.transportCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.transportCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.transportCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.transportCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.transportCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.transportCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.transportCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.transportCertSet.6.default.name=Key Usage Default\npolicyset.transportCertSet.6.default.params.keyUsageCritical=true\npolicyset.transportCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.7.constraint.name=No Constraint\npolicyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.transportCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.transportCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.transportCertSet.8.constraint.name=No Constraint\npolicyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.transportCertSet.8.default.name=Signing Alg\npolicyset.transportCertSet.8.default.params.signingAlg=-\nprofileId=caTransportCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 200 OK
2016-03-14T19:09:42Z DEBUG response headers {'content-length': '5526', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:42Z DEBUG response body '#Mon Mar 14 14:09:42 CDT 2016\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.2.default.params.startTime=0\npolicyset.transportCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.transportCertSet.6.default.params.keyUsageKeyEncipherment=true\ninput.i2.class_id=submitterInfoInputImpl\noutput.o1.class_id=certOutputImpl\npolicyset.transportCertSet.1.default.name=Subject Name Default\npolicyset.transportCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.transportCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.default.name=Key Usage Default\noutput.list=o1\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\ninput.list=i1,i2\npolicyset.transportCertSet.4.constraint.name=No Constraint\npolicyset.transportCertSet.1.default.params.name=\npolicyset.transportCertSet.8.default.params.signingAlg=-\npolicyset.transportCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.1.constraint.params.accept=true\nvisible=true\npolicyset.transportCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.transportCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.transportCertSet.6.default.params.keyUsageDataEncipherment=true\ndesc=This certificate profile is for enrolling Data Recovery Manager transport certificates.\npolicyset.transportCertSet.3.constraint.name=Key Constraint\npolicyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.transportCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.transportCertSet.2.constraint.params.range=720\npolicyset.transportCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.transportCertSet.5.default.name=AIA Extension Default\nauth.class_id=\npolicyset.transportCertSet.1.default.class_id=userSubjectNameDefaultImpl\nenable=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.transportCertSet.2.constraint.params.notAfterCheck=false\npolicyset.transportCertSet.2.constraint.name=Validity Constraint\npolicyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.transportCertSet.8.constraint.name=No Constraint\npolicyset.transportCertSet.3.constraint.params.keyType=RSA\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocation_0=\ninput.i1.class_id=certReqInputImpl\npolicyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false\nenableBy=admin\npolicyset.transportCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.4.default.name=Authority Key Identifier Default\npolicyset.transportCertSet.2.default.class_id=validityDefaultImpl\nname=Manual Data Recovery Manager Transport Certificate Enrollment\npolicyset.transportCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.3.default.name=Key Default\npolicyset.transportCertSet.1.constraint.name=Subject Name Constraint\npolicyset.transportCertSet.6.default.params.keyUsageCritical=true\npolicyset.transportCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.7.constraint.name=No Constraint\npolicyset.transportCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.8.default.name=Signing Alg\npolicyset.transportCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.transportCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.transportCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.transportCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.list=transportCertSet\npolicyset.transportCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.transportCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.transportCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.2.default.name=Validity Default\npolicyset.transportCertSet.1.constraint.params.pattern=CN=.*\npolicyset.transportCertSet.list=1,2,3,4,5,6,7,8\npolicyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.transportCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.transportCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.transportCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.2.default.params.range=720\npolicyset.transportCertSet.5.constraint.name=No Constraint\n'
2016-03-14T19:09:42Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTransportCert?action=enable
2016-03-14T19:09:42Z DEBUG request body ''
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 204 No Content
2016-03-14T19:09:42Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:42Z DEBUG response body ''
2016-03-14T19:09:42Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:42Z DEBUG request body ''
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 204 No Content
2016-03-14T19:09:42Z DEBUG response headers {'set-cookie': 'JSESSIONID=FC6AE3D7B7056F9F1287D4CA10DA444F; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:42Z DEBUG response body ''
2016-03-14T19:09:42Z INFO Migrating profile 'caDirPinUserCert' to LDAP
2016-03-14T19:09:42Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:42Z DEBUG request body ''
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 200 OK
2016-03-14T19:09:42Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=79E23AB2883928E46C91661C70C35B6D; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:42Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:42Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:42Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-pin-based authentication.\nvisible=true\nenable=false\nenableBy=admin\nname=Directory-Pin-Authenticated User Dual-Use Certificate Enrollment\nauth.instance_id=PinDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDirPinUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 400 Bad Request
2016-03-14T19:09:42Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:42Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:42Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caDirPinUserCert?action=disable
2016-03-14T19:09:42Z DEBUG request body ''
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 204 No Content
2016-03-14T19:09:42Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:42Z DEBUG response body ''
2016-03-14T19:09:42Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caDirPinUserCert/raw
2016-03-14T19:09:42Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-pin-based authentication.\nvisible=true\nenable=false\nenableBy=admin\nname=Directory-Pin-Authenticated User Dual-Use Certificate Enrollment\nauth.instance_id=PinDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDirPinUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:42Z DEBUG response status 200 OK
2016-03-14T19:09:42Z DEBUG response headers {'content-length': '6162', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:42Z DEBUG response body '#Mon Mar 14 14:09:42 CDT 2016\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.3.constraint.params.keyType=RSA\nauth.instance_id=PinDirEnrollment\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\noutput.o1.class_id=certOutputImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\noutput.list=o1\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\ninput.list=i1\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.2.constraint.params.range=365\nvisible=true\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.2.default.name=Validity Default\ndesc=This certificate profile is for enrolling user certificates with directory-pin-based authentication.\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.9.default.params.signingAlg=-\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\nenable=false\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.9.constraint.name=No Constraint\ninput.i1.class_id=keyGenInputImpl\nenableBy=admin\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\nname=Directory-Pin-Authenticated User Dual-Use Certificate Enrollment\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.list=userCertSet\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\n'
2016-03-14T19:09:42Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caDirPinUserCert?action=enable
2016-03-14T19:09:42Z DEBUG request body ''
2016-03-14T19:09:42Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:42Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:42Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:42Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:42Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:42Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:42Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 204 No Content
2016-03-14T19:09:43Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:43Z DEBUG response body ''
2016-03-14T19:09:43Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:43Z DEBUG request body ''
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 204 No Content
2016-03-14T19:09:43Z DEBUG response headers {'set-cookie': 'JSESSIONID=B762524B5B905C58481CCE6D30F0B4B9; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:43Z DEBUG response body ''
2016-03-14T19:09:43Z INFO Migrating profile 'caDirUserCert' to LDAP
2016-03-14T19:09:43Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:43Z DEBUG request body ''
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 200 OK
2016-03-14T19:09:43Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=A1D89753331DA567A8076A2DF1AFFE8F; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:43Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:43Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:43Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-based authentication.\nvisible=true\nenable=true\nenableBy=admin\nname=Directory-Authenticated User Dual-Use Certificate Enrollment\nauth.instance_id=UserDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDirUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 400 Bad Request
2016-03-14T19:09:43Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:43Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:43Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caDirUserCert?action=disable
2016-03-14T19:09:43Z DEBUG request body ''
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 204 No Content
2016-03-14T19:09:43Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:42 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:43Z DEBUG response body ''
2016-03-14T19:09:43Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caDirUserCert/raw
2016-03-14T19:09:43Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-based authentication.\nvisible=true\nenable=true\nenableBy=admin\nname=Directory-Authenticated User Dual-Use Certificate Enrollment\nauth.instance_id=UserDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDirUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 200 OK
2016-03-14T19:09:43Z DEBUG response headers {'content-length': '6179', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:43Z DEBUG response body '#Mon Mar 14 14:09:43 CDT 2016\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.3.constraint.params.keyType=-\nauth.instance_id=UserDirEnrollment\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\noutput.o1.class_id=certOutputImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\noutput.list=o1\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\ninput.list=i1\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.2.constraint.params.range=365\nvisible=true\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.2.default.name=Validity Default\ndesc=This certificate profile is for enrolling user certificates with directory-based authentication.\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.9.default.params.signingAlg=-\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\nenable=true\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.9.constraint.name=No Constraint\ninput.i1.class_id=keyGenInputImpl\nenableBy=admin\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\nname=Directory-Authenticated User Dual-Use Certificate Enrollment\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.list=userCertSet\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\n'
2016-03-14T19:09:43Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caDirUserCert?action=enable
2016-03-14T19:09:43Z DEBUG request body ''
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 204 No Content
2016-03-14T19:09:43Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:43Z DEBUG response body ''
2016-03-14T19:09:43Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:43Z DEBUG request body ''
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 204 No Content
2016-03-14T19:09:43Z DEBUG response headers {'set-cookie': 'JSESSIONID=6BDFE5F01CA8276DE0F92566101BACD9; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:43Z DEBUG response body ''
2016-03-14T19:09:43Z INFO Migrating profile 'caECDirUserCert' to LDAP
2016-03-14T19:09:43Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:43Z DEBUG request body ''
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 200 OK
2016-03-14T19:09:43Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=AABC8E174EFA28D4242E5639CB22D2B6; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:43Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:43Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:43Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-based authentication.\nvisible=true\nenable=true\nenableBy=admin\nname=Directory-Authenticated User Dual-Use ECC Certificate Enrollment\nauth.instance_id=UserDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=EC\npolicyset.userCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caECDirUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 400 Bad Request
2016-03-14T19:09:43Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:43Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:43Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caECDirUserCert?action=disable
2016-03-14T19:09:43Z DEBUG request body ''
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 204 No Content
2016-03-14T19:09:43Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:43Z DEBUG response body ''
2016-03-14T19:09:43Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caECDirUserCert/raw
2016-03-14T19:09:43Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-based authentication.\nvisible=true\nenable=true\nenableBy=admin\nname=Directory-Authenticated User Dual-Use ECC Certificate Enrollment\nauth.instance_id=UserDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=EC\npolicyset.userCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caECDirUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 200 OK
2016-03-14T19:09:43Z DEBUG response headers {'content-length': '6164', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:43Z DEBUG response body '#Mon Mar 14 14:09:43 CDT 2016\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.3.constraint.params.keyType=EC\nauth.instance_id=UserDirEnrollment\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\noutput.o1.class_id=certOutputImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\noutput.list=o1\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\ninput.list=i1\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.2.constraint.params.range=365\nvisible=true\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.2.default.name=Validity Default\ndesc=This certificate profile is for enrolling user certificates with directory-based authentication.\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.9.default.params.signingAlg=-\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\nenable=true\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.9.constraint.name=No Constraint\ninput.i1.class_id=keyGenInputImpl\nenableBy=admin\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\nname=Directory-Authenticated User Dual-Use ECC Certificate Enrollment\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.list=userCertSet\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\n'
2016-03-14T19:09:43Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caECDirUserCert?action=enable
2016-03-14T19:09:43Z DEBUG request body ''
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 204 No Content
2016-03-14T19:09:43Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:43Z DEBUG response body ''
2016-03-14T19:09:43Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:43Z DEBUG request body ''
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 204 No Content
2016-03-14T19:09:43Z DEBUG response headers {'set-cookie': 'JSESSIONID=3DC72A73128902B012AEFD9761B2FC05; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:43Z DEBUG response body ''
2016-03-14T19:09:43Z INFO Migrating profile 'caAgentServerCert' to LDAP
2016-03-14T19:09:43Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:43Z DEBUG request body ''
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 200 OK
2016-03-14T19:09:43Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=AD039D1BDE6C65CB3571C2F82AF2CAB2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:43Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:43Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:43Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with agent authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=AgentCertAuth\nname=Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caAgentServerCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 400 Bad Request
2016-03-14T19:09:43Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:43Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:43Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caAgentServerCert?action=disable
2016-03-14T19:09:43Z DEBUG request body ''
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 204 No Content
2016-03-14T19:09:43Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:43Z DEBUG response body ''
2016-03-14T19:09:43Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caAgentServerCert/raw
2016-03-14T19:09:43Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with agent authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=AgentCertAuth\nname=Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caAgentServerCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 200 OK
2016-03-14T19:09:43Z DEBUG response headers {'content-length': '5334', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:43Z DEBUG response body '#Mon Mar 14 14:09:43 CDT 2016\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=AgentCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\ndesc=This certificate profile is for enrolling server certificates with agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\n'
2016-03-14T19:09:43Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caAgentServerCert?action=enable
2016-03-14T19:09:43Z DEBUG request body ''
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 204 No Content
2016-03-14T19:09:43Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:43Z DEBUG response body ''
2016-03-14T19:09:43Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:43Z DEBUG request body ''
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 204 No Content
2016-03-14T19:09:43Z DEBUG response headers {'set-cookie': 'JSESSIONID=5C3A07B3755C183F5EF50596622B865B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:43Z DEBUG response body ''
2016-03-14T19:09:43Z INFO Migrating profile 'caAgentFileSigning' to LDAP
2016-03-14T19:09:43Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:43Z DEBUG request body ''
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 200 OK
2016-03-14T19:09:43Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=A6E678EC490E6579936F3C728FCFB115; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:43Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:43Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:43Z DEBUG request body 'desc=This certificate profile is for getting file signing certificate with agent authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=AgentCertAuth\nname=Agent-Authenticated File Signing\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=fileSigningInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=pkcs7OutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=(Name)$request.requestor_name$(Text)$request.file_signing_text$(Size)$request.file_signing_size$(DigestType)$request.file_signing_digest_type$(Digest)$request.file_signing_digest$\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.3\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caAgentFileSigning\nclassId=caEnrollImpl\n'
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 400 Bad Request
2016-03-14T19:09:43Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:43Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:43Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caAgentFileSigning?action=disable
2016-03-14T19:09:43Z DEBUG request body ''
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 204 No Content
2016-03-14T19:09:43Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:43Z DEBUG response body ''
2016-03-14T19:09:43Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caAgentFileSigning/raw
2016-03-14T19:09:43Z DEBUG request body 'desc=This certificate profile is for getting file signing certificate with agent authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=AgentCertAuth\nname=Agent-Authenticated File Signing\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=fileSigningInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=pkcs7OutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=(Name)$request.requestor_name$(Text)$request.file_signing_text$(Size)$request.file_signing_size$(DigestType)$request.file_signing_digest_type$(Digest)$request.file_signing_digest$\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.3\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caAgentFileSigning\nclassId=caEnrollImpl\n'
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 200 OK
2016-03-14T19:09:43Z DEBUG response headers {'content-length': '5515', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:43Z DEBUG response body '#Mon Mar 14 14:09:43 CDT 2016\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.3\ninput.i2.class_id=fileSigningInputImpl\nauth.instance_id=AgentCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=pkcs7OutputImpl\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\ninput.list=i1,i2,i3\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\ndesc=This certificate profile is for getting file signing certificate with agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\ninput.i1.class_id=keyGenInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\ninput.i3.class_id=submitterInfoInputImpl\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=Agent-Authenticated File Signing\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=(Name)$request.requestor_name$(Text)$request.file_signing_text$(Size)$request.file_signing_size$(DigestType)$request.file_signing_digest_type$(Digest)$request.file_signing_digest$\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\n'
2016-03-14T19:09:43Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caAgentFileSigning?action=enable
2016-03-14T19:09:43Z DEBUG request body ''
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 204 No Content
2016-03-14T19:09:43Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:43Z DEBUG response body ''
2016-03-14T19:09:43Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:43Z DEBUG request body ''
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 204 No Content
2016-03-14T19:09:43Z DEBUG response headers {'set-cookie': 'JSESSIONID=1082CC4F3D32635856CCFAC973CFD19B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:43Z DEBUG response body ''
2016-03-14T19:09:43Z INFO Migrating profile 'caCMCUserCert' to LDAP
2016-03-14T19:09:43Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:43Z DEBUG request body ''
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 200 OK
2016-03-14T19:09:43Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=FB145C953E0704FACB9813716D584588; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:43Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:43Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:43Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=CMCAuth\nauthz.acl=group="Certificate Manager Agents"\nname=Signed CMC-Authenticated User Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=cmcCertReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyType=-\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caCMCUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:43Z DEBUG response status 400 Bad Request
2016-03-14T19:09:43Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:43Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:43Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caCMCUserCert?action=disable
2016-03-14T19:09:43Z DEBUG request body ''
2016-03-14T19:09:43Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:43Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:43Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:43Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:43Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:43Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:43Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 204 No Content
2016-03-14T19:09:44Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:44Z DEBUG response body ''
2016-03-14T19:09:44Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caCMCUserCert/raw
2016-03-14T19:09:44Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=CMCAuth\nauthz.acl=group="Certificate Manager Agents"\nname=Signed CMC-Authenticated User Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=cmcCertReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyType=-\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caCMCUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 200 OK
2016-03-14T19:09:44Z DEBUG response headers {'content-length': '5504', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:44Z DEBUG response body '#Mon Mar 14 14:09:44 CDT 2016\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=CMCAuth\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\noutput.o1.class_id=certOutputImpl\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\nauthz.acl=group="Certificate Manager Agents"\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\noutput.list=o1\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\ninput.list=i1,i2\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\nvisible=true\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521\ndesc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\nenable=true\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.2.constraint.params.range=365\ninput.i1.class_id=cmcCertReqInputImpl\nenableBy=admin\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\nname=Signed CMC-Authenticated User Certificate Enrollment\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.params.keyType=-\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\n'
2016-03-14T19:09:44Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caCMCUserCert?action=enable
2016-03-14T19:09:44Z DEBUG request body ''
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 204 No Content
2016-03-14T19:09:44Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:44Z DEBUG response body ''
2016-03-14T19:09:44Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:44Z DEBUG request body ''
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 204 No Content
2016-03-14T19:09:44Z DEBUG response headers {'set-cookie': 'JSESSIONID=276B337E1FD01B3E2680376069CE0D13; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:44Z DEBUG response body ''
2016-03-14T19:09:44Z INFO Migrating profile 'caFullCMCUserCert' to LDAP
2016-03-14T19:09:44Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:44Z DEBUG request body ''
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 200 OK
2016-03-14T19:09:44Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=090BC476F2A7A48ABE339A108FB81E0A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:43 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:44Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:44Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:44Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\nenable=true\nenableBy=admin\nname=Signed CMC-Authenticated User Certificate Enrollment\nvisible=false\nauth.instance_id=CMCAuth\ninput.list=i1,i2\ninput.i1.class_id=cmcCertReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521\npolicyset.cmcUserCertSet.3.constraint.params.keyType=-\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caFullCMCUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 400 Bad Request
2016-03-14T19:09:44Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:44Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:44Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caFullCMCUserCert?action=disable
2016-03-14T19:09:44Z DEBUG request body ''
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 204 No Content
2016-03-14T19:09:44Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:44Z DEBUG response body ''
2016-03-14T19:09:44Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caFullCMCUserCert/raw
2016-03-14T19:09:44Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\nenable=true\nenableBy=admin\nname=Signed CMC-Authenticated User Certificate Enrollment\nvisible=false\nauth.instance_id=CMCAuth\ninput.list=i1,i2\ninput.i1.class_id=cmcCertReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521\npolicyset.cmcUserCertSet.3.constraint.params.keyType=-\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caFullCMCUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 200 OK
2016-03-14T19:09:44Z DEBUG response headers {'content-length': '5460', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:44Z DEBUG response body '#Mon Mar 14 14:09:44 CDT 2016\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=CMCAuth\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\noutput.o1.class_id=certOutputImpl\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\noutput.list=o1\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\ninput.list=i1,i2\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\nvisible=false\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521\ndesc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\nenable=true\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.2.constraint.params.range=365\ninput.i1.class_id=cmcCertReqInputImpl\nenableBy=admin\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\nname=Signed CMC-Authenticated User Certificate Enrollment\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.params.keyType=-\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\n'
2016-03-14T19:09:44Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caFullCMCUserCert?action=enable
2016-03-14T19:09:44Z DEBUG request body ''
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 204 No Content
2016-03-14T19:09:44Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:44Z DEBUG response body ''
2016-03-14T19:09:44Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:44Z DEBUG request body ''
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 204 No Content
2016-03-14T19:09:44Z DEBUG response headers {'set-cookie': 'JSESSIONID=9C372DC71A646ECA6F17ADC6069376E8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:44Z DEBUG response body ''
2016-03-14T19:09:44Z INFO Migrating profile 'caSimpleCMCUserCert' to LDAP
2016-03-14T19:09:44Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:44Z DEBUG request body ''
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 200 OK
2016-03-14T19:09:44Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=37E418E7FA94CE983D23EC031A858647; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:44Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:44Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:44Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\nenable=true\nenableBy=admin\nname=Simple CMC Enrollment Request for User Certificate\nvisible=false\nauth.instance_id=\ninput.list=i1\ninput.i1.class_id=certReqInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521\npolicyset.cmcUserCertSet.3.constraint.params.keyType=-\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caSimpleCMCUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 400 Bad Request
2016-03-14T19:09:44Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:44Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:44Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caSimpleCMCUserCert?action=disable
2016-03-14T19:09:44Z DEBUG request body ''
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 204 No Content
2016-03-14T19:09:44Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:44Z DEBUG response body ''
2016-03-14T19:09:44Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caSimpleCMCUserCert/raw
2016-03-14T19:09:44Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\nenable=true\nenableBy=admin\nname=Simple CMC Enrollment Request for User Certificate\nvisible=false\nauth.instance_id=\ninput.list=i1\ninput.i1.class_id=certReqInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521\npolicyset.cmcUserCertSet.3.constraint.params.keyType=-\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caSimpleCMCUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 200 OK
2016-03-14T19:09:44Z DEBUG response headers {'content-length': '5404', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:44Z DEBUG response body '#Mon Mar 14 14:09:44 CDT 2016\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\nauth.instance_id=\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\noutput.o1.class_id=certOutputImpl\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\noutput.list=o1\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\ninput.list=i1\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\nvisible=false\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521\ndesc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\nenable=true\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.2.constraint.params.range=365\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\nname=Simple CMC Enrollment Request for User Certificate\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.params.keyType=-\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\n'
2016-03-14T19:09:44Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caSimpleCMCUserCert?action=enable
2016-03-14T19:09:44Z DEBUG request body ''
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 204 No Content
2016-03-14T19:09:44Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:44Z DEBUG response body ''
2016-03-14T19:09:44Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:44Z DEBUG request body ''
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 204 No Content
2016-03-14T19:09:44Z DEBUG response headers {'set-cookie': 'JSESSIONID=26B9E204680C20E804CDE06D7E0A3FC6; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:44Z DEBUG response body ''
2016-03-14T19:09:44Z INFO Migrating profile 'caTokenDeviceKeyEnrollment' to LDAP
2016-03-14T19:09:44Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:44Z DEBUG request body ''
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 200 OK
2016-03-14T19:09:44Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=42D945E703C758FB00637DA273C58F6E; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:44Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:44Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:44Z DEBUG request body 'desc=This profile is for enrolling token device keys\nenable=true\nenableBy=admin\nlastModified=1068835451090\nname=Token Device Key Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsHKeyCertReqInputImpl\ninput.i1.name=nsHKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p3,p4,p5,p1,p7,p8,p9,p12,p6\npolicyset.set1.list=p2,p4,p5,p1,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenDeviceKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenDeviceKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=Token Key Device - $request.tokencuid$\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p3.constraint.class_id=noConstraintImpl\npolicyset.set1.p3.constraint.name=No Constraint\npolicyset.set1.p3.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.params.crlDistPointsCritical=false\npolicyset.set1.p3.default.params.crlDistPointsNum=1\npolicyset.set1.p3.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p3.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p3.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p3.default.params.crlDistPointsPointName_0=\npolicyset.set1.p3.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p3.default.params.crlDistPointsReasons_0=\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_1=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\nprofileId=caTokenDeviceKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 400 Bad Request
2016-03-14T19:09:44Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:44Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:44Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenDeviceKeyEnrollment?action=disable
2016-03-14T19:09:44Z DEBUG request body ''
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 204 No Content
2016-03-14T19:09:44Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:44Z DEBUG response body ''
2016-03-14T19:09:44Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenDeviceKeyEnrollment/raw
2016-03-14T19:09:44Z DEBUG request body 'desc=This profile is for enrolling token device keys\nenable=true\nenableBy=admin\nlastModified=1068835451090\nname=Token Device Key Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsHKeyCertReqInputImpl\ninput.i1.name=nsHKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p3,p4,p5,p1,p7,p8,p9,p12,p6\npolicyset.set1.list=p2,p4,p5,p1,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenDeviceKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenDeviceKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=Token Key Device - $request.tokencuid$\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p3.constraint.class_id=noConstraintImpl\npolicyset.set1.p3.constraint.name=No Constraint\npolicyset.set1.p3.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.params.crlDistPointsCritical=false\npolicyset.set1.p3.default.params.crlDistPointsNum=1\npolicyset.set1.p3.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p3.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p3.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p3.default.params.crlDistPointsPointName_0=\npolicyset.set1.p3.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p3.default.params.crlDistPointsReasons_0=\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_1=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\nprofileId=caTokenDeviceKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 200 OK
2016-03-14T19:09:44Z DEBUG response headers {'transfer-encoding': 'chunked', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:44Z DEBUG response body '#Mon Mar 14 14:09:44 CDT 2016\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p3.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\nauth.instance_id=AgentCertAuth\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\noutput.o1.class_id=nsNKeyOutputImpl\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p3.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\noutput.list=o1\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\ninput.list=i1\npolicyset.set1.p1.default.class_id=nsTokenDeviceKeySubjectNameDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\nvisible=false\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\ndesc=This profile is for enrolling token device keys\npolicyset.set1.list=p2,p4,p5,p1,p8,p9,p12\npolicyset.set1.p3.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_0=\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p3.constraint.name=No Constraint\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\noutput.o2.name=nsNKeyOutputImpl\npolicyset.set1.p1.default.params.dnpattern=UID=Token Key Device - $request.tokencuid$\nenable=true\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p3.default.params.crlDistPointsReasons_0=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p3.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p3.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\nenableBy=admin\ninput.i1.class_id=nsHKeyCertReqInputImpl\npolicyset.set1.p3.default.params.crlDistPointsPointName_0=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\ninput.i1.name=nsHKeyCertReqInputImpl\npolicyset.set1.p1.default.name=nsTokenDeviceKeySubjectNameDefault\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\nname=Token Device Key Enrollment\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p3.default.params.crlDistPointsCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\nlastModified=1068835451090\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p2.default.params.range=1825\npolicyset.list=set1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p3.default.params.crlDistPointsNum=1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p3.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p3.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p2.default.params.startTime=0\n'
2016-03-14T19:09:44Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenDeviceKeyEnrollment?action=enable
2016-03-14T19:09:44Z DEBUG request body ''
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 204 No Content
2016-03-14T19:09:44Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:44Z DEBUG response body ''
2016-03-14T19:09:44Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:44Z DEBUG request body ''
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 204 No Content
2016-03-14T19:09:44Z DEBUG response headers {'set-cookie': 'JSESSIONID=17BBB0EF29BCBCF44B020119ABFE8AF8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:44Z DEBUG response body ''
2016-03-14T19:09:44Z INFO Migrating profile 'caTokenUserEncryptionKeyEnrollment' to LDAP
2016-03-14T19:09:44Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:44Z DEBUG request body ''
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 200 OK
2016-03-14T19:09:44Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=D66A194158EFC27C5013E9BE2FA8766C; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:44Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:44Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:44Z DEBUG request body 'desc=This profile is for enrolling Token Encryption key\nenable=true\nenableBy=admin\nname=Token User Encryption Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=false\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserEncryptionKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 400 Bad Request
2016-03-14T19:09:44Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:44Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:44Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserEncryptionKeyEnrollment?action=disable
2016-03-14T19:09:44Z DEBUG request body ''
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:44Z DEBUG response status 204 No Content
2016-03-14T19:09:44Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:44Z DEBUG response body ''
2016-03-14T19:09:44Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserEncryptionKeyEnrollment/raw
2016-03-14T19:09:44Z DEBUG request body 'desc=This profile is for enrolling Token Encryption key\nenable=true\nenableBy=admin\nname=Token User Encryption Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=false\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserEncryptionKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:44Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:44Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:44Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:44Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:44Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:44Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:44Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 200 OK
2016-03-14T19:09:45Z DEBUG response headers {'transfer-encoding': 'chunked', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:45Z DEBUG response body '#Mon Mar 14 14:09:44 CDT 2016\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\nauth.instance_id=AgentCertAuth\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\noutput.o2.name=nsNKeyOutputImpl\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\nenable=true\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\ninput.i1.name=nsNKeyCertReqInputImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\noutput.o1.class_id=nsNKeyOutputImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\noutput.list=o1\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\nname=Token User Encryption Certificate Enrollment\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p1.constraint.name=No Constraint\ninput.list=i1\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.num=5\nenableBy=admin\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p9.constraint.name=No Constraint\ndesc=This profile is for enrolling Token Encryption key\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\ninput.i1.class_id=nsNKeyCertReqInputImpl\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.list=set1\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p2.constraint.name=No Constraint\nvisible=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=false\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\n'
2016-03-14T19:09:45Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserEncryptionKeyEnrollment?action=enable
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 204 No Content
2016-03-14T19:09:45Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:45Z DEBUG response body ''
2016-03-14T19:09:45Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 204 No Content
2016-03-14T19:09:45Z DEBUG response headers {'set-cookie': 'JSESSIONID=B826BA25C355B2B571A25FC02392CAAE; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:45Z DEBUG response body ''
2016-03-14T19:09:45Z INFO Migrating profile 'caTokenUserSigningKeyEnrollment' to LDAP
2016-03-14T19:09:45Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 200 OK
2016-03-14T19:09:45Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=E07E4C6AAD667B69C087383167EF3384; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:45Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:45Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:45Z DEBUG request body 'desc=This profile is for enrolling Token Signing key\nenable=true\nenableBy=admin\nname=Token User Signing Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserSigningKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 400 Bad Request
2016-03-14T19:09:45Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:45Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:45Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserSigningKeyEnrollment?action=disable
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 204 No Content
2016-03-14T19:09:45Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:45Z DEBUG response body ''
2016-03-14T19:09:45Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserSigningKeyEnrollment/raw
2016-03-14T19:09:45Z DEBUG request body 'desc=This profile is for enrolling Token Signing key\nenable=true\nenableBy=admin\nname=Token User Signing Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserSigningKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 200 OK
2016-03-14T19:09:45Z DEBUG response headers {'transfer-encoding': 'chunked', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:44 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:45Z DEBUG response body '#Mon Mar 14 14:09:45 CDT 2016\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\nauth.instance_id=AgentCertAuth\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\noutput.o2.name=nsNKeyOutputImpl\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\nenable=true\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\ninput.i1.name=nsNKeyCertReqInputImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\noutput.o1.class_id=nsNKeyOutputImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\noutput.list=o1\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\nname=Token User Signing Certificate Enrollment\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p1.constraint.name=No Constraint\ninput.list=i1\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.num=5\nenableBy=admin\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p9.constraint.name=No Constraint\ndesc=This profile is for enrolling Token Signing key\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\ninput.i1.class_id=nsNKeyCertReqInputImpl\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.list=set1\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p2.constraint.name=No Constraint\nvisible=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\n'
2016-03-14T19:09:45Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserSigningKeyEnrollment?action=enable
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 204 No Content
2016-03-14T19:09:45Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:45Z DEBUG response body ''
2016-03-14T19:09:45Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 204 No Content
2016-03-14T19:09:45Z DEBUG response headers {'set-cookie': 'JSESSIONID=0ACF9F4C0AC31EE7E855ECFC9B34225D; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:45Z DEBUG response body ''
2016-03-14T19:09:45Z INFO Migrating profile 'caTempTokenDeviceKeyEnrollment' to LDAP
2016-03-14T19:09:45Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 200 OK
2016-03-14T19:09:45Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=7ACA818B1BB162F4F46443D6C360A14E; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:45Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:45Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:45Z DEBUG request body 'desc=This profile is for enrolling token device keys\nenable=true\nenableBy=admin\nlastModified=1068835451090\nname=Temporary Device Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsHKeyCertReqInputImpl\ninput.i1.name=nsHKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p3,p4,p5,p1,p7,p8,p9,p12,p6\npolicyset.set1.list=p2,p4,p5,p1,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenDeviceKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenDeviceKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=Token Key Device - $request.tokencuid$\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p3.constraint.class_id=noConstraintImpl\npolicyset.set1.p3.constraint.name=No Constraint\npolicyset.set1.p3.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.params.crlDistPointsCritical=false\npolicyset.set1.p3.default.params.crlDistPointsNum=1\npolicyset.set1.p3.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p3.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p3.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p3.default.params.crlDistPointsPointName_0=\npolicyset.set1.p3.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p3.default.params.crlDistPointsReasons_0=\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_1=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\nprofileId=caTempTokenDeviceKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 400 Bad Request
2016-03-14T19:09:45Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:45Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:45Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTempTokenDeviceKeyEnrollment?action=disable
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 204 No Content
2016-03-14T19:09:45Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:45Z DEBUG response body ''
2016-03-14T19:09:45Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTempTokenDeviceKeyEnrollment/raw
2016-03-14T19:09:45Z DEBUG request body 'desc=This profile is for enrolling token device keys\nenable=true\nenableBy=admin\nlastModified=1068835451090\nname=Temporary Device Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsHKeyCertReqInputImpl\ninput.i1.name=nsHKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p3,p4,p5,p1,p7,p8,p9,p12,p6\npolicyset.set1.list=p2,p4,p5,p1,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenDeviceKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenDeviceKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=Token Key Device - $request.tokencuid$\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p3.constraint.class_id=noConstraintImpl\npolicyset.set1.p3.constraint.name=No Constraint\npolicyset.set1.p3.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.params.crlDistPointsCritical=false\npolicyset.set1.p3.default.params.crlDistPointsNum=1\npolicyset.set1.p3.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p3.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p3.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p3.default.params.crlDistPointsPointName_0=\npolicyset.set1.p3.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p3.default.params.crlDistPointsReasons_0=\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_1=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\nprofileId=caTempTokenDeviceKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 200 OK
2016-03-14T19:09:45Z DEBUG response headers {'transfer-encoding': 'chunked', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:45Z DEBUG response body '#Mon Mar 14 14:09:45 CDT 2016\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p3.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\nauth.instance_id=AgentCertAuth\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\noutput.o1.class_id=nsNKeyOutputImpl\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p3.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\noutput.list=o1\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\ninput.list=i1\npolicyset.set1.p1.default.class_id=nsTokenDeviceKeySubjectNameDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\nvisible=false\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\ndesc=This profile is for enrolling token device keys\npolicyset.set1.list=p2,p4,p5,p1,p8,p9,p12\npolicyset.set1.p3.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_0=\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p3.constraint.name=No Constraint\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\noutput.o2.name=nsNKeyOutputImpl\npolicyset.set1.p1.default.params.dnpattern=UID=Token Key Device - $request.tokencuid$\nenable=true\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p3.default.params.crlDistPointsReasons_0=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p3.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p3.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\nenableBy=admin\ninput.i1.class_id=nsHKeyCertReqInputImpl\npolicyset.set1.p3.default.params.crlDistPointsPointName_0=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\ninput.i1.name=nsHKeyCertReqInputImpl\npolicyset.set1.p1.default.name=nsTokenDeviceKeySubjectNameDefault\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\nname=Temporary Device Certificate Enrollment\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p3.default.params.crlDistPointsCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\nlastModified=1068835451090\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p2.default.params.range=7\npolicyset.list=set1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p3.default.params.crlDistPointsNum=1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p3.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p3.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p2.default.params.startTime=0\n'
2016-03-14T19:09:45Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTempTokenDeviceKeyEnrollment?action=enable
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 204 No Content
2016-03-14T19:09:45Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:45Z DEBUG response body ''
2016-03-14T19:09:45Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 204 No Content
2016-03-14T19:09:45Z DEBUG response headers {'set-cookie': 'JSESSIONID=94064BEDCD62A7FF5E1342DBB207A649; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:45Z DEBUG response body ''
2016-03-14T19:09:45Z INFO Migrating profile 'caTempTokenUserEncryptionKeyEnrollment' to LDAP
2016-03-14T19:09:45Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 200 OK
2016-03-14T19:09:45Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=4244EED0E9DC6D77A1B35A4701463D89; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:45Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:45Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:45Z DEBUG request body 'desc=This profile is for enrolling Token Encryption key\nenable=true\nenableBy=admin\nname=Temporary Token User Encryption Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\n#uncomment below to support SMIME\n#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=false\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTempTokenUserEncryptionKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 400 Bad Request
2016-03-14T19:09:45Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:45Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:45Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTempTokenUserEncryptionKeyEnrollment?action=disable
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 204 No Content
2016-03-14T19:09:45Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:45Z DEBUG response body ''
2016-03-14T19:09:45Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTempTokenUserEncryptionKeyEnrollment/raw
2016-03-14T19:09:45Z DEBUG request body 'desc=This profile is for enrolling Token Encryption key\nenable=true\nenableBy=admin\nname=Temporary Token User Encryption Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\n#uncomment below to support SMIME\n#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=false\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTempTokenUserEncryptionKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 200 OK
2016-03-14T19:09:45Z DEBUG response headers {'transfer-encoding': 'chunked', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:45Z DEBUG response body '#Mon Mar 14 14:09:45 CDT 2016\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\nauth.instance_id=AgentCertAuth\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\noutput.o2.name=nsNKeyOutputImpl\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\nenable=true\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\ninput.i1.name=nsNKeyCertReqInputImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\noutput.o1.class_id=nsNKeyOutputImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\noutput.list=o1\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\nname=Temporary Token User Encryption Certificate Enrollment\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p1.constraint.name=No Constraint\ninput.list=i1\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.num=5\nenableBy=admin\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p9.constraint.name=No Constraint\ndesc=This profile is for enrolling Token Encryption key\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\ninput.i1.class_id=nsNKeyCertReqInputImpl\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.list=set1\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p2.constraint.name=No Constraint\nvisible=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=false\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\n'
2016-03-14T19:09:45Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTempTokenUserEncryptionKeyEnrollment?action=enable
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 204 No Content
2016-03-14T19:09:45Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:45Z DEBUG response body ''
2016-03-14T19:09:45Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 204 No Content
2016-03-14T19:09:45Z DEBUG response headers {'set-cookie': 'JSESSIONID=A214291F0DCA154BF31A52E984449BF6; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:45Z DEBUG response body ''
2016-03-14T19:09:45Z INFO Migrating profile 'caTempTokenUserSigningKeyEnrollment' to LDAP
2016-03-14T19:09:45Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 200 OK
2016-03-14T19:09:45Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=5884D251DD98AF03D15CFCC1BA5CD559; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:45Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:45Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:45Z DEBUG request body 'desc=This profile is for enrolling Token Signing key\nenable=true\nenableBy=admin\nname=Temporary Token User Signing Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\n#uncomment below to support SMIME\n#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTempTokenUserSigningKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 400 Bad Request
2016-03-14T19:09:45Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:45Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:45Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTempTokenUserSigningKeyEnrollment?action=disable
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 204 No Content
2016-03-14T19:09:45Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:45Z DEBUG response body ''
2016-03-14T19:09:45Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTempTokenUserSigningKeyEnrollment/raw
2016-03-14T19:09:45Z DEBUG request body 'desc=This profile is for enrolling Token Signing key\nenable=true\nenableBy=admin\nname=Temporary Token User Signing Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\n#uncomment below to support SMIME\n#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTempTokenUserSigningKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 200 OK
2016-03-14T19:09:45Z DEBUG response headers {'transfer-encoding': 'chunked', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:45Z DEBUG response body '#Mon Mar 14 14:09:45 CDT 2016\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\nauth.instance_id=AgentCertAuth\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\noutput.o2.name=nsNKeyOutputImpl\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\nenable=true\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\ninput.i1.name=nsNKeyCertReqInputImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\noutput.o1.class_id=nsNKeyOutputImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\noutput.list=o1\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\nname=Temporary Token User Signing Certificate Enrollment\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p1.constraint.name=No Constraint\ninput.list=i1\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.num=5\nenableBy=admin\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p9.constraint.name=No Constraint\ndesc=This profile is for enrolling Token Signing key\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\ninput.i1.class_id=nsNKeyCertReqInputImpl\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.list=set1\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p2.constraint.name=No Constraint\nvisible=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\n'
2016-03-14T19:09:45Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTempTokenUserSigningKeyEnrollment?action=enable
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 204 No Content
2016-03-14T19:09:45Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:45Z DEBUG response body ''
2016-03-14T19:09:45Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 204 No Content
2016-03-14T19:09:45Z DEBUG response headers {'set-cookie': 'JSESSIONID=DCAC3839864A5FA4ACEA12C54D649C1D; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:45Z DEBUG response body ''
2016-03-14T19:09:45Z INFO Migrating profile 'caAdminCert' to LDAP
2016-03-14T19:09:45Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 200 OK
2016-03-14T19:09:45Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=C0226F079735BCD76EDA5DCF451576CE; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:45Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:45Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:45Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain administrator\'s certificates with LDAP authentication against the internal LDAP database.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Administrator Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=adminCertSet\npolicyset.adminCertSet.list=1,2,3,4,5,6,7,8\npolicyset.adminCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.adminCertSet.1.constraint.name=Subject Name Constraint\npolicyset.adminCertSet.1.constraint.params.pattern=.*\npolicyset.adminCertSet.1.constraint.params.accept=true\npolicyset.adminCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.adminCertSet.1.default.name=Subject Name Default\npolicyset.adminCertSet.1.default.params.name=\npolicyset.adminCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.adminCertSet.2.constraint.name=Validity Constraint\npolicyset.adminCertSet.2.constraint.params.range=365\npolicyset.adminCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.adminCertSet.2.constraint.params.notAfterCheck=false\npolicyset.adminCertSet.2.default.class_id=validityDefaultImpl\npolicyset.adminCertSet.2.default.name=Validity Default\npolicyset.adminCertSet.2.default.params.range=365\npolicyset.adminCertSet.2.default.params.startTime=0\npolicyset.adminCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.adminCertSet.3.constraint.name=Key Constraint\npolicyset.adminCertSet.3.constraint.params.keyType=RSA\npolicyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.adminCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.adminCertSet.3.default.name=Key Default\npolicyset.adminCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.4.constraint.name=No Constraint\npolicyset.adminCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.adminCertSet.4.default.name=Authority Key Identifier Default\npolicyset.adminCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.5.constraint.name=No Constraint\npolicyset.adminCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.adminCertSet.5.default.name=AIA Extension Default\npolicyset.adminCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.adminCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.adminCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.adminCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.adminCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.adminCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.adminCertSet.6.default.name=Key Usage Default\npolicyset.adminCertSet.6.default.params.keyUsageCritical=true\npolicyset.adminCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.7.constraint.name=No Constraint\npolicyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.adminCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.adminCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.adminCertSet.8.constraint.name=No Constraint\npolicyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC\npolicyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.adminCertSet.8.default.name=Signing Alg\npolicyset.adminCertSet.8.default.params.signingAlg=-\nprofileId=caAdminCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 400 Bad Request
2016-03-14T19:09:45Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:45Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:45Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caAdminCert?action=disable
2016-03-14T19:09:45Z DEBUG request body ''
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:45Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:45Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:45Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:45Z DEBUG response status 204 No Content
2016-03-14T19:09:45Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:45Z DEBUG response body ''
2016-03-14T19:09:45Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caAdminCert/raw
2016-03-14T19:09:45Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain administrator\'s certificates with LDAP authentication against the internal LDAP database.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Administrator Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=adminCertSet\npolicyset.adminCertSet.list=1,2,3,4,5,6,7,8\npolicyset.adminCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.adminCertSet.1.constraint.name=Subject Name Constraint\npolicyset.adminCertSet.1.constraint.params.pattern=.*\npolicyset.adminCertSet.1.constraint.params.accept=true\npolicyset.adminCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.adminCertSet.1.default.name=Subject Name Default\npolicyset.adminCertSet.1.default.params.name=\npolicyset.adminCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.adminCertSet.2.constraint.name=Validity Constraint\npolicyset.adminCertSet.2.constraint.params.range=365\npolicyset.adminCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.adminCertSet.2.constraint.params.notAfterCheck=false\npolicyset.adminCertSet.2.default.class_id=validityDefaultImpl\npolicyset.adminCertSet.2.default.name=Validity Default\npolicyset.adminCertSet.2.default.params.range=365\npolicyset.adminCertSet.2.default.params.startTime=0\npolicyset.adminCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.adminCertSet.3.constraint.name=Key Constraint\npolicyset.adminCertSet.3.constraint.params.keyType=RSA\npolicyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.adminCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.adminCertSet.3.default.name=Key Default\npolicyset.adminCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.4.constraint.name=No Constraint\npolicyset.adminCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.adminCertSet.4.default.name=Authority Key Identifier Default\npolicyset.adminCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.5.constraint.name=No Constraint\npolicyset.adminCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.adminCertSet.5.default.name=AIA Extension Default\npolicyset.adminCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.adminCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.adminCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.adminCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.adminCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.adminCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.adminCertSet.6.default.name=Key Usage Default\npolicyset.adminCertSet.6.default.params.keyUsageCritical=true\npolicyset.adminCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.7.constraint.name=No Constraint\npolicyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.adminCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.adminCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.adminCertSet.8.constraint.name=No Constraint\npolicyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC\npolicyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.adminCertSet.8.default.name=Signing Alg\npolicyset.adminCertSet.8.default.params.signingAlg=-\nprofileId=caAdminCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:45Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:45Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:45Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:45Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 200 OK
2016-03-14T19:09:46Z DEBUG response headers {'content-length': '5601', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:46Z DEBUG response body '#Mon Mar 14 14:09:46 CDT 2016\npolicyset.adminCertSet.7.constraint.class_id=noConstraintImpl\ninput.i2.class_id=submitterInfoInputImpl\npolicyset.adminCertSet.2.constraint.name=Validity Constraint\nauth.instance_id=TokenAuth\npolicyset.adminCertSet.6.default.class_id=keyUsageExtDefaultImpl\noutput.o1.class_id=certOutputImpl\npolicyset.adminCertSet.8.constraint.name=No Constraint\npolicyset.adminCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.adminCertSet.1.default.params.name=\npolicyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\npolicyset.adminCertSet.4.default.name=Authority Key Identifier Default\noutput.list=o1\npolicyset.adminCertSet.2.default.params.range=365\ninput.list=i1,i2,i3\npolicyset.adminCertSet.2.default.params.startTime=0\npolicyset.adminCertSet.8.default.params.signingAlg=-\nvisible=false\npolicyset.adminCertSet.1.constraint.name=Subject Name Constraint\ndesc=This certificate profile is for enrolling Security Domain administrator\'s certificates with LDAP authentication against the internal LDAP database.\npolicyset.adminCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.adminCertSet.7.constraint.name=No Constraint\npolicyset.adminCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.adminCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.adminCertSet.3.default.name=Key Default\npolicyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.list=1,2,3,4,5,6,7,8\npolicyset.adminCertSet.1.constraint.params.accept=true\npolicyset.adminCertSet.2.default.class_id=validityDefaultImpl\nenable=true\npolicyset.adminCertSet.2.constraint.params.range=365\npolicyset.adminCertSet.8.default.name=Signing Alg\npolicyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint\ninput.i1.class_id=certReqInputImpl\npolicyset.adminCertSet.7.default.params.exKeyUsageCritical=false\nenableBy=admin\npolicyset.adminCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.adminCertSet.3.constraint.params.keyType=RSA\npolicyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.2.constraint.params.notAfterCheck=false\ninput.i3.class_id=subjectDNInputImpl\npolicyset.adminCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.adminCertSet.5.constraint.name=No Constraint\npolicyset.adminCertSet.2.default.name=Validity Default\npolicyset.adminCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.5.constraint.class_id=noConstraintImpl\nname=Security Domain Administrator Certificate Enrollment\npolicyset.adminCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.adminCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.adminCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.adminCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.adminCertSet.4.constraint.name=No Constraint\npolicyset.adminCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.adminCertSet.1.default.name=Subject Name Default\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.adminCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.list=adminCertSet\npolicyset.adminCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.adminCertSet.3.constraint.name=Key Constraint\npolicyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC\npolicyset.adminCertSet.6.default.name=Key Usage Default\npolicyset.adminCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.1.constraint.params.pattern=.*\npolicyset.adminCertSet.6.default.params.keyUsageCritical=true\npolicyset.adminCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.5.default.name=AIA Extension Default\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.adminCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.4.constraint.class_id=noConstraintImpl\n'
2016-03-14T19:09:46Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caAdminCert?action=enable
2016-03-14T19:09:46Z DEBUG request body ''
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 204 No Content
2016-03-14T19:09:46Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:46Z DEBUG response body ''
2016-03-14T19:09:46Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:46Z DEBUG request body ''
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 204 No Content
2016-03-14T19:09:46Z DEBUG response headers {'set-cookie': 'JSESSIONID=D15C70AEB07DC363990E92D9C59B3BB5; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:46Z DEBUG response body ''
2016-03-14T19:09:46Z INFO Migrating profile 'caInternalAuthServerCert' to LDAP
2016-03-14T19:09:46Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:46Z DEBUG request body ''
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 200 OK
2016-03-14T19:09:46Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=8E21CAB58C81E5181E44909E59D53111; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:46Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:46Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:46Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain server certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectAltNameExtInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\n# allows SAN to be specified from client side\n# need to:\n# 1. add i3 to input.list above\n# 2. add 9 to policyset.serverCertSet.list above\n# 3. change below to reflect the number of general names, and\n# turn each corresponding subjAltExtPattern_<num> to true\n# policyset.serverCertSet.9.default.params.subjAltNameNumGNs\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.serverCertSet.9.default.name=Subject Alternative Name Extension Default\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_0=true\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_0=$request.req_san_pattern_0$\npolicyset.serverCertSet.9.default.params.subjAltExtType_0=DNSName\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_1=false\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_1=$request.req_san_pattern_1$\npolicyset.serverCertSet.9.default.params.subjAltExtType_1=DNSName\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_2=false\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_2=$request.req_san_pattern_2$\npolicyset.serverCertSet.9.default.params.subjAltExtType_2=DNSName\npolicyset.serverCertSet.9.default.params.subjAltNameExtCritical=false\npolicyset.serverCertSet.9.default.params.subjAltNameNumGNs=1\nprofileId=caInternalAuthServerCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 400 Bad Request
2016-03-14T19:09:46Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:46Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:46Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInternalAuthServerCert?action=disable
2016-03-14T19:09:46Z DEBUG request body ''
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 204 No Content
2016-03-14T19:09:46Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:45 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:46Z DEBUG response body ''
2016-03-14T19:09:46Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInternalAuthServerCert/raw
2016-03-14T19:09:46Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain server certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectAltNameExtInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\n# allows SAN to be specified from client side\n# need to:\n# 1. add i3 to input.list above\n# 2. add 9 to policyset.serverCertSet.list above\n# 3. change below to reflect the number of general names, and\n# turn each corresponding subjAltExtPattern_<num> to true\n# policyset.serverCertSet.9.default.params.subjAltNameNumGNs\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.serverCertSet.9.default.name=Subject Alternative Name Extension Default\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_0=true\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_0=$request.req_san_pattern_0$\npolicyset.serverCertSet.9.default.params.subjAltExtType_0=DNSName\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_1=false\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_1=$request.req_san_pattern_1$\npolicyset.serverCertSet.9.default.params.subjAltExtType_1=DNSName\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_2=false\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_2=$request.req_san_pattern_2$\npolicyset.serverCertSet.9.default.params.subjAltExtType_2=DNSName\npolicyset.serverCertSet.9.default.params.subjAltNameExtCritical=false\npolicyset.serverCertSet.9.default.params.subjAltNameNumGNs=1\nprofileId=caInternalAuthServerCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 200 OK
2016-03-14T19:09:46Z DEBUG response headers {'content-length': '6722', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:46Z DEBUG response body '#Mon Mar 14 14:09:46 CDT 2016\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=TokenAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.9.default.name=Subject Alternative Name Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.9.constraint.name=No Constraint\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_2=$request.req_san_pattern_2$\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_1=$request.req_san_pattern_1$\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_0=$request.req_san_pattern_0$\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\ndesc=This certificate profile is for enrolling Security Domain server certificates.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_2=false\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_1=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.9.default.params.subjAltExtType_2=DNSName\npolicyset.serverCertSet.9.default.params.subjAltExtType_1=DNSName\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.params.subjAltExtType_0=DNSName\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\ninput.i3.class_id=subjectAltNameExtInputImpl\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.9.default.params.subjAltNameExtCritical=false\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=Security Domain Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.9.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.params.subjAltNameNumGNs=1\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\n'
2016-03-14T19:09:46Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInternalAuthServerCert?action=enable
2016-03-14T19:09:46Z DEBUG request body ''
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 204 No Content
2016-03-14T19:09:46Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:46Z DEBUG response body ''
2016-03-14T19:09:46Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:46Z DEBUG request body ''
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 204 No Content
2016-03-14T19:09:46Z DEBUG response headers {'set-cookie': 'JSESSIONID=9A88620BFF3646B6F0B350037E7AEFDE; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:46Z DEBUG response body ''
2016-03-14T19:09:46Z INFO Migrating profile 'caInternalAuthTransportCert' to LDAP
2016-03-14T19:09:46Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:46Z DEBUG request body ''
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 200 OK
2016-03-14T19:09:46Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=E9D3C19693736C443F11C65C039A2908; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:46Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:46Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:46Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain Data Recovery Manager transport certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Data Recovery Manager Transport Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=transportCertSet\npolicyset.transportCertSet.list=1,2,3,4,5,6,7,8\npolicyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.transportCertSet.1.constraint.name=Subject Name Constraint\npolicyset.transportCertSet.1.constraint.params.pattern=CN=.*\npolicyset.transportCertSet.1.constraint.params.accept=true\npolicyset.transportCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.transportCertSet.1.default.name=Subject Name Default\npolicyset.transportCertSet.1.default.params.name=\npolicyset.transportCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.transportCertSet.2.constraint.name=Validity Constraint\npolicyset.transportCertSet.2.constraint.params.range=720\npolicyset.transportCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.transportCertSet.2.constraint.params.notAfterCheck=false\npolicyset.transportCertSet.2.default.class_id=validityDefaultImpl\npolicyset.transportCertSet.2.default.name=Validity Default\npolicyset.transportCertSet.2.default.params.range=720\npolicyset.transportCertSet.2.default.params.startTime=0\npolicyset.transportCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.transportCertSet.3.constraint.name=Key Constraint\npolicyset.transportCertSet.3.constraint.params.keyType=-\npolicyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.transportCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.transportCertSet.3.default.name=Key Default\npolicyset.transportCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.4.constraint.name=No Constraint\npolicyset.transportCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.transportCertSet.4.default.name=Authority Key Identifier Default\npolicyset.transportCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.5.constraint.name=No Constraint\npolicyset.transportCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.transportCertSet.5.default.name=AIA Extension Default\npolicyset.transportCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.transportCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.transportCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.transportCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.transportCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.transportCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.transportCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.transportCertSet.6.default.name=Key Usage Default\npolicyset.transportCertSet.6.default.params.keyUsageCritical=true\npolicyset.transportCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.7.constraint.name=No Constraint\npolicyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.transportCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.transportCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.transportCertSet.8.constraint.name=No Constraint\npolicyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.transportCertSet.8.default.name=Signing Alg\npolicyset.transportCertSet.8.default.params.signingAlg=-\nprofileId=caInternalAuthTransportCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 400 Bad Request
2016-03-14T19:09:46Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:46Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:46Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInternalAuthTransportCert?action=disable
2016-03-14T19:09:46Z DEBUG request body ''
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 204 No Content
2016-03-14T19:09:46Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:46Z DEBUG response body ''
2016-03-14T19:09:46Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInternalAuthTransportCert/raw
2016-03-14T19:09:46Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain Data Recovery Manager transport certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Data Recovery Manager Transport Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=transportCertSet\npolicyset.transportCertSet.list=1,2,3,4,5,6,7,8\npolicyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.transportCertSet.1.constraint.name=Subject Name Constraint\npolicyset.transportCertSet.1.constraint.params.pattern=CN=.*\npolicyset.transportCertSet.1.constraint.params.accept=true\npolicyset.transportCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.transportCertSet.1.default.name=Subject Name Default\npolicyset.transportCertSet.1.default.params.name=\npolicyset.transportCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.transportCertSet.2.constraint.name=Validity Constraint\npolicyset.transportCertSet.2.constraint.params.range=720\npolicyset.transportCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.transportCertSet.2.constraint.params.notAfterCheck=false\npolicyset.transportCertSet.2.default.class_id=validityDefaultImpl\npolicyset.transportCertSet.2.default.name=Validity Default\npolicyset.transportCertSet.2.default.params.range=720\npolicyset.transportCertSet.2.default.params.startTime=0\npolicyset.transportCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.transportCertSet.3.constraint.name=Key Constraint\npolicyset.transportCertSet.3.constraint.params.keyType=-\npolicyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.transportCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.transportCertSet.3.default.name=Key Default\npolicyset.transportCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.4.constraint.name=No Constraint\npolicyset.transportCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.transportCertSet.4.default.name=Authority Key Identifier Default\npolicyset.transportCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.5.constraint.name=No Constraint\npolicyset.transportCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.transportCertSet.5.default.name=AIA Extension Default\npolicyset.transportCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.transportCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.transportCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.transportCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.transportCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.transportCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.transportCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.transportCertSet.6.default.name=Key Usage Default\npolicyset.transportCertSet.6.default.params.keyUsageCritical=true\npolicyset.transportCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.7.constraint.name=No Constraint\npolicyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.transportCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.transportCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.transportCertSet.8.constraint.name=No Constraint\npolicyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.transportCertSet.8.default.name=Signing Alg\npolicyset.transportCertSet.8.default.params.signingAlg=-\nprofileId=caInternalAuthTransportCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 200 OK
2016-03-14T19:09:46Z DEBUG response headers {'content-length': '5814', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:46Z DEBUG response body '#Mon Mar 14 14:09:46 CDT 2016\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.2.default.params.startTime=0\npolicyset.transportCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.transportCertSet.6.default.params.keyUsageKeyEncipherment=true\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=TokenAuth\noutput.o1.class_id=certOutputImpl\npolicyset.transportCertSet.1.default.name=Subject Name Default\npolicyset.transportCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.transportCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.default.params.keyUsageDigitalSignature=true\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\npolicyset.transportCertSet.6.default.name=Key Usage Default\noutput.list=o1\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\ninput.list=i1,i2\npolicyset.transportCertSet.4.constraint.name=No Constraint\npolicyset.transportCertSet.1.default.params.name=\npolicyset.transportCertSet.8.default.params.signingAlg=-\npolicyset.transportCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.1.constraint.params.accept=true\nvisible=false\npolicyset.transportCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.transportCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.transportCertSet.6.default.params.keyUsageDataEncipherment=true\ndesc=This certificate profile is for enrolling Security Domain Data Recovery Manager transport certificates.\npolicyset.transportCertSet.3.constraint.name=Key Constraint\npolicyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.transportCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.transportCertSet.2.constraint.params.range=720\npolicyset.transportCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.transportCertSet.5.default.name=AIA Extension Default\npolicyset.transportCertSet.1.default.class_id=userSubjectNameDefaultImpl\nenable=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.transportCertSet.2.constraint.params.notAfterCheck=false\npolicyset.transportCertSet.2.constraint.name=Validity Constraint\npolicyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.transportCertSet.8.constraint.name=No Constraint\npolicyset.transportCertSet.3.constraint.params.keyType=-\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocation_0=\ninput.i1.class_id=certReqInputImpl\npolicyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false\nenableBy=admin\npolicyset.transportCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.4.default.name=Authority Key Identifier Default\npolicyset.transportCertSet.2.default.class_id=validityDefaultImpl\nname=Security Domain Data Recovery Manager Transport Certificate Enrollment\npolicyset.transportCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.3.default.name=Key Default\npolicyset.transportCertSet.1.constraint.name=Subject Name Constraint\npolicyset.transportCertSet.6.default.params.keyUsageCritical=true\npolicyset.transportCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.7.constraint.name=No Constraint\npolicyset.transportCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.8.default.name=Signing Alg\npolicyset.transportCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.transportCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.transportCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.transportCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.list=transportCertSet\npolicyset.transportCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.transportCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.transportCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.2.default.name=Validity Default\npolicyset.transportCertSet.1.constraint.params.pattern=CN=.*\npolicyset.transportCertSet.list=1,2,3,4,5,6,7,8\npolicyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.transportCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.transportCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.transportCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.2.default.params.range=720\npolicyset.transportCertSet.5.constraint.name=No Constraint\n'
2016-03-14T19:09:46Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInternalAuthTransportCert?action=enable
2016-03-14T19:09:46Z DEBUG request body ''
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 204 No Content
2016-03-14T19:09:46Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:46Z DEBUG response body ''
2016-03-14T19:09:46Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:46Z DEBUG request body ''
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 204 No Content
2016-03-14T19:09:46Z DEBUG response headers {'set-cookie': 'JSESSIONID=D72169FBC03FD74E5371D288EC09C3BE; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:46Z DEBUG response body ''
2016-03-14T19:09:46Z INFO Migrating profile 'caInternalAuthDRMstorageCert' to LDAP
2016-03-14T19:09:46Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:46Z DEBUG request body ''
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 200 OK
2016-03-14T19:09:46Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=DA28CB988DD7E54CB5385DA5354A7F1E; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:46Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:46Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:46Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain DRM storage certificates\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain DRM storage Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=drmStorageCertSet\npolicyset.drmStorageCertSet.list=1,2,3,4,5,6,7,9\npolicyset.drmStorageCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.drmStorageCertSet.1.constraint.name=Subject Name Constraint\npolicyset.drmStorageCertSet.1.constraint.params.pattern=CN=.*\npolicyset.drmStorageCertSet.1.constraint.params.accept=true\npolicyset.drmStorageCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.drmStorageCertSet.1.default.name=Subject Name Default\npolicyset.drmStorageCertSet.1.default.params.name=\npolicyset.drmStorageCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.drmStorageCertSet.2.constraint.name=Validity Constraint\npolicyset.drmStorageCertSet.2.constraint.params.range=720\npolicyset.drmStorageCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.drmStorageCertSet.2.constraint.params.notAfterCheck=false\npolicyset.drmStorageCertSet.2.default.class_id=validityDefaultImpl\npolicyset.drmStorageCertSet.2.default.name=Validity Default\npolicyset.drmStorageCertSet.2.default.params.range=720\npolicyset.drmStorageCertSet.2.default.params.startTime=0\npolicyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.drmStorageCertSet.3.constraint.name=Key Constraint\npolicyset.drmStorageCertSet.3.constraint.params.keyType=-\npolicyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.drmStorageCertSet.3.default.name=Key Default\npolicyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.4.constraint.name=No Constraint\npolicyset.drmStorageCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.drmStorageCertSet.4.default.name=Authority Key Identifier Default\npolicyset.drmStorageCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.5.constraint.name=No Constraint\npolicyset.drmStorageCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.drmStorageCertSet.5.default.name=AIA Extension Default\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.drmStorageCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.drmStorageCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.6.default.name=Key Usage Default\npolicyset.drmStorageCertSet.6.default.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.7.constraint.name=No Constraint\npolicyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.drmStorageCertSet.9.constraint.name=No Constraint\npolicyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.drmStorageCertSet.9.default.name=Signing Alg\npolicyset.drmStorageCertSet.9.default.params.signingAlg=-\nprofileId=caInternalAuthDRMstorageCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 400 Bad Request
2016-03-14T19:09:46Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:46Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:46Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInternalAuthDRMstorageCert?action=disable
2016-03-14T19:09:46Z DEBUG request body ''
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 204 No Content
2016-03-14T19:09:46Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:46Z DEBUG response body ''
2016-03-14T19:09:46Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInternalAuthDRMstorageCert/raw
2016-03-14T19:09:46Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain DRM storage certificates\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain DRM storage Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=drmStorageCertSet\npolicyset.drmStorageCertSet.list=1,2,3,4,5,6,7,9\npolicyset.drmStorageCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.drmStorageCertSet.1.constraint.name=Subject Name Constraint\npolicyset.drmStorageCertSet.1.constraint.params.pattern=CN=.*\npolicyset.drmStorageCertSet.1.constraint.params.accept=true\npolicyset.drmStorageCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.drmStorageCertSet.1.default.name=Subject Name Default\npolicyset.drmStorageCertSet.1.default.params.name=\npolicyset.drmStorageCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.drmStorageCertSet.2.constraint.name=Validity Constraint\npolicyset.drmStorageCertSet.2.constraint.params.range=720\npolicyset.drmStorageCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.drmStorageCertSet.2.constraint.params.notAfterCheck=false\npolicyset.drmStorageCertSet.2.default.class_id=validityDefaultImpl\npolicyset.drmStorageCertSet.2.default.name=Validity Default\npolicyset.drmStorageCertSet.2.default.params.range=720\npolicyset.drmStorageCertSet.2.default.params.startTime=0\npolicyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.drmStorageCertSet.3.constraint.name=Key Constraint\npolicyset.drmStorageCertSet.3.constraint.params.keyType=-\npolicyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.drmStorageCertSet.3.default.name=Key Default\npolicyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.4.constraint.name=No Constraint\npolicyset.drmStorageCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.drmStorageCertSet.4.default.name=Authority Key Identifier Default\npolicyset.drmStorageCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.5.constraint.name=No Constraint\npolicyset.drmStorageCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.drmStorageCertSet.5.default.name=AIA Extension Default\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.drmStorageCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.drmStorageCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.6.default.name=Key Usage Default\npolicyset.drmStorageCertSet.6.default.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.7.constraint.name=No Constraint\npolicyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.drmStorageCertSet.9.constraint.name=No Constraint\npolicyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.drmStorageCertSet.9.default.name=Signing Alg\npolicyset.drmStorageCertSet.9.default.params.signingAlg=-\nprofileId=caInternalAuthDRMstorageCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 200 OK
2016-03-14T19:09:46Z DEBUG response headers {'content-length': '5847', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:46Z DEBUG response body '#Mon Mar 14 14:09:46 CDT 2016\npolicyset.drmStorageCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=TokenAuth\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCrlSign=false\noutput.o1.class_id=certOutputImpl\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.drmStorageCertSet.5.constraint.name=No Constraint\npolicyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.drmStorageCertSet.2.default.params.range=720\npolicyset.drmStorageCertSet.6.default.params.keyUsageDataEncipherment=true\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\npolicyset.drmStorageCertSet.1.constraint.params.accept=true\noutput.list=o1\npolicyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.drmStorageCertSet.2.constraint.class_id=validityConstraintImpl\ninput.list=i1,i2\npolicyset.drmStorageCertSet.4.default.name=Authority Key Identifier Default\npolicyset.drmStorageCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.5.constraint.class_id=noConstraintImpl\nvisible=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyEncipherment=true\ndesc=This certificate profile is for enrolling Security Domain DRM storage certificates\npolicyset.drmStorageCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.drmStorageCertSet.9.default.name=Signing Alg\npolicyset.drmStorageCertSet.4.constraint.name=No Constraint\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.2.default.class_id=validityDefaultImpl\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.3.constraint.name=Key Constraint\npolicyset.drmStorageCertSet.3.default.name=Key Default\npolicyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false\nenable=true\npolicyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.drmStorageCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.drmStorageCertSet.2.constraint.params.notAfterCheck=false\npolicyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.drmStorageCertSet.9.constraint.name=No Constraint\npolicyset.drmStorageCertSet.list=1,2,3,4,5,6,7,9\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.3.constraint.params.keyType=-\npolicyset.drmStorageCertSet.2.constraint.name=Validity Constraint\npolicyset.drmStorageCertSet.2.default.name=Validity Default\npolicyset.drmStorageCertSet.1.default.params.name=\nname=Security Domain DRM storage Certificate Enrollment\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.2.constraint.params.range=720\npolicyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.1.default.name=Subject Name Default\npolicyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.drmStorageCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.drmStorageCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.drmStorageCertSet.1.constraint.name=Subject Name Constraint\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.drmStorageCertSet.9.default.params.signingAlg=-\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.list=drmStorageCertSet\npolicyset.drmStorageCertSet.6.default.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.drmStorageCertSet.7.constraint.name=No Constraint\npolicyset.drmStorageCertSet.1.constraint.params.pattern=CN=.*\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.drmStorageCertSet.6.default.name=Key Usage Default\npolicyset.drmStorageCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.drmStorageCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.2.default.params.startTime=0\npolicyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.5.default.name=AIA Extension Default\n'
2016-03-14T19:09:46Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInternalAuthDRMstorageCert?action=enable
2016-03-14T19:09:46Z DEBUG request body ''
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 204 No Content
2016-03-14T19:09:46Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:46Z DEBUG response body ''
2016-03-14T19:09:46Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:46Z DEBUG request body ''
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 204 No Content
2016-03-14T19:09:46Z DEBUG response headers {'set-cookie': 'JSESSIONID=063AB1581EBF97B3EE76D1A7BDD8D992; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:46Z DEBUG response body ''
2016-03-14T19:09:46Z INFO Migrating profile 'caInternalAuthSubsystemCert' to LDAP
2016-03-14T19:09:46Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:46Z DEBUG request body ''
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 200 OK
2016-03-14T19:09:46Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=37FA7D604034FA1C3D63E1422F7A1CF2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:46Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:46Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:46Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain subsystem certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Subsystem Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nupdater.list=u1\nupdater.u1.class_id=subsystemGroupUpdaterImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caInternalAuthSubsystemCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 400 Bad Request
2016-03-14T19:09:46Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:46Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:46Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInternalAuthSubsystemCert?action=disable
2016-03-14T19:09:46Z DEBUG request body ''
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:46Z DEBUG response status 204 No Content
2016-03-14T19:09:46Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:46Z DEBUG response body ''
2016-03-14T19:09:46Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInternalAuthSubsystemCert/raw
2016-03-14T19:09:46Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain subsystem certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Subsystem Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nupdater.list=u1\nupdater.u1.class_id=subsystemGroupUpdaterImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caInternalAuthSubsystemCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:46Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:46Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:46Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:46Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:46Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:46Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:46Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 200 OK
2016-03-14T19:09:47Z DEBUG response headers {'content-length': '5637', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:47Z DEBUG response body '#Mon Mar 14 14:09:46 CDT 2016\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=TokenAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\nupdater.list=u1\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\nupdater.u1.class_id=subsystemGroupUpdaterImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=false\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\ndesc=This certificate profile is for enrolling Security Domain subsystem certificates.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=Security Domain Subsystem Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\n'
2016-03-14T19:09:47Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInternalAuthSubsystemCert?action=enable
2016-03-14T19:09:47Z DEBUG request body ''
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 204 No Content
2016-03-14T19:09:47Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:47Z DEBUG response body ''
2016-03-14T19:09:47Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:47Z DEBUG request body ''
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 204 No Content
2016-03-14T19:09:47Z DEBUG response headers {'set-cookie': 'JSESSIONID=2F785833546A3F1907830466206B1667; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:47Z DEBUG response body ''
2016-03-14T19:09:47Z INFO Migrating profile 'caInternalAuthOCSPCert' to LDAP
2016-03-14T19:09:47Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:47Z DEBUG request body ''
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 200 OK
2016-03-14T19:09:47Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=AFE2466EF26880CA3115C0334716E8E8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:47Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:47Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:47Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain OCSP Manager certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain OCSP Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=ocspCertSet\npolicyset.ocspCertSet.list=1,2,3,4,5,6,8,9\npolicyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.ocspCertSet.1.constraint.name=Subject Name Constraint\npolicyset.ocspCertSet.1.constraint.params.pattern=CN=.*\npolicyset.ocspCertSet.1.constraint.params.accept=true\npolicyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.ocspCertSet.1.default.name=Subject Name Default\npolicyset.ocspCertSet.1.default.params.name=\npolicyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.ocspCertSet.2.constraint.name=Validity Constraint\npolicyset.ocspCertSet.2.constraint.params.range=720\npolicyset.ocspCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.ocspCertSet.2.constraint.params.notAfterCheck=false\npolicyset.ocspCertSet.2.default.class_id=validityDefaultImpl\npolicyset.ocspCertSet.2.default.name=Validity Default\npolicyset.ocspCertSet.2.default.params.range=720\npolicyset.ocspCertSet.2.default.params.startTime=0\npolicyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.ocspCertSet.3.constraint.name=Key Constraint\npolicyset.ocspCertSet.3.constraint.params.keyType=-\npolicyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.ocspCertSet.3.default.name=Key Default\npolicyset.ocspCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.4.constraint.name=No Constraint\npolicyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.ocspCertSet.4.default.name=Authority Key Identifier Default\npolicyset.ocspCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.5.constraint.name=No Constraint\npolicyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.ocspCertSet.5.default.name=AIA Extension Default\npolicyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.ocspCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl\npolicyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.ocspCertSet.6.default.name=Extended Key Usage Default\npolicyset.ocspCertSet.6.default.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl\npolicyset.ocspCertSet.8.constraint.name=No Constraint\npolicyset.ocspCertSet.8.constraint.params.extCritical=false\npolicyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5\npolicyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl\npolicyset.ocspCertSet.8.default.name=OCSP No Check Extension\npolicyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false\npolicyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.ocspCertSet.9.constraint.name=No Constraint\npolicyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.ocspCertSet.9.default.name=Signing Alg\npolicyset.ocspCertSet.9.default.params.signingAlg=-\nprofileId=caInternalAuthOCSPCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 400 Bad Request
2016-03-14T19:09:47Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:47Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:47Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInternalAuthOCSPCert?action=disable
2016-03-14T19:09:47Z DEBUG request body ''
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 204 No Content
2016-03-14T19:09:47Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:47Z DEBUG response body ''
2016-03-14T19:09:47Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInternalAuthOCSPCert/raw
2016-03-14T19:09:47Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain OCSP Manager certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain OCSP Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=ocspCertSet\npolicyset.ocspCertSet.list=1,2,3,4,5,6,8,9\npolicyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.ocspCertSet.1.constraint.name=Subject Name Constraint\npolicyset.ocspCertSet.1.constraint.params.pattern=CN=.*\npolicyset.ocspCertSet.1.constraint.params.accept=true\npolicyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.ocspCertSet.1.default.name=Subject Name Default\npolicyset.ocspCertSet.1.default.params.name=\npolicyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.ocspCertSet.2.constraint.name=Validity Constraint\npolicyset.ocspCertSet.2.constraint.params.range=720\npolicyset.ocspCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.ocspCertSet.2.constraint.params.notAfterCheck=false\npolicyset.ocspCertSet.2.default.class_id=validityDefaultImpl\npolicyset.ocspCertSet.2.default.name=Validity Default\npolicyset.ocspCertSet.2.default.params.range=720\npolicyset.ocspCertSet.2.default.params.startTime=0\npolicyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.ocspCertSet.3.constraint.name=Key Constraint\npolicyset.ocspCertSet.3.constraint.params.keyType=-\npolicyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.ocspCertSet.3.default.name=Key Default\npolicyset.ocspCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.4.constraint.name=No Constraint\npolicyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.ocspCertSet.4.default.name=Authority Key Identifier Default\npolicyset.ocspCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.5.constraint.name=No Constraint\npolicyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.ocspCertSet.5.default.name=AIA Extension Default\npolicyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.ocspCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl\npolicyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.ocspCertSet.6.default.name=Extended Key Usage Default\npolicyset.ocspCertSet.6.default.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl\npolicyset.ocspCertSet.8.constraint.name=No Constraint\npolicyset.ocspCertSet.8.constraint.params.extCritical=false\npolicyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5\npolicyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl\npolicyset.ocspCertSet.8.default.name=OCSP No Check Extension\npolicyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false\npolicyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.ocspCertSet.9.constraint.name=No Constraint\npolicyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.ocspCertSet.9.default.name=Signing Alg\npolicyset.ocspCertSet.9.default.params.signingAlg=-\nprofileId=caInternalAuthOCSPCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 200 OK
2016-03-14T19:09:47Z DEBUG response headers {'content-length': '4444', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:47Z DEBUG response body '#Mon Mar 14 14:09:47 CDT 2016\npolicyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.ocspCertSet.2.constraint.name=Validity Constraint\npolicyset.ocspCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.ocspCertSet.3.default.name=Key Default\npolicyset.ocspCertSet.1.constraint.params.accept=true\npolicyset.ocspCertSet.9.default.params.signingAlg=-\npolicyset.ocspCertSet.2.default.class_id=validityDefaultImpl\npolicyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl\nenable=true\npolicyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5\npolicyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension\npolicyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl\nenableBy=admin\npolicyset.ocspCertSet.1.constraint.name=Subject Name Constraint\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\npolicyset.ocspCertSet.6.default.name=Extended Key Usage Default\npolicyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false\npolicyset.ocspCertSet.4.constraint.class_id=noConstraintImpl\nname=Security Domain OCSP Manager Signing Certificate Enrollment\npolicyset.ocspCertSet.1.default.params.name=\npolicyset.ocspCertSet.2.default.name=Validity Default\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.8.constraint.params.extCritical=false\npolicyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl\npolicyset.ocspCertSet.5.constraint.name=No Constraint\ninput.list=i1,i2\npolicyset.ocspCertSet.9.default.name=Signing Alg\npolicyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\nvisible=false\npolicyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl\npolicyset.ocspCertSet.2.constraint.params.notAfterCheck=false\npolicyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.5.default.name=AIA Extension Default\ninput.i1.class_id=certReqInputImpl\npolicyset.ocspCertSet.9.constraint.name=No Constraint\npolicyset.ocspCertSet.1.constraint.params.pattern=CN=.*\npolicyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.ocspCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.list=ocspCertSet\npolicyset.ocspCertSet.1.default.name=Subject Name Default\npolicyset.ocspCertSet.4.constraint.name=No Constraint\npolicyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.ocspCertSet.list=1,2,3,4,5,6,8,9\npolicyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.ocspCertSet.8.default.name=OCSP No Check Extension\ninput.i2.class_id=submitterInfoInputImpl\npolicyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl\ndesc=This certificate profile is for enrolling Security Domain OCSP Manager certificates.\npolicyset.ocspCertSet.8.constraint.name=No Constraint\npolicyset.ocspCertSet.6.default.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.4.default.name=Authority Key Identifier Default\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.ocspCertSet.3.constraint.name=Key Constraint\npolicyset.ocspCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.ocspCertSet.2.default.params.range=720\npolicyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1\nauth.instance_id=TokenAuth\npolicyset.ocspCertSet.2.default.params.startTime=0\npolicyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.ocspCertSet.2.constraint.params.range=720\npolicyset.ocspCertSet.3.constraint.params.keyType=-\noutput.list=o1\npolicyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\noutput.o1.class_id=certOutputImpl\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\n'
2016-03-14T19:09:47Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInternalAuthOCSPCert?action=enable
2016-03-14T19:09:47Z DEBUG request body ''
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 204 No Content
2016-03-14T19:09:47Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:46 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:47Z DEBUG response body ''
2016-03-14T19:09:47Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:47Z DEBUG request body ''
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 204 No Content
2016-03-14T19:09:47Z DEBUG response headers {'set-cookie': 'JSESSIONID=44A9D7C18907B0961CAC90D5AC91A966; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:47Z DEBUG response body ''
2016-03-14T19:09:47Z INFO Migrating profile 'caInternalAuthAuditSigningCert' to LDAP
2016-03-14T19:09:47Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:47Z DEBUG request body ''
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 200 OK
2016-03-14T19:09:47Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=8FA3F6A2D1F963533BB5E763D39F008C; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:47Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:47Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:47Z DEBUG request body 'desc=This certificate profile is for enrolling audit signing certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Audit Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=auditSigningCertSet\npolicyset.auditSigningCertSet.list=1,2,3,4,5,6,9\npolicyset.auditSigningCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.auditSigningCertSet.1.constraint.name=Subject Name Constraint\npolicyset.auditSigningCertSet.1.constraint.params.pattern=CN=.*\npolicyset.auditSigningCertSet.1.constraint.params.accept=true\npolicyset.auditSigningCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.auditSigningCertSet.1.default.name=Subject Name Default\npolicyset.auditSigningCertSet.1.default.params.name=\npolicyset.auditSigningCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.auditSigningCertSet.2.constraint.name=Validity Constraint\npolicyset.auditSigningCertSet.2.constraint.params.range=720\npolicyset.auditSigningCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.auditSigningCertSet.2.constraint.params.notAfterCheck=false\npolicyset.auditSigningCertSet.2.default.class_id=validityDefaultImpl\npolicyset.auditSigningCertSet.2.default.name=Validity Default\npolicyset.auditSigningCertSet.2.default.params.range=720\npolicyset.auditSigningCertSet.2.default.params.startTime=0\npolicyset.auditSigningCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.auditSigningCertSet.3.constraint.name=Key Constraint\npolicyset.auditSigningCertSet.3.constraint.params.keyType=-\npolicyset.auditSigningCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.auditSigningCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.auditSigningCertSet.3.default.name=Key Default\npolicyset.auditSigningCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.auditSigningCertSet.4.constraint.name=No Constraint\npolicyset.auditSigningCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.auditSigningCertSet.4.default.name=Authority Key Identifier Default\npolicyset.auditSigningCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.auditSigningCertSet.5.constraint.name=No Constraint\npolicyset.auditSigningCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.auditSigningCertSet.5.default.name=AIA Extension Default\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.auditSigningCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.auditSigningCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.auditSigningCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.auditSigningCertSet.6.default.name=Key Usage Default\npolicyset.auditSigningCertSet.6.default.params.keyUsageCritical=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.auditSigningCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.auditSigningCertSet.9.constraint.name=No Constraint\npolicyset.auditSigningCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.auditSigningCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.auditSigningCertSet.9.default.name=Signing Alg\npolicyset.auditSigningCertSet.9.default.params.signingAlg=-\nprofileId=caInternalAuthAuditSigningCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 400 Bad Request
2016-03-14T19:09:47Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:47Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:47Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInternalAuthAuditSigningCert?action=disable
2016-03-14T19:09:47Z DEBUG request body ''
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 204 No Content
2016-03-14T19:09:47Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:47Z DEBUG response body ''
2016-03-14T19:09:47Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInternalAuthAuditSigningCert/raw
2016-03-14T19:09:47Z DEBUG request body 'desc=This certificate profile is for enrolling audit signing certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Audit Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=auditSigningCertSet\npolicyset.auditSigningCertSet.list=1,2,3,4,5,6,9\npolicyset.auditSigningCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.auditSigningCertSet.1.constraint.name=Subject Name Constraint\npolicyset.auditSigningCertSet.1.constraint.params.pattern=CN=.*\npolicyset.auditSigningCertSet.1.constraint.params.accept=true\npolicyset.auditSigningCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.auditSigningCertSet.1.default.name=Subject Name Default\npolicyset.auditSigningCertSet.1.default.params.name=\npolicyset.auditSigningCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.auditSigningCertSet.2.constraint.name=Validity Constraint\npolicyset.auditSigningCertSet.2.constraint.params.range=720\npolicyset.auditSigningCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.auditSigningCertSet.2.constraint.params.notAfterCheck=false\npolicyset.auditSigningCertSet.2.default.class_id=validityDefaultImpl\npolicyset.auditSigningCertSet.2.default.name=Validity Default\npolicyset.auditSigningCertSet.2.default.params.range=720\npolicyset.auditSigningCertSet.2.default.params.startTime=0\npolicyset.auditSigningCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.auditSigningCertSet.3.constraint.name=Key Constraint\npolicyset.auditSigningCertSet.3.constraint.params.keyType=-\npolicyset.auditSigningCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.auditSigningCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.auditSigningCertSet.3.default.name=Key Default\npolicyset.auditSigningCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.auditSigningCertSet.4.constraint.name=No Constraint\npolicyset.auditSigningCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.auditSigningCertSet.4.default.name=Authority Key Identifier Default\npolicyset.auditSigningCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.auditSigningCertSet.5.constraint.name=No Constraint\npolicyset.auditSigningCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.auditSigningCertSet.5.default.name=AIA Extension Default\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.auditSigningCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.auditSigningCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.auditSigningCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.auditSigningCertSet.6.default.name=Key Usage Default\npolicyset.auditSigningCertSet.6.default.params.keyUsageCritical=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.auditSigningCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.auditSigningCertSet.9.constraint.name=No Constraint\npolicyset.auditSigningCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.auditSigningCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.auditSigningCertSet.9.default.name=Signing Alg\npolicyset.auditSigningCertSet.9.default.params.signingAlg=-\nprofileId=caInternalAuthAuditSigningCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 200 OK
2016-03-14T19:09:47Z DEBUG response headers {'content-length': '5525', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:47Z DEBUG response body '#Mon Mar 14 14:09:47 CDT 2016\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.auditSigningCertSet.2.constraint.params.notBeforeCheck=false\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=TokenAuth\noutput.o1.class_id=certOutputImpl\npolicyset.auditSigningCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.auditSigningCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.auditSigningCertSet.6.default.params.keyUsageCritical=true\npolicyset.auditSigningCertSet.4.constraint.name=No Constraint\npolicyset.auditSigningCertSet.1.default.name=Subject Name Default\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageEncipherOnly=false\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\npolicyset.auditSigningCertSet.6.default.params.keyUsageCrlSign=false\noutput.list=o1\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.auditSigningCertSet.2.default.class_id=validityDefaultImpl\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDigitalSignature=true\ninput.list=i1,i2\npolicyset.auditSigningCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.auditSigningCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.auditSigningCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.auditSigningCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\nvisible=false\npolicyset.auditSigningCertSet.6.default.name=Key Usage Default\npolicyset.auditSigningCertSet.4.constraint.class_id=noConstraintImpl\ndesc=This certificate profile is for enrolling audit signing certificates.\npolicyset.auditSigningCertSet.3.constraint.name=Key Constraint\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.auditSigningCertSet.9.constraint.name=No Constraint\npolicyset.auditSigningCertSet.9.default.params.signingAlg=-\npolicyset.auditSigningCertSet.2.default.params.startTime=0\npolicyset.auditSigningCertSet.1.default.params.name=\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.auditSigningCertSet.1.constraint.params.pattern=CN=.*\npolicyset.auditSigningCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDecipherOnly=false\nenable=true\npolicyset.auditSigningCertSet.5.default.name=AIA Extension Default\npolicyset.auditSigningCertSet.2.constraint.name=Validity Constraint\npolicyset.auditSigningCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.auditSigningCertSet.3.constraint.class_id=keyConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.auditSigningCertSet.1.constraint.params.accept=true\npolicyset.auditSigningCertSet.2.default.params.range=720\npolicyset.auditSigningCertSet.1.constraint.name=Subject Name Constraint\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADEnable_0=true\nname=Audit Signing Certificate Enrollment\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.auditSigningCertSet.4.default.name=Authority Key Identifier Default\npolicyset.auditSigningCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.auditSigningCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.auditSigningCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.auditSigningCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.auditSigningCertSet.2.constraint.params.notAfterCheck=false\npolicyset.auditSigningCertSet.3.default.name=Key Default\npolicyset.auditSigningCertSet.9.default.name=Signing Alg\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.auditSigningCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.auditSigningCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.list=auditSigningCertSet\npolicyset.auditSigningCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.auditSigningCertSet.2.constraint.params.range=720\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.auditSigningCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.auditSigningCertSet.2.default.name=Validity Default\npolicyset.auditSigningCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.auditSigningCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.auditSigningCertSet.5.constraint.name=No Constraint\npolicyset.auditSigningCertSet.list=1,2,3,4,5,6,9\npolicyset.auditSigningCertSet.3.constraint.params.keyType=-\n'
2016-03-14T19:09:47Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caInternalAuthAuditSigningCert?action=enable
2016-03-14T19:09:47Z DEBUG request body ''
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 204 No Content
2016-03-14T19:09:47Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:47Z DEBUG response body ''
2016-03-14T19:09:47Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:47Z DEBUG request body ''
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 204 No Content
2016-03-14T19:09:47Z DEBUG response headers {'set-cookie': 'JSESSIONID=56FE0E9C507EA1BAFC9DF52A5FB90500; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:47Z DEBUG response body ''
2016-03-14T19:09:47Z INFO Migrating profile 'DomainController' to LDAP
2016-03-14T19:09:47Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:47Z DEBUG request body ''
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 200 OK
2016-03-14T19:09:47Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=F9AE643B8923179D00FCAE1807DC4A18; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:47Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:47Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:47Z DEBUG request body "desc=This profile is for enrolling Domain Controller Certificate\nenable=true\nenableBy=admin\nname=Domain Controller\nvisible=true\nauth.instance_id=AgentCertAuth\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=genericInputImpl\ninput.i3.params.gi_display_name0=ccm\ninput.i3.params.gi_param_enable0=true\ninput.i3.params.gi_param_name0=ccm\ninput.i3.params.gi_display_name1=GUID\ninput.i3.params.gi_param_enable1=true\ninput.i3.params.gi_param_name1=GUID\ninput.i3.params.gi_num=2\noutput.list=o1,o2\noutput.o1.class_id=certOutputImpl\noutput.o2.class_id=pkcs7OutputImpl\npolicyset.list=set1\npolicyset.set1.list=p2,p4,p5,subj,p6,p8,p9,p12,eku,gen,crldp\npolicyset.set1.subj.constraint.class_id=noConstraintImpl\npolicyset.set1.subj.constraint.name=No Constraint\npolicyset.set1.subj.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.subj.default.name=nsTokenUserKeySubjectNameDefault\n#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User\n#policyset.set1.subj.default.params.dnpattern=CN=GEMSTAR,OU=Domain Controllers,DC=test,dc=local\npolicyset.set1.subj.default.params.dnpattern=CN=$request.ccm$\npolicyset.set1.subj.default.params.ldap.enable=false\npolicyset.set1.subj.default.params.ldap.searchName=uid\npolicyset.set1.subj.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.subj.default.params.ldap.basedn=\npolicyset.set1.subj.default.params.ldap.maxConns=4\npolicyset.set1.subj.default.params.ldap.minConns=1\npolicyset.set1.subj.default.params.ldap.ldapconn.Version=2\npolicyset.set1.subj.default.params.ldap.ldapconn.host=\npolicyset.set1.subj.default.params.ldap.ldapconn.port=\npolicyset.set1.subj.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=true\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.ccm$\npolicyset.set1.p6.default.params.subjAltExtType_0=DNSName\npolicyset.set1.p6.default.params.subjAltExtPattern_1=(Any)1.3.6.1.4.1.311.25.1,0410$request.GUID$\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=2\npolicyset.set1.5.constraint.class_id=noConstraintImpl\npolicyset.set1.5.constraint.name=No Constraint\npolicyset.set1.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.5.default.name=AIA Extension Default\npolicyset.set1.5.default.params.authInfoAccessADEnable_0=true\npolicyset.set1.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.5.default.params.authInfoAccessADLocation_0=http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit\npolicyset.set1.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.2\npolicyset.set1.5.default.params.authInfoAccessCritical=false\npolicyset.set1.5.default.params.authInfoAccessNumADs=1\npolicyset.set1.eku.constraint.class_id=noConstraintImpl\npolicyset.set1.eku.constraint.name=No Constraint\npolicyset.set1.eku.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.set1.eku.default.name=Extended Key Usage Extension Default\npolicyset.set1.eku.default.params.exKeyUsageCritical=false\npolicyset.set1.eku.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.crldp.constraint.class_id=noConstraintImpl\npolicyset.set1.crldp.constraint.name=No Constraint\npolicyset.set1.crldp.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.crldp.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.crldp.default.params.crlDistPointsCritical=false\npolicyset.set1.crldp.default.params.crlDistPointsNum=1\npolicyset.set1.crldp.default.params.crlDistPointsEnable_0=true\npolicyset.set1.crldp.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.crldp.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.crldp.default.params.crlDistPointsPointName_0=http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit\npolicyset.set1.crldp.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.crldp.default.params.crlDistPointsReasons_0=\npolicyset.set1.gen.constraint.class_id=noConstraintImpl\npolicyset.set1.gen.constraint.name=No Constraint\npolicyset.set1.gen.default.class_id=genericExtDefaultImpl\npolicyset.set1.gen.default.name=Generic Extension\n#This is the Microsoft 'Certificate Template Name' Extensions. The Value is 'DomainController'\npolicyset.set1.gen.default.params.genericExtOID=1.3.6.1.4.1.311.20.2\npolicyset.set1.gen.default.params.genericExtData=1e200044006f006d00610069006e0043006f006e00740072006f006c006c00650072\nprofileId=DomainController\nclassId=caEnrollImpl\n"
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 400 Bad Request
2016-03-14T19:09:47Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:47Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:47Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/DomainController?action=disable
2016-03-14T19:09:47Z DEBUG request body ''
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 204 No Content
2016-03-14T19:09:47Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:47Z DEBUG response body ''
2016-03-14T19:09:47Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/DomainController/raw
2016-03-14T19:09:47Z DEBUG request body "desc=This profile is for enrolling Domain Controller Certificate\nenable=true\nenableBy=admin\nname=Domain Controller\nvisible=true\nauth.instance_id=AgentCertAuth\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=genericInputImpl\ninput.i3.params.gi_display_name0=ccm\ninput.i3.params.gi_param_enable0=true\ninput.i3.params.gi_param_name0=ccm\ninput.i3.params.gi_display_name1=GUID\ninput.i3.params.gi_param_enable1=true\ninput.i3.params.gi_param_name1=GUID\ninput.i3.params.gi_num=2\noutput.list=o1,o2\noutput.o1.class_id=certOutputImpl\noutput.o2.class_id=pkcs7OutputImpl\npolicyset.list=set1\npolicyset.set1.list=p2,p4,p5,subj,p6,p8,p9,p12,eku,gen,crldp\npolicyset.set1.subj.constraint.class_id=noConstraintImpl\npolicyset.set1.subj.constraint.name=No Constraint\npolicyset.set1.subj.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.subj.default.name=nsTokenUserKeySubjectNameDefault\n#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User\n#policyset.set1.subj.default.params.dnpattern=CN=GEMSTAR,OU=Domain Controllers,DC=test,dc=local\npolicyset.set1.subj.default.params.dnpattern=CN=$request.ccm$\npolicyset.set1.subj.default.params.ldap.enable=false\npolicyset.set1.subj.default.params.ldap.searchName=uid\npolicyset.set1.subj.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.subj.default.params.ldap.basedn=\npolicyset.set1.subj.default.params.ldap.maxConns=4\npolicyset.set1.subj.default.params.ldap.minConns=1\npolicyset.set1.subj.default.params.ldap.ldapconn.Version=2\npolicyset.set1.subj.default.params.ldap.ldapconn.host=\npolicyset.set1.subj.default.params.ldap.ldapconn.port=\npolicyset.set1.subj.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=true\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.ccm$\npolicyset.set1.p6.default.params.subjAltExtType_0=DNSName\npolicyset.set1.p6.default.params.subjAltExtPattern_1=(Any)1.3.6.1.4.1.311.25.1,0410$request.GUID$\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=2\npolicyset.set1.5.constraint.class_id=noConstraintImpl\npolicyset.set1.5.constraint.name=No Constraint\npolicyset.set1.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.5.default.name=AIA Extension Default\npolicyset.set1.5.default.params.authInfoAccessADEnable_0=true\npolicyset.set1.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.5.default.params.authInfoAccessADLocation_0=http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit\npolicyset.set1.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.2\npolicyset.set1.5.default.params.authInfoAccessCritical=false\npolicyset.set1.5.default.params.authInfoAccessNumADs=1\npolicyset.set1.eku.constraint.class_id=noConstraintImpl\npolicyset.set1.eku.constraint.name=No Constraint\npolicyset.set1.eku.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.set1.eku.default.name=Extended Key Usage Extension Default\npolicyset.set1.eku.default.params.exKeyUsageCritical=false\npolicyset.set1.eku.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.crldp.constraint.class_id=noConstraintImpl\npolicyset.set1.crldp.constraint.name=No Constraint\npolicyset.set1.crldp.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.crldp.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.crldp.default.params.crlDistPointsCritical=false\npolicyset.set1.crldp.default.params.crlDistPointsNum=1\npolicyset.set1.crldp.default.params.crlDistPointsEnable_0=true\npolicyset.set1.crldp.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.crldp.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.crldp.default.params.crlDistPointsPointName_0=http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit\npolicyset.set1.crldp.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.crldp.default.params.crlDistPointsReasons_0=\npolicyset.set1.gen.constraint.class_id=noConstraintImpl\npolicyset.set1.gen.constraint.name=No Constraint\npolicyset.set1.gen.default.class_id=genericExtDefaultImpl\npolicyset.set1.gen.default.name=Generic Extension\n#This is the Microsoft 'Certificate Template Name' Extensions. The Value is 'DomainController'\npolicyset.set1.gen.default.params.genericExtOID=1.3.6.1.4.1.311.20.2\npolicyset.set1.gen.default.params.genericExtData=1e200044006f006d00610069006e0043006f006e00740072006f006c006c00650072\nprofileId=DomainController\nclassId=caEnrollImpl\n"
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 200 OK
2016-03-14T19:09:47Z DEBUG response headers {'content-length': '7334', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:47Z DEBUG response body '#Mon Mar 14 14:09:47 CDT 2016\npolicyset.set1.subj.default.params.ldap.ldapconn.host=\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=AgentCertAuth\npolicyset.set1.crldp.constraint.class_id=noConstraintImpl\noutput.o1.class_id=certOutputImpl\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=true\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p5.constraint.name=No Constraint\ninput.i3.params.gi_param_enable1=true\ninput.i3.params.gi_param_enable0=true\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.crldp.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.crldp.default.params.crlDistPointsEnable_0=true\npolicyset.set1.5.default.params.authInfoAccessCritical=false\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.crldp.default.name=crlDistributionPointsExtDefaultImpl\noutput.list=o1,o2\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.5.default.params.authInfoAccessADLocation_0=http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit\npolicyset.set1.eku.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\ninput.list=i1,i2,i3\npolicyset.set1.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\nvisible=true\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.gen.constraint.class_id=noConstraintImpl\npolicyset.set1.gen.constraint.name=No Constraint\ndesc=This profile is for enrolling Domain Controller Certificate\npolicyset.set1.list=p2,p4,p5,subj,p6,p8,p9,p12,eku,gen,crldp\npolicyset.set1.subj.constraint.class_id=noConstraintImpl\npolicyset.set1.crldp.constraint.name=No Constraint\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.default.class_id=validityDefaultImpl\ninput.i3.params.gi_num=2\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtPattern_1=(Any)1.3.6.1.4.1.311.25.1,0410$request.GUID$\npolicyset.set1.crldp.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.ccm$\npolicyset.set1.gen.default.params.genericExtOID=1.3.6.1.4.1.311.20.2\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\ninput.i3.params.gi_display_name1=GUID\ninput.i3.params.gi_display_name0=ccm\npolicyset.set1.subj.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.subj.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.subj.default.params.ldap.ldapconn.port=\npolicyset.set1.crldp.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.crldp.default.params.crlDistPointsNum=1\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\nenable=true\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.set1.crldp.default.params.crlDistPointsReasons_0=\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\ninput.i3.class_id=genericInputImpl\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.subj.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\noutput.o2.class_id=pkcs7OutputImpl\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.subj.default.params.ldap.basedn=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.5.default.params.authInfoAccessNumADs=1\npolicyset.set1.subj.default.params.dnpattern=CN=$request.ccm$\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.gen.default.name=Generic Extension\npolicyset.set1.crldp.default.params.crlDistPointsPointName_0=http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\nname=Domain Controller\npolicyset.set1.subj.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.eku.constraint.name=No Constraint\npolicyset.set1.gen.default.class_id=genericExtDefaultImpl\npolicyset.set1.eku.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.5.default.params.authInfoAccessADEnable_0=true\npolicyset.set1.p6.default.params.subjAltNameNumGNs=2\npolicyset.set1.subj.default.params.ldap.maxConns=4\npolicyset.set1.crldp.default.params.crlDistPointsCritical=false\ninput.i3.params.gi_param_name1=GUID\ninput.i3.params.gi_param_name0=ccm\npolicyset.set1.subj.default.params.ldap.minConns=1\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.eku.default.name=Extended Key Usage Extension Default\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p2.default.params.range=1825\npolicyset.list=set1\npolicyset.set1.eku.default.params.exKeyUsageCritical=false\npolicyset.set1.5.default.name=AIA Extension Default\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.5.constraint.name=No Constraint\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.crldp.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_0=DNSName\npolicyset.set1.subj.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.gen.default.params.genericExtData=1e200044006f006d00610069006e0043006f006e00740072006f006c006c00650072\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.2\npolicyset.set1.subj.default.params.ldap.searchName=uid\npolicyset.set1.5.constraint.class_id=noConstraintImpl\npolicyset.set1.eku.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.set1.subj.default.params.ldap.enable=false\npolicyset.set1.subj.constraint.name=No Constraint\npolicyset.set1.p2.default.params.startTime=0\n'
2016-03-14T19:09:47Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/DomainController?action=enable
2016-03-14T19:09:47Z DEBUG request body ''
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 204 No Content
2016-03-14T19:09:47Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:47Z DEBUG response body ''
2016-03-14T19:09:47Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:47Z DEBUG request body ''
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 204 No Content
2016-03-14T19:09:47Z DEBUG response headers {'set-cookie': 'JSESSIONID=0B45D279DDAC270BA724DDD3B0BC5266; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:47Z DEBUG response body ''
2016-03-14T19:09:47Z INFO Migrating profile 'caDualRAuserCert' to LDAP
2016-03-14T19:09:47Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:47Z DEBUG request body ''
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 200 OK
2016-03-14T19:09:47Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=2E1243D6F4B2E527FA0087A0E9E9B0AA; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:47Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:47Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:47Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated User Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=.*UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDualRAuserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 400 Bad Request
2016-03-14T19:09:47Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:47Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:47Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caDualRAuserCert?action=disable
2016-03-14T19:09:47Z DEBUG request body ''
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 204 No Content
2016-03-14T19:09:47Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:47Z DEBUG response body ''
2016-03-14T19:09:47Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caDualRAuserCert/raw
2016-03-14T19:09:47Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated User Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=.*UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDualRAuserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 200 OK
2016-03-14T19:09:47Z DEBUG response headers {'content-length': '5768', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:47Z DEBUG response body '#Mon Mar 14 14:09:47 CDT 2016\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.3.constraint.params.keyType=RSA\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\noutput.o1.class_id=certOutputImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\noutput.list=o1\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\ninput.list=i1,i2\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.2.constraint.params.range=365\nvisible=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.2.default.name=Validity Default\ndesc=This certificate profile is for enrolling user certificates with RA agent authentication.\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.9.default.params.signingAlg=-\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.1.constraint.params.pattern=.*UID=.*\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\nenable=true\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.9.constraint.name=No Constraint\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\nname=RA Agent-Authenticated User Certificate Enrollment\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.list=userCertSet\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\n'
2016-03-14T19:09:47Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caDualRAuserCert?action=enable
2016-03-14T19:09:47Z DEBUG request body ''
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:47Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:47Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:47Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:47Z DEBUG response status 204 No Content
2016-03-14T19:09:47Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:47Z DEBUG response body ''
2016-03-14T19:09:47Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:47Z DEBUG request body ''
2016-03-14T19:09:47Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:47Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:47Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:47Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 204 No Content
2016-03-14T19:09:48Z DEBUG response headers {'set-cookie': 'JSESSIONID=4207371FE8201EF97AB634DCFE10E2C1; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:48Z DEBUG response body ''
2016-03-14T19:09:48Z INFO Migrating profile 'caRAagentCert' to LDAP
2016-03-14T19:09:48Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:48Z DEBUG request body ''
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 200 OK
2016-03-14T19:09:48Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=0876297D1B7C523C789E116802CFF505; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:48Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:48Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:48Z DEBUG request body 'desc=This certificate profile is for enrolling RA agent user certificates with RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated Agent User Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caRAagentCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 400 Bad Request
2016-03-14T19:09:48Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:48Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:48Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caRAagentCert?action=disable
2016-03-14T19:09:48Z DEBUG request body ''
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 204 No Content
2016-03-14T19:09:48Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:48Z DEBUG response body ''
2016-03-14T19:09:48Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caRAagentCert/raw
2016-03-14T19:09:48Z DEBUG request body 'desc=This certificate profile is for enrolling RA agent user certificates with RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated Agent User Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caRAagentCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 200 OK
2016-03-14T19:09:48Z DEBUG response headers {'content-length': '5821', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:48Z DEBUG response body '#Mon Mar 14 14:09:48 CDT 2016\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.3.constraint.params.keyType=RSA\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\noutput.o1.class_id=certOutputImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\noutput.list=o1\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\ninput.list=i1,i2,i3\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.2.constraint.params.range=365\nvisible=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.2.default.name=Validity Default\ndesc=This certificate profile is for enrolling RA agent user certificates with RA agent authentication.\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.9.default.params.signingAlg=-\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\nenable=true\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.9.constraint.name=No Constraint\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.constraint.name=Validity Constraint\ninput.i3.class_id=subjectDNInputImpl\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\nname=RA Agent-Authenticated Agent User Certificate Enrollment\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.list=userCertSet\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\n'
2016-03-14T19:09:48Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caRAagentCert?action=enable
2016-03-14T19:09:48Z DEBUG request body ''
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 204 No Content
2016-03-14T19:09:48Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:48Z DEBUG response body ''
2016-03-14T19:09:48Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:48Z DEBUG request body ''
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 204 No Content
2016-03-14T19:09:48Z DEBUG response headers {'set-cookie': 'JSESSIONID=FA9350D223D2E8DE7C2987828B9759F2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:48Z DEBUG response body ''
2016-03-14T19:09:48Z INFO Migrating profile 'caRAserverCert' to LDAP
2016-03-14T19:09:48Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:48Z DEBUG request body ''
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 200 OK
2016-03-14T19:09:48Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=D50D601388BEDF929D2AE970F8CE9D35; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:48Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:48Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:48Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRAserverCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 400 Bad Request
2016-03-14T19:09:48Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:48Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:48Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caRAserverCert?action=disable
2016-03-14T19:09:48Z DEBUG request body ''
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 204 No Content
2016-03-14T19:09:48Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:47 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:48Z DEBUG response body ''
2016-03-14T19:09:48Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caRAserverCert/raw
2016-03-14T19:09:48Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRAserverCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 200 OK
2016-03-14T19:09:48Z DEBUG response headers {'content-length': '5313', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:48Z DEBUG response body '#Mon Mar 14 14:09:48 CDT 2016\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=false\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\ndesc=This certificate profile is for enrolling server certificates with RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\n'
2016-03-14T19:09:48Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caRAserverCert?action=enable
2016-03-14T19:09:48Z DEBUG request body ''
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 204 No Content
2016-03-14T19:09:48Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:48Z DEBUG response body ''
2016-03-14T19:09:48Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:48Z DEBUG request body ''
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 204 No Content
2016-03-14T19:09:48Z DEBUG response headers {'set-cookie': 'JSESSIONID=1C09528AB1051EC38D3801D54F734A9B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:48Z DEBUG response body ''
2016-03-14T19:09:48Z INFO Migrating profile 'caUUIDdeviceCert' to LDAP
2016-03-14T19:09:48Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:48Z DEBUG request body ''
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 200 OK
2016-03-14T19:09:48Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=AC9DE6DE38684CC748D9C69E7DFB1747; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:48Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:48Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:48Z DEBUG request body 'desc=This certificate profile is for enrolling device certificates to contain UUID in the Subject Alternative Name extension\nvisible=true\nenable=false\nenableBy=admin\nname=Manual device Dual-Use Certificate Enrollment to contain UUID in SAN\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltExtType_1=OtherName\npolicyset.userCertSet.8.default.params.subjAltExtPattern_1=(IA5String)1.2.3.4,$server.source$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_1=true\npolicyset.userCertSet.8.default.params.subjAltExtSource_1=UUID4\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=2\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caUUIDdeviceCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 400 Bad Request
2016-03-14T19:09:48Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:48Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:48Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caUUIDdeviceCert?action=disable
2016-03-14T19:09:48Z DEBUG request body ''
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 204 No Content
2016-03-14T19:09:48Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:48Z DEBUG response body ''
2016-03-14T19:09:48Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caUUIDdeviceCert/raw
2016-03-14T19:09:48Z DEBUG request body 'desc=This certificate profile is for enrolling device certificates to contain UUID in the Subject Alternative Name extension\nvisible=true\nenable=false\nenableBy=admin\nname=Manual device Dual-Use Certificate Enrollment to contain UUID in SAN\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltExtType_1=OtherName\npolicyset.userCertSet.8.default.params.subjAltExtPattern_1=(IA5String)1.2.3.4,$server.source$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_1=true\npolicyset.userCertSet.8.default.params.subjAltExtSource_1=UUID4\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=2\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caUUIDdeviceCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 200 OK
2016-03-14T19:09:48Z DEBUG response headers {'content-length': '6156', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:48Z DEBUG response body '#Mon Mar 14 14:09:48 CDT 2016\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.3.constraint.params.keyType=-\ninput.i2.class_id=subjectNameInputImpl\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\noutput.o1.class_id=certOutputImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\noutput.list=o1\npolicyset.userCertSet.8.default.params.subjAltExtSource_1=UUID4\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\ninput.list=i1,i2,i3\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.2.constraint.params.range=365\nvisible=true\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.2.default.name=Validity Default\ndesc=This certificate profile is for enrolling device certificates to contain UUID in the Subject Alternative Name extension\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.9.default.params.signingAlg=-\nauth.class_id=\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=2\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\nenable=false\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.9.constraint.name=No Constraint\ninput.i1.class_id=keyGenInputImpl\nenableBy=admin\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.constraint.name=Validity Constraint\ninput.i3.class_id=submitterInfoInputImpl\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_1=true\nname=Manual device Dual-Use Certificate Enrollment to contain UUID in SAN\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.list=userCertSet\npolicyset.userCertSet.8.default.params.subjAltExtPattern_1=(IA5String)1.2.3.4,$server.source$\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.8.default.params.subjAltExtType_1=OtherName\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\n'
2016-03-14T19:09:48Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caUUIDdeviceCert?action=enable
2016-03-14T19:09:48Z DEBUG request body ''
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 204 No Content
2016-03-14T19:09:48Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:48Z DEBUG response body ''
2016-03-14T19:09:48Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:48Z DEBUG request body ''
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 204 No Content
2016-03-14T19:09:48Z DEBUG response headers {'set-cookie': 'JSESSIONID=5A97EC74CA0D3AE9FD603C454BFC8394; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:48Z DEBUG response body ''
2016-03-14T19:09:48Z INFO Migrating profile 'caSSLClientSelfRenewal' to LDAP
2016-03-14T19:09:48Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:48Z DEBUG request body ''
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 200 OK
2016-03-14T19:09:48Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=5C4F8BFBFDA9F77905E407865559ACAB; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:48Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:48Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:48Z DEBUG request body 'desc=This certificate profile is for renewing SSL client certificates.\nvisible=true\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=SSLclientCertAuth\nname=Renewal: Self-renew user SSL client certificates\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caSSLClientSelfRenewal\nclassId=caEnrollImpl\n'
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 400 Bad Request
2016-03-14T19:09:48Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:48Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:48Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caSSLClientSelfRenewal?action=disable
2016-03-14T19:09:48Z DEBUG request body ''
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 204 No Content
2016-03-14T19:09:48Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:48Z DEBUG response body ''
2016-03-14T19:09:48Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caSSLClientSelfRenewal/raw
2016-03-14T19:09:48Z DEBUG request body 'desc=This certificate profile is for renewing SSL client certificates.\nvisible=true\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=SSLclientCertAuth\nname=Renewal: Self-renew user SSL client certificates\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caSSLClientSelfRenewal\nclassId=caEnrollImpl\n'
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 200 OK
2016-03-14T19:09:48Z DEBUG response headers {'content-length': '292', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:48Z DEBUG response body '#Mon Mar 14 14:09:48 CDT 2016\nname=Renewal: Self-renew user SSL client certificates\nvisible=true\nenableBy=admin\nrenewal=true\nenable=true\ndesc=This certificate profile is for renewing SSL client certificates.\nauth.instance_id=SSLclientCertAuth\noutput.list=o1\noutput.o1.class_id=certOutputImpl\n'
2016-03-14T19:09:48Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caSSLClientSelfRenewal?action=enable
2016-03-14T19:09:48Z DEBUG request body ''
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 204 No Content
2016-03-14T19:09:48Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:48Z DEBUG response body ''
2016-03-14T19:09:48Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:48Z DEBUG request body ''
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 204 No Content
2016-03-14T19:09:48Z DEBUG response headers {'set-cookie': 'JSESSIONID=45000A2736DE17F854C3926E15C01A42; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:48Z DEBUG response body ''
2016-03-14T19:09:48Z INFO Migrating profile 'caDirUserRenewal' to LDAP
2016-03-14T19:09:48Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:48Z DEBUG request body ''
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 200 OK
2016-03-14T19:09:48Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=032BCDB8C2FBBC18FD079C1829DEFB87; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:48Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:48Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:48Z DEBUG request body 'desc=This certificate profile is for renewing a certificate by serial number by using directory based authentication.\nvisible=true\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=UserDirEnrollment\nauthz.acl=user_origreq="auth_token.uid"\nname=Renewal: Directory-Authenticated User Certificate Self-Renew profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caDirUserRenewal\nclassId=caEnrollImpl\n'
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 400 Bad Request
2016-03-14T19:09:48Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:48Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:48Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caDirUserRenewal?action=disable
2016-03-14T19:09:48Z DEBUG request body ''
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:48Z DEBUG response status 204 No Content
2016-03-14T19:09:48Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:48Z DEBUG response body ''
2016-03-14T19:09:48Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caDirUserRenewal/raw
2016-03-14T19:09:48Z DEBUG request body 'desc=This certificate profile is for renewing a certificate by serial number by using directory based authentication.\nvisible=true\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=UserDirEnrollment\nauthz.acl=user_origreq="auth_token.uid"\nname=Renewal: Directory-Authenticated User Certificate Self-Renew profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caDirUserRenewal\nclassId=caEnrollImpl\n'
2016-03-14T19:09:48Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:48Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:48Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:48Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:48Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:48Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:48Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 200 OK
2016-03-14T19:09:49Z DEBUG response headers {'content-length': '455', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:49Z DEBUG response body '#Mon Mar 14 14:09:49 CDT 2016\nauthz.acl=user_origreq="auth_token.uid"\nname=Renewal: Directory-Authenticated User Certificate Self-Renew profile\nvisible=true\ninput.list=i1\nenableBy=admin\nrenewal=true\nenable=true\ndesc=This certificate profile is for renewing a certificate by serial number by using directory based authentication.\ninput.i1.class_id=serialNumRenewInputImpl\nauth.instance_id=UserDirEnrollment\noutput.list=o1\noutput.o1.class_id=certOutputImpl\n'
2016-03-14T19:09:49Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caDirUserRenewal?action=enable
2016-03-14T19:09:49Z DEBUG request body ''
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 204 No Content
2016-03-14T19:09:49Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:49Z DEBUG response body ''
2016-03-14T19:09:49Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:49Z DEBUG request body ''
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 204 No Content
2016-03-14T19:09:49Z DEBUG response headers {'set-cookie': 'JSESSIONID=90C92274B92B720B3E96A5878B0CA26C; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:49Z DEBUG response body ''
2016-03-14T19:09:49Z INFO Migrating profile 'caManualRenewal' to LDAP
2016-03-14T19:09:49Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:49Z DEBUG request body ''
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 200 OK
2016-03-14T19:09:49Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=A019678CF45FDA00C77B476D1C68AF87; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:49Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:49Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:49Z DEBUG request body 'desc=This certificate profile is for renewing certificates to be approved manually by agents.\nvisible=true\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=\nname=Renewal: Renew certificate to be manually approved by agents\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caManualRenewal\nclassId=caEnrollImpl\n'
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 400 Bad Request
2016-03-14T19:09:49Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:49Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:49Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caManualRenewal?action=disable
2016-03-14T19:09:49Z DEBUG request body ''
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 204 No Content
2016-03-14T19:09:49Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:49Z DEBUG response body ''
2016-03-14T19:09:49Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caManualRenewal/raw
2016-03-14T19:09:49Z DEBUG request body 'desc=This certificate profile is for renewing certificates to be approved manually by agents.\nvisible=true\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=\nname=Renewal: Renew certificate to be manually approved by agents\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caManualRenewal\nclassId=caEnrollImpl\n'
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 200 OK
2016-03-14T19:09:49Z DEBUG response headers {'content-length': '366', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:49Z DEBUG response body '#Mon Mar 14 14:09:49 CDT 2016\nname=Renewal: Renew certificate to be manually approved by agents\nvisible=true\ninput.list=i1\nenableBy=admin\nrenewal=true\nenable=true\ndesc=This certificate profile is for renewing certificates to be approved manually by agents.\ninput.i1.class_id=serialNumRenewInputImpl\nauth.instance_id=\noutput.list=o1\noutput.o1.class_id=certOutputImpl\n'
2016-03-14T19:09:49Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caManualRenewal?action=enable
2016-03-14T19:09:49Z DEBUG request body ''
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 204 No Content
2016-03-14T19:09:49Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:49Z DEBUG response body ''
2016-03-14T19:09:49Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:49Z DEBUG request body ''
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 204 No Content
2016-03-14T19:09:49Z DEBUG response headers {'set-cookie': 'JSESSIONID=03486BFC3455C8088FD64345333A2613; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:49Z DEBUG response body ''
2016-03-14T19:09:49Z INFO Migrating profile 'caTokenMSLoginEnrollment' to LDAP
2016-03-14T19:09:49Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:49Z DEBUG request body ''
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 200 OK
2016-03-14T19:09:49Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=6CDF9D3E786ADD78061CDC80E03CB034; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:49Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:49Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:49Z DEBUG request body 'desc=This profile is for enrolling MS Login Certificate\nenable=true\nenableBy=admin\nname=Token User MS Login Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12,p13,p14,p15\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=CN=uid=$request.uid$,E=$request.mail$, ou=$request.upn$, o=example\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=true\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail,givenName,sn,upn\npolicyset.set1.p1.default.params.ldap.basedn=ou=People,dc=example,dc=com\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=localhost.localdomain\npolicyset.set1.p1.default.params.ldap.ldapconn.port=389\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=(UTF8String)1.3.6.1.4.1.311.20.2.3,$request.upn$\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=2\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\n policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=true\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=http://localhost.localdomain:9443/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=true\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=http://localhost.localdomain:9443/ca/ocsp\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\npolicyset.set1.p15.constraint.class_id=noConstraintImpl\npolicyset.set1.p15.constraint.name=No Constraint\npolicyset.set1.p15.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.set1.p15.default.name=Extended Key Usage Extension Default\npolicyset.set1.p15.default.params.exKeyUsageCritical=false\npolicyset.set1.p15.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.4.1.311.20.2.2\n\nprofileId=caTokenMSLoginEnrollment\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 400 Bad Request
2016-03-14T19:09:49Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:48 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:49Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:49Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenMSLoginEnrollment?action=disable
2016-03-14T19:09:49Z DEBUG request body ''
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 204 No Content
2016-03-14T19:09:49Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:49Z DEBUG response body ''
2016-03-14T19:09:49Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenMSLoginEnrollment/raw
2016-03-14T19:09:49Z DEBUG request body 'desc=This profile is for enrolling MS Login Certificate\nenable=true\nenableBy=admin\nname=Token User MS Login Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12,p13,p14,p15\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=CN=uid=$request.uid$,E=$request.mail$, ou=$request.upn$, o=example\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=true\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail,givenName,sn,upn\npolicyset.set1.p1.default.params.ldap.basedn=ou=People,dc=example,dc=com\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=localhost.localdomain\npolicyset.set1.p1.default.params.ldap.ldapconn.port=389\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=(UTF8String)1.3.6.1.4.1.311.20.2.3,$request.upn$\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=2\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\n policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=true\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=http://localhost.localdomain:9443/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=true\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=http://localhost.localdomain:9443/ca/ocsp\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\npolicyset.set1.p15.constraint.class_id=noConstraintImpl\npolicyset.set1.p15.constraint.name=No Constraint\npolicyset.set1.p15.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.set1.p15.default.name=Extended Key Usage Extension Default\npolicyset.set1.p15.default.params.exKeyUsageCritical=false\npolicyset.set1.p15.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.4.1.311.20.2.2\n\nprofileId=caTokenMSLoginEnrollment\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 200 OK
2016-03-14T19:09:49Z DEBUG response headers {'transfer-encoding': 'chunked', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:49Z DEBUG response body '#Mon Mar 14 14:09:49 CDT 2016\npolicyset.set1.p1.default.params.ldap.enable=true\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\nauth.instance_id=AgentCertAuth\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=389\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\noutput.o2.name=nsNKeyOutputImpl\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\nenable=true\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=http://localhost.localdomain:9443/ca/ocsp\npolicyset.set1.p15.constraint.name=No Constraint\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\ninput.i1.name=nsNKeyCertReqInputImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\noutput.o1.class_id=nsNKeyOutputImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p1.default.params.dnpattern=CN=uid=$request.uid$,E=$request.mail$, ou=$request.upn$, o=example\npolicyset.set1.p1.default.params.ldap.ldapconn.host=localhost.localdomain\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12,p13,p14,p15\npolicyset.set1.p6.default.params.subjAltExtPattern_1=(UTF8String)1.3.6.1.4.1.311.20.2.3,$request.upn$\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\noutput.list=o1\npolicyset.set1.p15.default.name=Extended Key Usage Extension Default\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p15.default.params.exKeyUsageCritical=false\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\nname=Token User MS Login Certificate Enrollment\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail,givenName,sn,upn\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p1.constraint.name=No Constraint\ninput.list=i1\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p15.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.num=5\nenableBy=admin\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p9.constraint.name=No Constraint\ndesc=This profile is for enrolling MS Login Certificate\npolicyset.set1.p15.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.4.1.311.20.2.2\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p15.default.class_id=extendedKeyUsageExtDefaultImpl\ninput.i1.class_id=nsNKeyCertReqInputImpl\npolicyset.set1.p6.default.params.subjAltNameNumGNs=2\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=http://localhost.localdomain:9443/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.list=set1\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p2.constraint.name=No Constraint\nvisible=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=true\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p1.default.params.ldap.basedn=ou=People,dc=example,dc=com\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\n'
2016-03-14T19:09:49Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenMSLoginEnrollment?action=enable
2016-03-14T19:09:49Z DEBUG request body ''
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 204 No Content
2016-03-14T19:09:49Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:49Z DEBUG response body ''
2016-03-14T19:09:49Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:49Z DEBUG request body ''
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 204 No Content
2016-03-14T19:09:49Z DEBUG response headers {'set-cookie': 'JSESSIONID=2E351DF7721805EB4A9BD8041BD5F237; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:49Z DEBUG response body ''
2016-03-14T19:09:49Z INFO Migrating profile 'caTokenUserSigningKeyRenewal' to LDAP
2016-03-14T19:09:49Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:49Z DEBUG request body ''
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 200 OK
2016-03-14T19:09:49Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=143EF8997488D7EF56AB26CD28DFAC74; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:49Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:49Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:49Z DEBUG request body 'desc=This certificate profile is for renewing a token certificate\nvisible=false\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=AgentCertAuth\nname=smart card token signing cert renewal profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caTokenUserSigningKeyRenewal\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 400 Bad Request
2016-03-14T19:09:49Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:49Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:49Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserSigningKeyRenewal?action=disable
2016-03-14T19:09:49Z DEBUG request body ''
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 204 No Content
2016-03-14T19:09:49Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:49Z DEBUG response body ''
2016-03-14T19:09:49Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserSigningKeyRenewal/raw
2016-03-14T19:09:49Z DEBUG request body 'desc=This certificate profile is for renewing a token certificate\nvisible=false\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=AgentCertAuth\nname=smart card token signing cert renewal profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caTokenUserSigningKeyRenewal\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 200 OK
2016-03-14T19:09:49Z DEBUG response headers {'content-length': '337', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:49Z DEBUG response body '#Mon Mar 14 14:09:49 CDT 2016\nname=smart card token signing cert renewal profile\nvisible=false\ninput.list=i1\nenableBy=admin\nrenewal=true\nenable=true\ndesc=This certificate profile is for renewing a token certificate\ninput.i1.class_id=serialNumRenewInputImpl\nauth.instance_id=AgentCertAuth\noutput.list=o1\noutput.o1.class_id=certOutputImpl\n'
2016-03-14T19:09:49Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserSigningKeyRenewal?action=enable
2016-03-14T19:09:49Z DEBUG request body ''
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 204 No Content
2016-03-14T19:09:49Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:49Z DEBUG response body ''
2016-03-14T19:09:49Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:49Z DEBUG request body ''
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 204 No Content
2016-03-14T19:09:49Z DEBUG response headers {'set-cookie': 'JSESSIONID=B906A14EC4A084FF7730DFD86370934D; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:49Z DEBUG response body ''
2016-03-14T19:09:49Z INFO Migrating profile 'caTokenUserEncryptionKeyRenewal' to LDAP
2016-03-14T19:09:49Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:49Z DEBUG request body ''
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 200 OK
2016-03-14T19:09:49Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=220ABC0E491C127AB87C96F1BDE68B53; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:49Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:49Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:49Z DEBUG request body 'desc=This certificate profile is for renewing a token encryption certificate\nvisible=false\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=AgentCertAuth\nname=smart card token encryption cert renewal profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caTokenUserEncryptionKeyRenewal\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 400 Bad Request
2016-03-14T19:09:49Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:49Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:49Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserEncryptionKeyRenewal?action=disable
2016-03-14T19:09:49Z DEBUG request body ''
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 204 No Content
2016-03-14T19:09:49Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:49Z DEBUG response body ''
2016-03-14T19:09:49Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserEncryptionKeyRenewal/raw
2016-03-14T19:09:49Z DEBUG request body 'desc=This certificate profile is for renewing a token encryption certificate\nvisible=false\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=AgentCertAuth\nname=smart card token encryption cert renewal profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caTokenUserEncryptionKeyRenewal\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:49Z DEBUG response status 200 OK
2016-03-14T19:09:49Z DEBUG response headers {'content-length': '351', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:49Z DEBUG response body '#Mon Mar 14 14:09:49 CDT 2016\nname=smart card token encryption cert renewal profile\nvisible=false\ninput.list=i1\nenableBy=admin\nrenewal=true\nenable=true\ndesc=This certificate profile is for renewing a token encryption certificate\ninput.i1.class_id=serialNumRenewInputImpl\nauth.instance_id=AgentCertAuth\noutput.list=o1\noutput.o1.class_id=certOutputImpl\n'
2016-03-14T19:09:49Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserEncryptionKeyRenewal?action=enable
2016-03-14T19:09:49Z DEBUG request body ''
2016-03-14T19:09:49Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:49Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:49Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:49Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:49Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:49Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:49Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 204 No Content
2016-03-14T19:09:50Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:50Z DEBUG response body ''
2016-03-14T19:09:50Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:50Z DEBUG request body ''
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 204 No Content
2016-03-14T19:09:50Z DEBUG response headers {'set-cookie': 'JSESSIONID=03E8086281017EAE062ED2477B0926F8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:50Z DEBUG response body ''
2016-03-14T19:09:50Z INFO Migrating profile 'caTokenUserAuthKeyRenewal' to LDAP
2016-03-14T19:09:50Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:50Z DEBUG request body ''
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 200 OK
2016-03-14T19:09:50Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=75C508AB3E30F4DFEC28C2F939E59ED8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:50Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:50Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:50Z DEBUG request body 'desc=This certificate profile is for renewing a token authentication certificate\nvisible=false\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=AgentCertAuth\nname=smart card token authentication cert renewal profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caTokenUserAuthKeyRenewal\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 400 Bad Request
2016-03-14T19:09:50Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:50Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:50Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserAuthKeyRenewal?action=disable
2016-03-14T19:09:50Z DEBUG request body ''
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 204 No Content
2016-03-14T19:09:50Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:50Z DEBUG response body ''
2016-03-14T19:09:50Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserAuthKeyRenewal/raw
2016-03-14T19:09:50Z DEBUG request body 'desc=This certificate profile is for renewing a token authentication certificate\nvisible=false\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=AgentCertAuth\nname=smart card token authentication cert renewal profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caTokenUserAuthKeyRenewal\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 200 OK
2016-03-14T19:09:50Z DEBUG response headers {'content-length': '359', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:50Z DEBUG response body '#Mon Mar 14 14:09:50 CDT 2016\nname=smart card token authentication cert renewal profile\nvisible=false\ninput.list=i1\nenableBy=admin\nrenewal=true\nenable=true\ndesc=This certificate profile is for renewing a token authentication certificate\ninput.i1.class_id=serialNumRenewInputImpl\nauth.instance_id=AgentCertAuth\noutput.list=o1\noutput.o1.class_id=certOutputImpl\n'
2016-03-14T19:09:50Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserAuthKeyRenewal?action=enable
2016-03-14T19:09:50Z DEBUG request body ''
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 204 No Content
2016-03-14T19:09:50Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:50Z DEBUG response body ''
2016-03-14T19:09:50Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:50Z DEBUG request body ''
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 204 No Content
2016-03-14T19:09:50Z DEBUG response headers {'set-cookie': 'JSESSIONID=5D82309A35E1E3ADAD4D8DC6A33267F1; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:50Z DEBUG response body ''
2016-03-14T19:09:50Z INFO Migrating profile 'caJarSigningCert' to LDAP
2016-03-14T19:09:50Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:50Z DEBUG request body ''
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 200 OK
2016-03-14T19:09:50Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=3B984BA97158D4D4F9B493D1E78C30CC; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:50Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:50Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:50Z DEBUG request body 'desc=This is an IPA profile for enrolling Jar Signing certificates.\nenable=true\nenableBy=admin\nname=Manual Jar Signing Certificate Enrollment\nvisible=false\nauth.class_id=\nauth.instance_id=raCertAuth\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caJarSigningSet\npolicyset.caJarSigningSet.list=1,2,3,4,5,6\npolicyset.caJarSigningSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caJarSigningSet.1.constraint.name=Subject Name Constraint\npolicyset.caJarSigningSet.1.constraint.params.accept=true\npolicyset.caJarSigningSet.1.constraint.params.pattern=.*\npolicyset.caJarSigningSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caJarSigningSet.1.default.name=Subject Name Default\npolicyset.caJarSigningSet.1.default.params.name=\npolicyset.caJarSigningSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caJarSigningSet.2.constraint.name=Validity Constraint\npolicyset.caJarSigningSet.2.constraint.params.notAfterCheck=false\npolicyset.caJarSigningSet.2.constraint.params.notBeforeCheck=false\npolicyset.caJarSigningSet.2.constraint.params.range=2922\npolicyset.caJarSigningSet.2.default.class_id=validityDefaultImpl\npolicyset.caJarSigningSet.2.default.name=Validity Default\npolicyset.caJarSigningSet.2.default.params.range=1461\npolicyset.caJarSigningSet.2.default.params.startTime=60\npolicyset.caJarSigningSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caJarSigningSet.3.constraint.name=Key Constraint\npolicyset.caJarSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.caJarSigningSet.3.constraint.params.keyType=RSA\npolicyset.caJarSigningSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caJarSigningSet.3.default.name=Key Default\npolicyset.caJarSigningSet.4.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caJarSigningSet.4.constraint.name=Key Usage Extension Constraint\npolicyset.caJarSigningSet.4.constraint.params.keyUsageCritical=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageCrlSign=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDataEncipherment=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDecipherOnly=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDigitalSignature=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageEncipherOnly=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyAgreement=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyCertSign=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyEncipherment=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageNonRepudiation=-\npolicyset.caJarSigningSet.4.default.class_id=keyUsageExtDefaultImpl\npolicyset.caJarSigningSet.4.default.name=Key Usage Default\npolicyset.caJarSigningSet.4.default.params.keyUsageCritical=true\npolicyset.caJarSigningSet.4.default.params.keyUsageCrlSign=false\npolicyset.caJarSigningSet.4.default.params.keyUsageDataEncipherment=false\npolicyset.caJarSigningSet.4.default.params.keyUsageDecipherOnly=false\npolicyset.caJarSigningSet.4.default.params.keyUsageDigitalSignature=true\npolicyset.caJarSigningSet.4.default.params.keyUsageEncipherOnly=false\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyAgreement=false\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyCertSign=true\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyEncipherment=false\npolicyset.caJarSigningSet.4.default.params.keyUsageNonRepudiation=false\npolicyset.caJarSigningSet.5.constraint.class_id=nsCertTypeExtConstraintImpl\npolicyset.caJarSigningSet.5.constraint.name=Netscape Certificate Type Extension Constraint\npolicyset.caJarSigningSet.5.constraint.params.nsCertCritical=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertEmail=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertEmailCA=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertObjectSigning=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertObjectSigningCA=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLCA=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLClient=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLServer=-\npolicyset.caJarSigningSet.5.default.class_id=nsCertTypeExtDefaultImpl\npolicyset.caJarSigningSet.5.default.name=Netscape Certificate Type Extension Default\npolicyset.caJarSigningSet.5.default.params.nsCertCritical=false\npolicyset.caJarSigningSet.5.default.params.nsCertEmail=false\npolicyset.caJarSigningSet.5.default.params.nsCertEmailCA=false\npolicyset.caJarSigningSet.5.default.params.nsCertObjectSigning=true\npolicyset.caJarSigningSet.5.default.params.nsCertObjectSigningCA=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLCA=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLClient=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLServer=false\npolicyset.caJarSigningSet.6.constraint.class_id=signingAlgConstraintImpl\npolicyset.caJarSigningSet.6.constraint.name=No Constraint\npolicyset.caJarSigningSet.6.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.caJarSigningSet.6.default.class_id=signingAlgDefaultImpl\npolicyset.caJarSigningSet.6.default.name=Signing Alg\npolicyset.caJarSigningSet.6.default.params.signingAlg=-\nprofileId=caJarSigningCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 400 Bad Request
2016-03-14T19:09:50Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:50Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:50Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caJarSigningCert?action=disable
2016-03-14T19:09:50Z DEBUG request body ''
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 204 No Content
2016-03-14T19:09:50Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:49 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:50Z DEBUG response body ''
2016-03-14T19:09:50Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caJarSigningCert/raw
2016-03-14T19:09:50Z DEBUG request body 'desc=This is an IPA profile for enrolling Jar Signing certificates.\nenable=true\nenableBy=admin\nname=Manual Jar Signing Certificate Enrollment\nvisible=false\nauth.class_id=\nauth.instance_id=raCertAuth\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caJarSigningSet\npolicyset.caJarSigningSet.list=1,2,3,4,5,6\npolicyset.caJarSigningSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caJarSigningSet.1.constraint.name=Subject Name Constraint\npolicyset.caJarSigningSet.1.constraint.params.accept=true\npolicyset.caJarSigningSet.1.constraint.params.pattern=.*\npolicyset.caJarSigningSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caJarSigningSet.1.default.name=Subject Name Default\npolicyset.caJarSigningSet.1.default.params.name=\npolicyset.caJarSigningSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caJarSigningSet.2.constraint.name=Validity Constraint\npolicyset.caJarSigningSet.2.constraint.params.notAfterCheck=false\npolicyset.caJarSigningSet.2.constraint.params.notBeforeCheck=false\npolicyset.caJarSigningSet.2.constraint.params.range=2922\npolicyset.caJarSigningSet.2.default.class_id=validityDefaultImpl\npolicyset.caJarSigningSet.2.default.name=Validity Default\npolicyset.caJarSigningSet.2.default.params.range=1461\npolicyset.caJarSigningSet.2.default.params.startTime=60\npolicyset.caJarSigningSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caJarSigningSet.3.constraint.name=Key Constraint\npolicyset.caJarSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.caJarSigningSet.3.constraint.params.keyType=RSA\npolicyset.caJarSigningSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caJarSigningSet.3.default.name=Key Default\npolicyset.caJarSigningSet.4.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caJarSigningSet.4.constraint.name=Key Usage Extension Constraint\npolicyset.caJarSigningSet.4.constraint.params.keyUsageCritical=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageCrlSign=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDataEncipherment=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDecipherOnly=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDigitalSignature=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageEncipherOnly=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyAgreement=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyCertSign=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyEncipherment=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageNonRepudiation=-\npolicyset.caJarSigningSet.4.default.class_id=keyUsageExtDefaultImpl\npolicyset.caJarSigningSet.4.default.name=Key Usage Default\npolicyset.caJarSigningSet.4.default.params.keyUsageCritical=true\npolicyset.caJarSigningSet.4.default.params.keyUsageCrlSign=false\npolicyset.caJarSigningSet.4.default.params.keyUsageDataEncipherment=false\npolicyset.caJarSigningSet.4.default.params.keyUsageDecipherOnly=false\npolicyset.caJarSigningSet.4.default.params.keyUsageDigitalSignature=true\npolicyset.caJarSigningSet.4.default.params.keyUsageEncipherOnly=false\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyAgreement=false\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyCertSign=true\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyEncipherment=false\npolicyset.caJarSigningSet.4.default.params.keyUsageNonRepudiation=false\npolicyset.caJarSigningSet.5.constraint.class_id=nsCertTypeExtConstraintImpl\npolicyset.caJarSigningSet.5.constraint.name=Netscape Certificate Type Extension Constraint\npolicyset.caJarSigningSet.5.constraint.params.nsCertCritical=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertEmail=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertEmailCA=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertObjectSigning=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertObjectSigningCA=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLCA=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLClient=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLServer=-\npolicyset.caJarSigningSet.5.default.class_id=nsCertTypeExtDefaultImpl\npolicyset.caJarSigningSet.5.default.name=Netscape Certificate Type Extension Default\npolicyset.caJarSigningSet.5.default.params.nsCertCritical=false\npolicyset.caJarSigningSet.5.default.params.nsCertEmail=false\npolicyset.caJarSigningSet.5.default.params.nsCertEmailCA=false\npolicyset.caJarSigningSet.5.default.params.nsCertObjectSigning=true\npolicyset.caJarSigningSet.5.default.params.nsCertObjectSigningCA=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLCA=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLClient=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLServer=false\npolicyset.caJarSigningSet.6.constraint.class_id=signingAlgConstraintImpl\npolicyset.caJarSigningSet.6.constraint.name=No Constraint\npolicyset.caJarSigningSet.6.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.caJarSigningSet.6.default.class_id=signingAlgDefaultImpl\npolicyset.caJarSigningSet.6.default.name=Signing Alg\npolicyset.caJarSigningSet.6.default.params.signingAlg=-\nprofileId=caJarSigningCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 200 OK
2016-03-14T19:09:50Z DEBUG response headers {'content-length': '5339', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:50Z DEBUG response body '#Mon Mar 14 14:09:50 CDT 2016\npolicyset.caJarSigningSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caJarSigningSet.4.default.params.keyUsageNonRepudiation=false\ninput.i2.class_id=submitterInfoInputImpl\npolicyset.caJarSigningSet.2.constraint.params.notBeforeCheck=false\npolicyset.caJarSigningSet.4.constraint.params.keyUsageEncipherOnly=-\nauth.instance_id=raCertAuth\npolicyset.caJarSigningSet.4.constraint.class_id=keyUsageExtConstraintImpl\noutput.o1.class_id=certOutputImpl\npolicyset.caJarSigningSet.1.constraint.params.accept=true\npolicyset.caJarSigningSet.1.default.name=Subject Name Default\npolicyset.caJarSigningSet.5.default.params.nsCertObjectSigning=true\npolicyset.caJarSigningSet.5.constraint.params.nsCertEmailCA=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyAgreement=-\npolicyset.caJarSigningSet.4.default.class_id=keyUsageExtDefaultImpl\npolicyset.caJarSigningSet.5.constraint.params.nsCertEmail=-\npolicyset.caJarSigningSet.6.default.name=Signing Alg\npolicyset.caJarSigningSet.5.constraint.params.nsCertCritical=-\noutput.list=o1\npolicyset.caJarSigningSet.3.constraint.name=Key Constraint\npolicyset.caJarSigningSet.2.constraint.params.range=2922\npolicyset.caJarSigningSet.1.default.params.name=\ninput.list=i1,i2\npolicyset.caJarSigningSet.5.default.class_id=nsCertTypeExtDefaultImpl\npolicyset.caJarSigningSet.5.default.params.nsCertEmail=false\npolicyset.caJarSigningSet.2.default.params.range=1461\nvisible=false\ndesc=This is an IPA profile for enrolling Jar Signing certificates.\npolicyset.caJarSigningSet.4.constraint.params.keyUsageCritical=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDecipherOnly=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyCertSign=-\npolicyset.caJarSigningSet.6.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.caJarSigningSet.4.default.params.keyUsageDigitalSignature=true\npolicyset.caJarSigningSet.5.default.name=Netscape Certificate Type Extension Default\npolicyset.caJarSigningSet.3.constraint.params.keyType=RSA\nauth.class_id=\npolicyset.caJarSigningSet.2.constraint.name=Validity Constraint\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyEncipherment=false\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLClient=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLServer=-\npolicyset.caJarSigningSet.list=1,2,3,4,5,6\npolicyset.caJarSigningSet.6.default.class_id=signingAlgDefaultImpl\nenable=true\npolicyset.caJarSigningSet.4.constraint.params.keyUsageNonRepudiation=-\npolicyset.caJarSigningSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caJarSigningSet.1.constraint.name=Subject Name Constraint\npolicyset.caJarSigningSet.4.default.params.keyUsageDataEncipherment=false\npolicyset.caJarSigningSet.5.default.params.nsCertCritical=false\npolicyset.caJarSigningSet.6.constraint.class_id=signingAlgConstraintImpl\npolicyset.caJarSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.caJarSigningSet.2.constraint.params.notAfterCheck=false\npolicyset.caJarSigningSet.4.default.name=Key Usage Default\nname=Manual Jar Signing Certificate Enrollment\npolicyset.caJarSigningSet.3.default.name=Key Default\npolicyset.caJarSigningSet.4.default.params.keyUsageCritical=true\npolicyset.caJarSigningSet.6.constraint.name=No Constraint\npolicyset.caJarSigningSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caJarSigningSet.1.constraint.params.pattern=.*\npolicyset.caJarSigningSet.5.constraint.params.nsCertObjectSigning=-\npolicyset.caJarSigningSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caJarSigningSet.4.default.params.keyUsageEncipherOnly=false\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDigitalSignature=-\npolicyset.caJarSigningSet.5.constraint.class_id=nsCertTypeExtConstraintImpl\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyAgreement=false\npolicyset.caJarSigningSet.2.default.class_id=validityDefaultImpl\npolicyset.caJarSigningSet.5.default.params.nsCertEmailCA=false\npolicyset.list=caJarSigningSet\npolicyset.caJarSigningSet.5.constraint.params.nsCertObjectSigningCA=-\npolicyset.caJarSigningSet.4.default.params.keyUsageCrlSign=false\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLCA=-\npolicyset.caJarSigningSet.2.default.name=Validity Default\npolicyset.caJarSigningSet.2.default.params.startTime=60\npolicyset.caJarSigningSet.6.default.params.signingAlg=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDataEncipherment=-\npolicyset.caJarSigningSet.4.default.params.keyUsageDecipherOnly=false\npolicyset.caJarSigningSet.5.constraint.name=Netscape Certificate Type Extension Constraint\npolicyset.caJarSigningSet.4.constraint.params.keyUsageCrlSign=-\npolicyset.caJarSigningSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caJarSigningSet.5.default.params.nsCertSSLClient=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLServer=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLCA=false\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyCertSign=true\npolicyset.caJarSigningSet.4.constraint.name=Key Usage Extension Constraint\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyEncipherment=-\npolicyset.caJarSigningSet.5.default.params.nsCertObjectSigningCA=false\n'
2016-03-14T19:09:50Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caJarSigningCert?action=enable
2016-03-14T19:09:50Z DEBUG request body ''
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 204 No Content
2016-03-14T19:09:50Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:50Z DEBUG response body ''
2016-03-14T19:09:50Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:50Z DEBUG request body ''
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 204 No Content
2016-03-14T19:09:50Z DEBUG response headers {'set-cookie': 'JSESSIONID=43E4153C52DE46DD1B09F180CFB7D5DB; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:50Z DEBUG response body ''
2016-03-14T19:09:50Z INFO Migrating profile 'caIPAserviceCert' to LDAP
2016-03-14T19:09:50Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:50Z DEBUG request body ''
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 200 OK
2016-03-14T19:09:50Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=12D213A46D73B16ECBC167EC3CAA7522; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:50Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:50Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:50Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, OU=pki-ipa, O=IPA \npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=https://ipa.example.com/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\nprofileId=caIPAserviceCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 400 Bad Request
2016-03-14T19:09:50Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:50Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:50Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caIPAserviceCert?action=disable
2016-03-14T19:09:50Z DEBUG request body ''
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 204 No Content
2016-03-14T19:09:50Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:50Z DEBUG response body ''
2016-03-14T19:09:50Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caIPAserviceCert/raw
2016-03-14T19:09:50Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, OU=pki-ipa, O=IPA \npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=https://ipa.example.com/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\nprofileId=caIPAserviceCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 200 OK
2016-03-14T19:09:50Z DEBUG response headers {'content-length': '6256', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:50Z DEBUG response body '#Mon Mar 14 14:09:50 CDT 2016\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=https://ipa.example.com/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, OU=pki-ipa, O=IPA \npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\n'
2016-03-14T19:09:50Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caIPAserviceCert?action=enable
2016-03-14T19:09:50Z DEBUG request body ''
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 204 No Content
2016-03-14T19:09:50Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:50Z DEBUG response body ''
2016-03-14T19:09:50Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:50Z DEBUG request body ''
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 204 No Content
2016-03-14T19:09:50Z DEBUG response headers {'set-cookie': 'JSESSIONID=014B639734DBFAC845378725FF5597AB; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:50Z DEBUG response body ''
2016-03-14T19:09:50Z INFO Migrating profile 'caEncUserCert' to LDAP
2016-03-14T19:09:50Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:50Z DEBUG request body ''
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 200 OK
2016-03-14T19:09:50Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=82B9FD2D9D8DA3AA2D62651D0ACF583D; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:50Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:50Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:50Z DEBUG request body 'desc=This certificate profile is for enrolling user encryption certificates with option to archive keys.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Encryption Certificates Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=CN=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\n\nprofileId=caEncUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 400 Bad Request
2016-03-14T19:09:50Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:50Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:50Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caEncUserCert?action=disable
2016-03-14T19:09:50Z DEBUG request body ''
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 204 No Content
2016-03-14T19:09:50Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:50Z DEBUG response body ''
2016-03-14T19:09:50Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caEncUserCert/raw
2016-03-14T19:09:50Z DEBUG request body 'desc=This certificate profile is for enrolling user encryption certificates with option to archive keys.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Encryption Certificates Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=CN=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\n\nprofileId=caEncUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 200 OK
2016-03-14T19:09:50Z DEBUG response headers {'content-length': '6314', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:50Z DEBUG response body '#Mon Mar 14 14:09:50 CDT 2016\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\ninput.i2.class_id=subjectNameInputImpl\noutput.o1.class_id=certOutputImpl\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.1.constraint.params.pattern=CN=.*\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.2.default.params.range=180\noutput.list=o1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\ninput.list=i1,i2,i3\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\nvisible=false\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.1.constraint.params.accept=true\ndesc=This certificate profile is for enrolling user encryption certificates with option to archive keys.\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\nauth.class_id=\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\nenable=true\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\ninput.i3.class_id=submitterInfoInputImpl\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\nname=Manual User Encryption Certificates Enrollment\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.list=encryptionCertSet\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\n'
2016-03-14T19:09:50Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caEncUserCert?action=enable
2016-03-14T19:09:50Z DEBUG request body ''
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 204 No Content
2016-03-14T19:09:50Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:50Z DEBUG response body ''
2016-03-14T19:09:50Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:50Z DEBUG request body ''
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:50Z DEBUG response status 204 No Content
2016-03-14T19:09:50Z DEBUG response headers {'set-cookie': 'JSESSIONID=CD6D5FB192AEDC23DD207322BE8B56F9; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:50Z DEBUG response body ''
2016-03-14T19:09:50Z INFO Migrating profile 'caEncECUserCert' to LDAP
2016-03-14T19:09:50Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:50Z DEBUG request body ''
2016-03-14T19:09:50Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:50Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:50Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:50Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:50Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:50Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:50Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:51Z DEBUG response status 200 OK
2016-03-14T19:09:51Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=60880801290CAC2ED908156664161E88; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:51Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:51Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:51Z DEBUG request body 'desc=This certificate profile is for enrolling user ECC encryption certificates. It works only with latest Firefox.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Encryption ECC Certificates Enrollment\nauth.class_id=\ninput.list=i1\ninput.i1.class_id=encKeyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=CN=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=EC\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=nistp256,nistp521\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\nprofileId=caEncECUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:51Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:51Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:51Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:51Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:51Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:51Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:51Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:51Z DEBUG response status 400 Bad Request
2016-03-14T19:09:51Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:51Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:51Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caEncECUserCert?action=disable
2016-03-14T19:09:51Z DEBUG request body ''
2016-03-14T19:09:51Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:51Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:51Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:51Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:51Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:51Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:51Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:51Z DEBUG response status 204 No Content
2016-03-14T19:09:51Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:51Z DEBUG response body ''
2016-03-14T19:09:51Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caEncECUserCert/raw
2016-03-14T19:09:51Z DEBUG request body 'desc=This certificate profile is for enrolling user ECC encryption certificates. It works only with latest Firefox.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Encryption ECC Certificates Enrollment\nauth.class_id=\ninput.list=i1\ninput.i1.class_id=encKeyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=CN=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=EC\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=nistp256,nistp521\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\nprofileId=caEncECUserCert\nclassId=caEnrollImpl\n'
2016-03-14T19:09:51Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:51Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:51Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:51Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:51Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:51Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:51Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:51Z DEBUG response status 200 OK
2016-03-14T19:09:51Z DEBUG response headers {'content-length': '6242', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:51Z DEBUG response body '#Mon Mar 14 14:09:51 CDT 2016\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\noutput.o1.class_id=certOutputImpl\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.1.constraint.params.pattern=CN=.*\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.2.default.params.range=180\noutput.list=o1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\ninput.list=i1\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\nvisible=false\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.1.constraint.params.accept=true\ndesc=This certificate profile is for enrolling user ECC encryption certificates. It works only with latest Firefox.\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\nauth.class_id=\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\nenable=true\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\ninput.i1.class_id=encKeyGenInputImpl\nenableBy=admin\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\nname=Manual User Encryption ECC Certificates Enrollment\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=nistp256,nistp521\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.3.constraint.params.keyType=EC\npolicyset.list=encryptionCertSet\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\n'
2016-03-14T19:09:51Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caEncECUserCert?action=enable
2016-03-14T19:09:51Z DEBUG request body ''
2016-03-14T19:09:51Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:51Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:51Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:51Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:51Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:51Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:51Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:51Z DEBUG response status 204 No Content
2016-03-14T19:09:51Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:51Z DEBUG response body ''
2016-03-14T19:09:51Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:51Z DEBUG request body ''
2016-03-14T19:09:51Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:51Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:51Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:51Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:51Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:51Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:51Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:51Z DEBUG response status 204 No Content
2016-03-14T19:09:51Z DEBUG response headers {'set-cookie': 'JSESSIONID=3EF9936CCB443C45067750064ADB1E50; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:51Z DEBUG response body ''
2016-03-14T19:09:51Z INFO Migrating profile 'caTokenUserDelegateAuthKeyEnrollment' to LDAP
2016-03-14T19:09:51Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:51Z DEBUG request body ''
2016-03-14T19:09:51Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:51Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:51Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:51Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:51Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:51Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:51Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:51Z DEBUG response status 200 OK
2016-03-14T19:09:51Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=999C1482215BD806CFD7CE79164D7B67; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:51Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:51Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:51Z DEBUG request body 'desc=This profile is for enrolling Token User Delegate Authentication key\nenable=true\nenableBy=admin\nname=Token User Delegate Authentication Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1,i2,i3\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\ninput.i2.class_id=subjectDNInputImpl\ninput.i2.name=subjectDNInputImpl\ninput.i3.class_id=subjectAltNameExtInputImpl\ninput.i3.name=subjectAltNameExtInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o1.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=subjectNameConstraintImpl\npolicyset.set1.p1.constraint.name=Subject Name Constraint\npolicyset.set1.p1.constraint.params.pattern=.*\npolicyset.set1.p1.constraint.params.accept=true\npolicyset.set1.p1.default.class_id=userSubjectNameDefaultImpl\npolicyset.set1.p1.default.name=Subject Name Default\npolicyset.set1.p1.default.params.name=\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=(UTF8String)1.3.6.1.4.1.311.20.2.3,$request.req_san_pattern_0$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserDelegateAuthKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:51Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:51Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:51Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:51Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:51Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:51Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:51Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:51Z DEBUG response status 400 Bad Request
2016-03-14T19:09:51Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:51Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:51Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserDelegateAuthKeyEnrollment?action=disable
2016-03-14T19:09:51Z DEBUG request body ''
2016-03-14T19:09:51Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:51Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:51Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:51Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:51Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:51Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:51Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:51Z DEBUG response status 204 No Content
2016-03-14T19:09:51Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:51Z DEBUG response body ''
2016-03-14T19:09:51Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserDelegateAuthKeyEnrollment/raw
2016-03-14T19:09:51Z DEBUG request body 'desc=This profile is for enrolling Token User Delegate Authentication key\nenable=true\nenableBy=admin\nname=Token User Delegate Authentication Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1,i2,i3\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\ninput.i2.class_id=subjectDNInputImpl\ninput.i2.name=subjectDNInputImpl\ninput.i3.class_id=subjectAltNameExtInputImpl\ninput.i3.name=subjectAltNameExtInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o1.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=subjectNameConstraintImpl\npolicyset.set1.p1.constraint.name=Subject Name Constraint\npolicyset.set1.p1.constraint.params.pattern=.*\npolicyset.set1.p1.constraint.params.accept=true\npolicyset.set1.p1.default.class_id=userSubjectNameDefaultImpl\npolicyset.set1.p1.default.name=Subject Name Default\npolicyset.set1.p1.default.params.name=\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=(UTF8String)1.3.6.1.4.1.311.20.2.3,$request.req_san_pattern_0$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserDelegateAuthKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:51Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:51Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:51Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:51Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:51Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:51Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:51Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:51Z DEBUG response status 200 OK
2016-03-14T19:09:51Z DEBUG response headers {'transfer-encoding': 'chunked', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:51Z DEBUG response body '#Mon Mar 14 14:09:51 CDT 2016\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\nauth.instance_id=AgentCertAuth\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_2=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\nenable=true\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\ninput.i1.name=nsNKeyCertReqInputImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\noutput.o1.class_id=nsNKeyOutputImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p6.default.params.subjAltExtPattern_0=(UTF8String)1.3.6.1.4.1.311.20.2.3,$request.req_san_pattern_0$\noutput.list=o1\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.p1.default.class_id=userSubjectNameDefaultImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\nname=Token User Delegate Authentication Certificate Enrollment\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p1.constraint.params.pattern=.*\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\ninput.i2.name=subjectDNInputImpl\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p1.default.name=Subject Name Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p1.constraint.name=Subject Name Constraint\ninput.list=i1,i2,i3\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.num=5\nenableBy=admin\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p9.constraint.name=No Constraint\ndesc=This profile is for enrolling Token User Delegate Authentication key\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\ninput.i3.name=subjectAltNameExtInputImpl\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\ninput.i1.class_id=nsNKeyCertReqInputImpl\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.p1.constraint.class_id=subjectNameConstraintImpl\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.list=set1\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p2.constraint.name=No Constraint\nvisible=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\ninput.i2.class_id=subjectDNInputImpl\noutput.o1.name=nsNKeyOutputImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p1.default.params.name=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\ninput.i3.class_id=subjectAltNameExtInputImpl\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p1.constraint.params.accept=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\n'
2016-03-14T19:09:51Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserDelegateAuthKeyEnrollment?action=enable
2016-03-14T19:09:51Z DEBUG request body ''
2016-03-14T19:09:51Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:51Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:51Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:51Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:51Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:51Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:51Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:51Z DEBUG response status 204 No Content
2016-03-14T19:09:51Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:51Z DEBUG response body ''
2016-03-14T19:09:51Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:51Z DEBUG request body ''
2016-03-14T19:09:51Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:51Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:51Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:51Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:51Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:51Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:51Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:51Z DEBUG response status 204 No Content
2016-03-14T19:09:51Z DEBUG response headers {'set-cookie': 'JSESSIONID=50FEBBCD6BB6EE4CCCAF79BF0E10AF95; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:50 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:51Z DEBUG response body ''
2016-03-14T19:09:51Z INFO Migrating profile 'caTokenUserDelegateSigningKeyEnrollment' to LDAP
2016-03-14T19:09:51Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/login
2016-03-14T19:09:51Z DEBUG request body ''
2016-03-14T19:09:51Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:51Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:51Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:51Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:51Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:51Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:51Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:51Z DEBUG response status 200 OK
2016-03-14T19:09:51Z DEBUG response headers {'content-length': '205', 'set-cookie': 'JSESSIONID=98B37671C95D90B98CBDD1FA303E0012; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:51 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:51Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
2016-03-14T19:09:51Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/raw
2016-03-14T19:09:51Z DEBUG request body 'desc=This profile is for enrolling Token User Delegate Signing key\nenable=true\nenableBy=admin\nname=Token User Delegate Signing Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1,i2,i3\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\ninput.i2.class_id=subjectDNInputImpl\ninput.i2.name=subjectDNInputImpl\ninput.i3.class_id=subjectAltNameExtInputImpl\ninput.i3.name=subjectAltNameExtInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o1.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=subjectNameConstraintImpl\npolicyset.set1.p1.constraint.name=Subject Name Constraint\npolicyset.set1.p1.constraint.params.pattern=.*\npolicyset.set1.p1.constraint.params.accept=true\npolicyset.set1.p1.default.class_id=userSubjectNameDefaultImpl\npolicyset.set1.p1.default.name=Subject Name Default\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.req_san_pattern_0$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserDelegateSigningKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:51Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:51Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:51Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:51Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:51Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:51Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:51Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:51Z DEBUG response status 400 Bad Request
2016-03-14T19:09:51Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Mon, 14 Mar 2016 19:09:51 GMT', 'connection': 'close', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:51Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Profile already exists"}'
2016-03-14T19:09:51Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserDelegateSigningKeyEnrollment?action=disable
2016-03-14T19:09:51Z DEBUG request body ''
2016-03-14T19:09:51Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:51Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:51Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:51Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:51Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:51Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:51Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:51Z DEBUG response status 204 No Content
2016-03-14T19:09:51Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:51 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:51Z DEBUG response body ''
2016-03-14T19:09:51Z DEBUG request PUT https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserDelegateSigningKeyEnrollment/raw
2016-03-14T19:09:51Z DEBUG request body 'desc=This profile is for enrolling Token User Delegate Signing key\nenable=true\nenableBy=admin\nname=Token User Delegate Signing Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1,i2,i3\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\ninput.i2.class_id=subjectDNInputImpl\ninput.i2.name=subjectDNInputImpl\ninput.i3.class_id=subjectAltNameExtInputImpl\ninput.i3.name=subjectAltNameExtInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o1.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=subjectNameConstraintImpl\npolicyset.set1.p1.constraint.name=Subject Name Constraint\npolicyset.set1.p1.constraint.params.pattern=.*\npolicyset.set1.p1.constraint.params.accept=true\npolicyset.set1.p1.default.class_id=userSubjectNameDefaultImpl\npolicyset.set1.p1.default.name=Subject Name Default\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.req_san_pattern_0$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserDelegateSigningKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
2016-03-14T19:09:51Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:51Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:51Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:51Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:51Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:51Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:51Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:51Z DEBUG response status 200 OK
2016-03-14T19:09:51Z DEBUG response headers {'transfer-encoding': 'chunked', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:51 GMT', 'content-type': 'application/json'}
2016-03-14T19:09:51Z DEBUG response body '#Mon Mar 14 14:09:51 CDT 2016\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\nauth.instance_id=AgentCertAuth\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\nenable=true\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\ninput.i1.name=nsNKeyCertReqInputImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\noutput.o1.class_id=nsNKeyOutputImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.req_san_pattern_0$\noutput.list=o1\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.p1.default.class_id=userSubjectNameDefaultImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\nname=Token User Delegate Signing Certificate Enrollment\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p1.constraint.params.pattern=.*\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\ninput.i2.name=subjectDNInputImpl\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p1.default.name=Subject Name Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p1.constraint.name=Subject Name Constraint\ninput.list=i1,i2,i3\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.num=5\nenableBy=admin\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p9.constraint.name=No Constraint\ndesc=This profile is for enrolling Token User Delegate Signing key\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\ninput.i3.name=subjectAltNameExtInputImpl\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\ninput.i1.class_id=nsNKeyCertReqInputImpl\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.p1.constraint.class_id=subjectNameConstraintImpl\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.list=set1\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p2.constraint.name=No Constraint\nvisible=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\ninput.i2.class_id=subjectDNInputImpl\noutput.o1.name=nsNKeyOutputImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\ninput.i3.class_id=subjectAltNameExtInputImpl\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p1.constraint.params.accept=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\n'
2016-03-14T19:09:51Z DEBUG request POST https://jutta.cc.umanitoba.ca:8443/ca/rest/profiles/caTokenUserDelegateSigningKeyEnrollment?action=enable
2016-03-14T19:09:51Z DEBUG request body ''
2016-03-14T19:09:51Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:51Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:51Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:51Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:51Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:51Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:51Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:51Z DEBUG response status 204 No Content
2016-03-14T19:09:51Z DEBUG response headers {'date': 'Mon, 14 Mar 2016 19:09:51 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
2016-03-14T19:09:51Z DEBUG response body ''
2016-03-14T19:09:51Z DEBUG request GET https://jutta.cc.umanitoba.ca:8443/ca/rest/account/logout
2016-03-14T19:09:51Z DEBUG request body ''
2016-03-14T19:09:51Z DEBUG NSSConnection init jutta.cc.umanitoba.ca
2016-03-14T19:09:51Z DEBUG Connecting: 130.179.19.176:0
2016-03-14T19:09:51Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
2016-03-14T19:09:51Z DEBUG cert valid True for "CN=jutta.cc.umanitoba.ca,O=UOFMT1"
2016-03-14T19:09:51Z DEBUG handshake complete, peer = 130.179.19.176:8443
2016-03-14T19:09:51Z DEBUG Protocol: TLS1.2
2016-03-14T19:09:51Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
2016-03-14T19:09:51Z DEBUG response status 204 No Content
2016-03-14T19:09:51Z DEBUG response headers {'set-cookie': 'JSESSIONID=6F3A2E0F85628C50D3E205E57CB2F67A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 18:00:00 CST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Mon, 14 Mar 2016 19:09:51 GMT', 'content-type': 'application/xml'}
2016-03-14T19:09:51Z DEBUG response body ''
2016-03-14T19:09:51Z DEBUG duration: 16 seconds
2016-03-14T19:09:51Z DEBUG [22/23]: importing IPA certificate profiles
2016-03-14T19:09:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:09:51Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2016-03-14T19:09:51Z DEBUG Trying to find certificate subject base in sysupgrade
2016-03-14T19:09:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
2016-03-14T19:09:51Z DEBUG Found certificate subject base in sysupgrade: O=UOFMT1
2016-03-14T19:09:53Z DEBUG Created connection context.ldap2_66946064
2016-03-14T19:09:54Z DEBUG Created connection context.ldap2_182082192
2016-03-14T19:09:54Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket from SchemaCache
2016-03-14T19:09:54Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xae64e18>
2016-03-14T19:09:54Z DEBUG Destroyed connection context.ldap2_182082192
2016-03-14T19:09:56Z DEBUG Created connection context.ldap2_141704016
2016-03-14T19:09:56Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket from SchemaCache
2016-03-14T19:09:56Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xae6da28>
2016-03-14T19:09:56Z DEBUG Destroyed connection context.ldap2_141704016
2016-03-14T19:09:56Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket from SchemaCache
2016-03-14T19:09:56Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xaca6e60>
2016-03-14T19:09:56Z DEBUG Destroyed connection context.ldap2_66946064
2016-03-14T19:09:56Z DEBUG duration: 5 seconds
2016-03-14T19:09:56Z DEBUG [23/23]: adding default CA ACL
2016-03-14T19:09:57Z DEBUG Created connection context.ldap2_66947728
2016-03-14T19:09:58Z DEBUG Created connection context.ldap2_141703504
2016-03-14T19:09:58Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket from SchemaCache
2016-03-14T19:09:58Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xae63998>
2016-03-14T19:09:59Z DEBUG Destroyed connection context.ldap2_141703504
2016-03-14T19:10:00Z DEBUG Created connection context.ldap2_141702800
2016-03-14T19:10:00Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket from SchemaCache
2016-03-14T19:10:00Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xae65e18>
2016-03-14T19:10:00Z DEBUG Destroyed connection context.ldap2_141702800
2016-03-14T19:10:00Z DEBUG raw: caacl_find(None, version=u'2.156')
2016-03-14T19:10:00Z DEBUG caacl_find(None, all=False, raw=False, version=u'2.156', no_members=False, pkey_only=False)
2016-03-14T19:10:00Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket from SchemaCache
2016-03-14T19:10:00Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x888f248>
2016-03-14T19:10:00Z DEBUG Destroyed connection context.ldap2_66947728
2016-03-14T19:10:00Z DEBUG duration: 3 seconds
2016-03-14T19:10:00Z DEBUG Done configuring certificate server (pki-tomcatd).
2016-03-14T19:10:00Z DEBUG Restarting the directory and certificate servers
2016-03-14T19:10:00Z DEBUG Starting external process
2016-03-14T19:10:00Z DEBUG args='/bin/systemctl' 'stop' 'pki-tomcatd at pki-tomcat.service'
2016-03-14T19:10:01Z DEBUG Process finished, return code=0
2016-03-14T19:10:01Z DEBUG stdout=
2016-03-14T19:10:01Z DEBUG stderr=
2016-03-14T19:10:01Z DEBUG Starting external process
2016-03-14T19:10:01Z DEBUG args='/bin/systemctl' 'restart' 'dirsrv at UOFMT1.service'
2016-03-14T19:10:09Z DEBUG Process finished, return code=0
2016-03-14T19:10:09Z DEBUG stdout=
2016-03-14T19:10:09Z DEBUG stderr=
2016-03-14T19:10:09Z DEBUG Starting external process
2016-03-14T19:10:09Z DEBUG args='/bin/systemctl' 'is-active' 'dirsrv at UOFMT1.service'
2016-03-14T19:10:09Z DEBUG Process finished, return code=0
2016-03-14T19:10:09Z DEBUG stdout=active
2016-03-14T19:10:09Z DEBUG stderr=
2016-03-14T19:10:09Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2016-03-14T19:11:27Z DEBUG Starting external process
2016-03-14T19:11:27Z DEBUG args='/bin/systemctl' 'start' 'pki-tomcatd at pki-tomcat.service'
2016-03-14T19:11:27Z DEBUG Process finished, return code=0
2016-03-14T19:11:27Z DEBUG stdout=
2016-03-14T19:11:27Z DEBUG stderr=
2016-03-14T19:11:27Z DEBUG Starting external process
2016-03-14T19:11:27Z DEBUG args='/bin/systemctl' 'is-active' 'pki-tomcatd at pki-tomcat.service'
2016-03-14T19:11:27Z DEBUG Process finished, return code=0
2016-03-14T19:11:27Z DEBUG stdout=active
2016-03-14T19:11:27Z DEBUG stderr=
2016-03-14T19:11:27Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
2016-03-14T19:11:29Z DEBUG Waiting until the CA is running
2016-03-14T19:11:29Z DEBUG Starting external process
2016-03-14T19:11:29Z DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://jutta.cc.umanitoba.ca:8443/ca/admin/ca/getStatus'
2016-03-14T19:11:37Z DEBUG Process finished, return code=0
2016-03-14T19:11:37Z DEBUG stdout=<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.2.5-6.el7</Version></XMLResponse>
2016-03-14T19:11:37Z DEBUG stderr=--2016-03-14 14:11:29-- https://jutta.cc.umanitoba.ca:8443/ca/admin/ca/getStatus
Resolving jutta.cc.umanitoba.ca (jutta.cc.umanitoba.ca)... 130.179.19.176
Connecting to jutta.cc.umanitoba.ca (jutta.cc.umanitoba.ca)|130.179.19.176|:8443... connected.
WARNING: cannot verify jutta.cc.umanitoba.ca's certificate, issued by ‘/O=UOFMT1/CN=Certificate Authority’:
Self-signed certificate encountered.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Content-Length: 167
Date: Mon, 14 Mar 2016 19:11:37 GMT
Length: 167 [application/xml]
Saving to: ‘STDOUT’
0K 100% 41.1M=0s
2016-03-14 14:11:37 (41.1 MB/s) - written to stdout [167/167]
2016-03-14T19:11:37Z DEBUG The CA status is: running
2016-03-14T19:11:37Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:11:37Z DEBUG Starting external process
2016-03-14T19:11:37Z DEBUG args='/bin/systemctl' 'disable' 'pki-tomcatd.target'
2016-03-14T19:11:38Z DEBUG Process finished, return code=0
2016-03-14T19:11:38Z DEBUG stdout=
2016-03-14T19:11:38Z DEBUG stderr=Removed symlink /etc/systemd/system/multi-user.target.wants/pki-tomcatd.target.
2016-03-14T19:11:38Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket from SchemaCache
2016-03-14T19:11:38Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x8727638>
2016-03-14T19:11:39Z DEBUG Ensuring that service pki_tomcatd at pki-tomcat is not running while the next set of commands is being executed.
2016-03-14T19:11:39Z DEBUG Starting external process
2016-03-14T19:11:39Z DEBUG args='/bin/systemctl' 'is-active' 'pki-tomcatd at pki-tomcat.service'
2016-03-14T19:11:39Z DEBUG Process finished, return code=0
2016-03-14T19:11:39Z DEBUG stdout=active
2016-03-14T19:11:39Z DEBUG stderr=
2016-03-14T19:11:39Z DEBUG Stopping pki_tomcatd at pki-tomcat.
2016-03-14T19:11:39Z DEBUG Starting external process
2016-03-14T19:11:39Z DEBUG args='/bin/systemctl' 'stop' 'pki-tomcatd at pki-tomcat.service'
2016-03-14T19:11:40Z DEBUG Process finished, return code=0
2016-03-14T19:11:40Z DEBUG stdout=
2016-03-14T19:11:40Z DEBUG stderr=
2016-03-14T19:11:40Z DEBUG Starting pki_tomcatd at pki-tomcat.
2016-03-14T19:11:40Z DEBUG Starting external process
2016-03-14T19:11:40Z DEBUG args='/bin/systemctl' 'start' 'pki-tomcatd at pki-tomcat.service'
2016-03-14T19:11:40Z DEBUG Process finished, return code=0
2016-03-14T19:11:40Z DEBUG stdout=
2016-03-14T19:11:40Z DEBUG stderr=
2016-03-14T19:11:40Z DEBUG Starting external process
2016-03-14T19:11:40Z DEBUG args='/bin/systemctl' 'is-active' 'pki-tomcatd at pki-tomcat.service'
2016-03-14T19:11:40Z DEBUG Process finished, return code=0
2016-03-14T19:11:40Z DEBUG stdout=active
2016-03-14T19:11:40Z DEBUG stderr=
2016-03-14T19:11:40Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
2016-03-14T19:11:42Z DEBUG Waiting until the CA is running
2016-03-14T19:11:42Z DEBUG Starting external process
2016-03-14T19:11:42Z DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://jutta.cc.umanitoba.ca:8443/ca/admin/ca/getStatus'
2016-03-14T19:11:59Z DEBUG Process finished, return code=0
2016-03-14T19:11:59Z DEBUG stdout=<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.2.5-6.el7</Version></XMLResponse>
2016-03-14T19:11:59Z DEBUG stderr=--2016-03-14 14:11:42-- https://jutta.cc.umanitoba.ca:8443/ca/admin/ca/getStatus
Resolving jutta.cc.umanitoba.ca (jutta.cc.umanitoba.ca)... 130.179.19.176
Connecting to jutta.cc.umanitoba.ca (jutta.cc.umanitoba.ca)|130.179.19.176|:8443... connected.
WARNING: cannot verify jutta.cc.umanitoba.ca's certificate, issued by ‘/O=UOFMT1/CN=Certificate Authority’:
Self-signed certificate encountered.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Content-Length: 167
Date: Mon, 14 Mar 2016 19:11:59 GMT
Length: 167 [application/xml]
Saving to: ‘STDOUT’
0K 100% 37.0M=0s
2016-03-14 14:11:59 (37.0 MB/s) - written to stdout [167/167]
2016-03-14T19:11:59Z DEBUG The CA status is: running
2016-03-14T19:11:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:11:59Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2016-03-14T19:11:59Z DEBUG IPA FQDN 'jutta.cc.umanitoba.ca.' is not located in default domain 'uofmt1.'
2016-03-14T19:11:59Z DEBUG Domain 'cc.umanitoba.ca' needs additional mapping in krb5.conf
2016-03-14T19:11:59Z DEBUG Starting external process
2016-03-14T19:11:59Z DEBUG args='keyctl' 'get_persistent' '@s' '0'
2016-03-14T19:11:59Z DEBUG Process finished, return code=0
2016-03-14T19:11:59Z DEBUG stdout=137194057
2016-03-14T19:11:59Z DEBUG stderr=
2016-03-14T19:11:59Z DEBUG Enabling persistent keyring CCACHE
2016-03-14T19:12:00Z DEBUG Starting external process
2016-03-14T19:12:00Z DEBUG args='/bin/systemctl' 'is-active' 'krb5kdc.service'
2016-03-14T19:12:00Z DEBUG Process finished, return code=3
2016-03-14T19:12:00Z DEBUG stdout=unknown
2016-03-14T19:12:00Z DEBUG stderr=
2016-03-14T19:12:00Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:12:00Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:12:00Z DEBUG Starting external process
2016-03-14T19:12:00Z DEBUG args='/bin/systemctl' 'stop' 'krb5kdc.service'
2016-03-14T19:12:00Z DEBUG Process finished, return code=0
2016-03-14T19:12:00Z DEBUG stdout=
2016-03-14T19:12:00Z DEBUG stderr=
2016-03-14T19:12:00Z DEBUG Configuring Kerberos KDC (krb5kdc). Estimated time: 30 seconds
2016-03-14T19:12:00Z DEBUG [1/8]: adding sasl mappings to the directory
2016-03-14T19:12:00Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket from SchemaCache
2016-03-14T19:12:00Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x85bc170>
2016-03-14T19:12:13Z DEBUG duration: 13 seconds
2016-03-14T19:12:13Z DEBUG [2/8]: configuring KDC
2016-03-14T19:12:13Z DEBUG Backing up system configuration file '/var/kerberos/krb5kdc/kdc.conf'
2016-03-14T19:12:13Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2016-03-14T19:12:13Z DEBUG Backing up system configuration file '/etc/krb5.conf'
2016-03-14T19:12:13Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2016-03-14T19:12:13Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb5.ini'
2016-03-14T19:12:13Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2016-03-14T19:12:13Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb.con'
2016-03-14T19:12:13Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2016-03-14T19:12:13Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krbrealm.con'
2016-03-14T19:12:13Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2016-03-14T19:12:13Z DEBUG Starting external process
2016-03-14T19:12:13Z DEBUG args='klist' '-V'
2016-03-14T19:12:13Z DEBUG Process finished, return code=0
2016-03-14T19:12:13Z DEBUG stdout=Kerberos 5 version 1.13.2
2016-03-14T19:12:13Z DEBUG stderr=
2016-03-14T19:12:13Z DEBUG Backing up system configuration file '/etc/sysconfig/krb5kdc'
2016-03-14T19:12:13Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2016-03-14T19:12:13Z DEBUG Starting external process
2016-03-14T19:12:13Z DEBUG args='/usr/sbin/selinuxenabled'
2016-03-14T19:12:13Z DEBUG Process finished, return code=1
2016-03-14T19:12:13Z DEBUG stdout=
2016-03-14T19:12:13Z DEBUG stderr=
2016-03-14T19:12:13Z DEBUG duration: 0 seconds
2016-03-14T19:12:13Z DEBUG [3/8]: creating a keytab for the directory
2016-03-14T19:12:13Z DEBUG Starting external process
2016-03-14T19:12:13Z DEBUG args='kadmin.local' '-q' 'addprinc -randkey ldap/jutta.cc.umanitoba.ca at UOFMT1' '-x' 'ipa-setup-override-restrictions'
2016-03-14T19:12:22Z DEBUG Process finished, return code=0
2016-03-14T19:12:22Z DEBUG stdout=Authenticating as principal root/admin at UOFMT1 with password.
Principal "ldap/jutta.cc.umanitoba.ca at UOFMT1" created.
2016-03-14T19:12:22Z DEBUG stderr=WARNING: no policy specified for ldap/jutta.cc.umanitoba.ca at UOFMT1; defaulting to no policy
2016-03-14T19:12:29Z DEBUG Backing up system configuration file '/etc/dirsrv/ds.keytab'
2016-03-14T19:12:29Z DEBUG -> Not backing up - '/etc/dirsrv/ds.keytab' doesn't exist
2016-03-14T19:12:29Z DEBUG Starting external process
2016-03-14T19:12:29Z DEBUG args='kadmin.local' '-q' 'ktadd -k /etc/dirsrv/ds.keytab ldap/jutta.cc.umanitoba.ca at UOFMT1' '-x' 'ipa-setup-override-restrictions'
2016-03-14T19:12:39Z DEBUG Process finished, return code=0
2016-03-14T19:12:39Z DEBUG stdout=Authenticating as principal root/admin at UOFMT1 with password.
Entry for principal ldap/jutta.cc.umanitoba.ca at UOFMT1 with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab.
Entry for principal ldap/jutta.cc.umanitoba.ca at UOFMT1 with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab.
Entry for principal ldap/jutta.cc.umanitoba.ca at UOFMT1 with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/dirsrv/ds.keytab.
Entry for principal ldap/jutta.cc.umanitoba.ca at UOFMT1 with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/dirsrv/ds.keytab.
Entry for principal ldap/jutta.cc.umanitoba.ca at UOFMT1 with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab.
Entry for principal ldap/jutta.cc.umanitoba.ca at UOFMT1 with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab.
2016-03-14T19:12:39Z DEBUG stderr=
2016-03-14T19:12:39Z DEBUG duration: 25 seconds
2016-03-14T19:12:39Z DEBUG [4/8]: creating a keytab for the machine
2016-03-14T19:12:39Z DEBUG Starting external process
2016-03-14T19:12:39Z DEBUG args='kadmin.local' '-q' 'addprinc -randkey host/jutta.cc.umanitoba.ca at UOFMT1' '-x' 'ipa-setup-override-restrictions'
2016-03-14T19:12:48Z DEBUG Process finished, return code=0
2016-03-14T19:12:48Z DEBUG stdout=Authenticating as principal root/admin at UOFMT1 with password.
Principal "host/jutta.cc.umanitoba.ca at UOFMT1" created.
2016-03-14T19:12:48Z DEBUG stderr=WARNING: no policy specified for host/jutta.cc.umanitoba.ca at UOFMT1; defaulting to no policy
2016-03-14T19:12:48Z DEBUG Backing up system configuration file '/etc/krb5.keytab'
2016-03-14T19:12:48Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2016-03-14T19:12:48Z DEBUG Starting external process
2016-03-14T19:12:48Z DEBUG args='kadmin.local' '-q' 'ktadd -k /etc/krb5.keytab host/jutta.cc.umanitoba.ca at UOFMT1' '-x' 'ipa-setup-override-restrictions'
2016-03-14T19:12:58Z DEBUG Process finished, return code=0
2016-03-14T19:12:58Z DEBUG stdout=Authenticating as principal root/admin at UOFMT1 with password.
Entry for principal host/jutta.cc.umanitoba.ca at UOFMT1 with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab.
Entry for principal host/jutta.cc.umanitoba.ca at UOFMT1 with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab.
Entry for principal host/jutta.cc.umanitoba.ca at UOFMT1 with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/krb5.keytab.
Entry for principal host/jutta.cc.umanitoba.ca at UOFMT1 with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/krb5.keytab.
Entry for principal host/jutta.cc.umanitoba.ca at UOFMT1 with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/krb5.keytab.
Entry for principal host/jutta.cc.umanitoba.ca at UOFMT1 with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/krb5.keytab.
2016-03-14T19:12:58Z DEBUG stderr=
2016-03-14T19:13:04Z DEBUG duration: 25 seconds
2016-03-14T19:13:04Z DEBUG [5/8]: adding the password extension to the directory
2016-03-14T19:13:04Z DEBUG Starting external process
2016-03-14T19:13:04Z DEBUG args='/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmp6ZKNXD' '-H' 'ldapi://%2fvar%2frun%2fslapd-UOFMT1.socket' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpr6vKi9'
2016-03-14T19:13:05Z DEBUG Process finished, return code=0
2016-03-14T19:13:05Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
ipa_pwd_extop
add nsslapd-pluginpath:
libipa_pwd_extop
add nsslapd-plugininitfunc:
ipapwd_init
add nsslapd-plugintype:
extendedop
add nsslapd-pluginbetxn:
on
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipa_pwd_extop
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
RedHat
add nsslapd-plugindescription:
Support saving passwords in multiple formats for different consumers (krb5, samba, freeradius, etc.)
add nsslapd-plugin-depends-on-type:
database
add nsslapd-realmTree:
dc=uofmt1
adding new entry "cn=ipa_pwd_extop,cn=plugins,cn=config"
modify complete
2016-03-14T19:13:05Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-UOFMT1.socket/??base )
2016-03-14T19:13:05Z DEBUG duration: 0 seconds
2016-03-14T19:13:05Z DEBUG [6/8]: enable GSSAPI for replication
2016-03-14T19:13:06Z DEBUG flushing ldaps://jutta.cc.umanitoba.ca:636 from SchemaCache
2016-03-14T19:13:06Z DEBUG retrieving schema for SchemaCache url=ldaps://jutta.cc.umanitoba.ca:636 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x85b0f80>
2016-03-14T19:13:07Z INFO Setting agreement cn=meTomork.cc.umanitoba.ca,cn=replica,cn=dc\=uofmt1,cn=mapping tree,cn=config schedule to 2358-2359 0 to force synch
2016-03-14T19:13:08Z INFO Deleting schedule 2358-2359 0 from agreement cn=meTomork.cc.umanitoba.ca,cn=replica,cn=dc\=uofmt1,cn=mapping tree,cn=config
2016-03-14T19:13:09Z INFO Replication Update in progress: FALSE: status: 0 Replica acquired successfully: Incremental update succeeded: start: 0: end: 0
2016-03-14T19:13:09Z DEBUG flushing ldaps://mork.cc.umanitoba.ca:636 from SchemaCache
2016-03-14T19:13:09Z DEBUG retrieving schema for SchemaCache url=ldaps://mork.cc.umanitoba.ca:636 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x85b0680>
2016-03-14T19:13:09Z INFO Setting agreement cn=meTojutta.cc.umanitoba.ca,cn=replica,cn=dc\=uofmt1,cn=mapping tree,cn=config schedule to 2358-2359 0 to force synch
2016-03-14T19:13:10Z INFO Deleting schedule 2358-2359 0 from agreement cn=meTojutta.cc.umanitoba.ca,cn=replica,cn=dc\=uofmt1,cn=mapping tree,cn=config
2016-03-14T19:13:11Z INFO Replication Update in progress: FALSE: status: 0 Replica acquired successfully: Incremental update succeeded: start: 0: end: 0
2016-03-14T19:13:11Z INFO Getting ldap service principals for conversion: (krbprincipalname=ldap/jutta.cc.umanitoba.ca at UOFMT1) and (krbprincipalname=ldap/mork.cc.umanitoba.ca at UOFMT1)
2016-03-14T19:13:12Z DEBUG Found both principals.
2016-03-14T19:13:16Z DEBUG duration: 11 seconds
2016-03-14T19:13:16Z DEBUG [7/8]: starting the KDC
2016-03-14T19:13:16Z DEBUG Starting external process
2016-03-14T19:13:16Z DEBUG args='/bin/systemctl' 'start' 'krb5kdc.service'
2016-03-14T19:13:21Z DEBUG Process finished, return code=0
2016-03-14T19:13:21Z DEBUG stdout=
2016-03-14T19:13:21Z DEBUG stderr=
2016-03-14T19:13:21Z DEBUG Starting external process
2016-03-14T19:13:21Z DEBUG args='/bin/systemctl' 'is-active' 'krb5kdc.service'
2016-03-14T19:13:21Z DEBUG Process finished, return code=0
2016-03-14T19:13:21Z DEBUG stdout=active
2016-03-14T19:13:21Z DEBUG stderr=
2016-03-14T19:13:21Z DEBUG duration: 4 seconds
2016-03-14T19:13:21Z DEBUG [8/8]: configuring KDC to start on boot
2016-03-14T19:13:21Z DEBUG Starting external process
2016-03-14T19:13:21Z DEBUG args='/bin/systemctl' 'is-enabled' 'krb5kdc.service'
2016-03-14T19:13:21Z DEBUG Process finished, return code=1
2016-03-14T19:13:21Z DEBUG stdout=disabled
2016-03-14T19:13:21Z DEBUG stderr=
2016-03-14T19:13:21Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:13:21Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:13:21Z DEBUG Starting external process
2016-03-14T19:13:21Z DEBUG args='/bin/systemctl' 'disable' 'krb5kdc.service'
2016-03-14T19:13:21Z DEBUG Process finished, return code=0
2016-03-14T19:13:21Z DEBUG stdout=
2016-03-14T19:13:21Z DEBUG stderr=
2016-03-14T19:13:23Z DEBUG duration: 2 seconds
2016-03-14T19:13:23Z DEBUG Done configuring Kerberos KDC (krb5kdc).
2016-03-14T19:13:23Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:13:23Z DEBUG Configuring kadmin
2016-03-14T19:13:23Z DEBUG [1/2]: starting kadmin
2016-03-14T19:13:23Z DEBUG Starting external process
2016-03-14T19:13:23Z DEBUG args='/bin/systemctl' 'is-active' 'kadmin.service'
2016-03-14T19:13:23Z DEBUG Process finished, return code=3
2016-03-14T19:13:23Z DEBUG stdout=failed
2016-03-14T19:13:23Z DEBUG stderr=
2016-03-14T19:13:23Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:13:23Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2016-03-14T19:13:23Z DEBUG Starting external process
2016-03-14T19:13:23Z DEBUG args='/bin/systemctl' 'restart' 'kadmin.service'
2016-03-14T19:13:33Z DEBUG Process finished, return code=1
2016-03-14T19:13:33Z DEBUG stdout=
2016-03-14T19:13:33Z DEBUG stderr=Job for kadmin.service failed because the control process exited with error code. See "systemctl status kadmin.service" and "journalctl -xe" for details.
2016-03-14T19:13:33Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 418, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 408, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 542, in __start
self.restart()
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 318, in restart
self.service.restart(instance_name, capture_output=capture_output, wait=wait)
File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 314, in restart
capture_output=capture_output)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 373, in run
raise CalledProcessError(p.returncode, arg_string, stdout)
CalledProcessError: Command ''/bin/systemctl' 'restart' 'kadmin.service'' returned non-zero exit status 1
2016-03-14T19:13:33Z DEBUG [error] CalledProcessError: Command ''/bin/systemctl' 'restart' 'kadmin.service'' returned non-zero exit status 1
2016-03-14T19:13:33Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 311, in run
cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 281, in run
self.execute()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 303, in execute
for nothing in self._executor():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 343, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 365, in _handle_exception
util.raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 333, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 87, in run_generator_with_yield_from
raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 65, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 524, in _configure
executor.next()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 343, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 365, in _handle_exception
util.raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 365, in _handle_exception
util.raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 333, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 87, in run_generator_with_yield_from
raise_exc_info(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 65, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install
for nothing in self._installer(self.parent):
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 879, in main
install(self)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 295, in decorated
func(installer)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 586, in install
krb = install_krb(config, setup_pkinit=not options.no_pkinit)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 93, in install_krb
setup_pkinit, pkcs12_info)
File "/usr/lib/python2.7/site-packages/ipaserver/install/krbinstance.py", line 217, in create_replica
self.kpasswd.create_instance('KPASSWD', self.fqdn, self.admin_password, self.suffix)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 536, in create_instance
self.start_creation("Configuring %s" % self.service_name)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 418, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 408, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 542, in __start
self.restart()
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 318, in restart
self.service.restart(instance_name, capture_output=capture_output, wait=wait)
File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 314, in restart
capture_output=capture_output)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 373, in run
raise CalledProcessError(p.returncode, arg_string, stdout)
2016-03-14T19:13:33Z DEBUG The ipa-replica-install command failed, exception: CalledProcessError: Command ''/bin/systemctl' 'restart' 'kadmin.service'' returned non-zero exit status 1
2016-03-14T19:13:33Z ERROR Command ''/bin/systemctl' 'restart' 'kadmin.service'' returned non-zero exit status 1
-------------- next part --------------
otp: Loaded
Mar 10 14:20:39 jutta.cc.umanitoba.ca krb5kdc[25950](Error): preauth pkinit failed to initialize: No realms configured correctly for pkinit support
Mar 10 14:20:39 jutta.cc.umanitoba.ca krb5kdc[25950](info): setting up network...
Mar 10 14:20:39 jutta.cc.umanitoba.ca krb5kdc[25950](info): listening on fd 6: udp 0.0.0.0.88 (pktinfo)
krb5kdc: setsockopt(7,IPV6_V6ONLY,1) worked
Mar 10 14:20:39 jutta.cc.umanitoba.ca krb5kdc[25950](info): listening on fd 7: udp ::.88 (pktinfo)
krb5kdc: setsockopt(8,IPV6_V6ONLY,1) worked
Mar 10 14:20:39 jutta.cc.umanitoba.ca krb5kdc[25950](info): listening on fd 9: tcp 0.0.0.0.88
Mar 10 14:20:39 jutta.cc.umanitoba.ca krb5kdc[25950](info): listening on fd 8: tcp ::.88
Mar 10 14:20:39 jutta.cc.umanitoba.ca krb5kdc[25950](info): set up 4 sockets
Mar 10 14:20:39 jutta.cc.umanitoba.ca krb5kdc[25951](info): creating 64 worker processes
Mar 10 14:20:39 jutta.cc.umanitoba.ca krb5kdc[25951](info): closing down fd 8
Mar 10 14:20:39 jutta.cc.umanitoba.ca krb5kdc[25951](info): closing down fd 9
Mar 10 14:20:39 jutta.cc.umanitoba.ca krb5kdc[25951](info): closing down fd 7
Mar 10 14:20:39 jutta.cc.umanitoba.ca krb5kdc[25951](info): closing down fd 6
Mar 10 14:20:47 jutta.cc.umanitoba.ca krb5kdc[25952](info): commencing operation
Mar 10 14:20:47 jutta.cc.umanitoba.ca krb5kdc[25954](info): commencing operation
Mar 10 14:20:48 jutta.cc.umanitoba.ca krb5kdc[25953](info): commencing operation
Mar 10 14:20:48 jutta.cc.umanitoba.ca krb5kdc[25957](info): commencing operation
Mar 10 14:20:48 jutta.cc.umanitoba.ca krb5kdc[25956](info): commencing operation
Mar 10 14:20:48 jutta.cc.umanitoba.ca krb5kdc[25955](info): commencing operation
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25951](Error): worker 25959 exited with status 256
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25955](debug): Got signal to request exit
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25955](info): closing down fd 8
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25955](info): closing down fd 9
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25953](debug): Got signal to request exit
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25956](debug): Got signal to request exit
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25954](debug): Got signal to request exit
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25952](debug): Got signal to request exit
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25955](info): closing down fd 7
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25955](info): closing down fd 6
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25953](info): closing down fd 8
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25955](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25952](info): closing down fd 8
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25953](info): closing down fd 9
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25956](info): closing down fd 8
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25954](info): closing down fd 8
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25952](info): closing down fd 9
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25953](info): closing down fd 7
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25956](info): closing down fd 9
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25954](info): closing down fd 9
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25952](info): closing down fd 7
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25953](info): closing down fd 6
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25956](info): closing down fd 7
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25952](info): closing down fd 6
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25954](info): closing down fd 7
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25956](info): closing down fd 6
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25953](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25952](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25954](info): closing down fd 6
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25956](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 10 14:20:49 jutta.cc.umanitoba.ca krb5kdc[25954](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 10 14:20:54 jutta.cc.umanitoba.ca krb5kdc[25957](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 130.179.19.176: LOOKING_UP_CLIENT: ldap/jutta.cc.umanitoba.ca at UOFMT1 for krbtgt/UOFMT1 at UOFMT1, Server error
Mar 10 14:20:54 jutta.cc.umanitoba.ca krb5kdc[25957](debug): Got signal to request exit
Mar 10 14:20:54 jutta.cc.umanitoba.ca krb5kdc[25957](info): closing down fd 12
Mar 10 14:20:54 jutta.cc.umanitoba.ca krb5kdc[25957](info): closing down fd 8
Mar 10 14:20:54 jutta.cc.umanitoba.ca krb5kdc[25957](info): closing down fd 9
Mar 10 14:20:54 jutta.cc.umanitoba.ca krb5kdc[25957](info): closing down fd 7
Mar 10 14:20:54 jutta.cc.umanitoba.ca krb5kdc[25957](info): closing down fd 6
Mar 10 14:20:54 jutta.cc.umanitoba.ca krb5kdc[25957](info): shutting down
otp: Loaded
Mar 14 08:53:24 jutta.cc.umanitoba.ca krb5kdc[39742](Error): preauth pkinit failed to initialize: No realms configured correctly for pkinit support
Mar 14 08:53:24 jutta.cc.umanitoba.ca krb5kdc[39742](info): setting up network...
Mar 14 08:53:24 jutta.cc.umanitoba.ca krb5kdc[39742](info): listening on fd 6: udp 0.0.0.0.88 (pktinfo)
krb5kdc: setsockopt(7,IPV6_V6ONLY,1) worked
Mar 14 08:53:24 jutta.cc.umanitoba.ca krb5kdc[39742](info): listening on fd 7: udp ::.88 (pktinfo)
krb5kdc: setsockopt(8,IPV6_V6ONLY,1) worked
Mar 14 08:53:24 jutta.cc.umanitoba.ca krb5kdc[39742](info): listening on fd 9: tcp 0.0.0.0.88
Mar 14 08:53:24 jutta.cc.umanitoba.ca krb5kdc[39742](info): listening on fd 8: tcp ::.88
Mar 14 08:53:24 jutta.cc.umanitoba.ca krb5kdc[39742](info): set up 4 sockets
Mar 14 08:53:24 jutta.cc.umanitoba.ca krb5kdc[39755](info): creating 64 worker processes
Mar 14 08:53:24 jutta.cc.umanitoba.ca krb5kdc[39755](info): closing down fd 8
Mar 14 08:53:24 jutta.cc.umanitoba.ca krb5kdc[39755](info): closing down fd 9
Mar 14 08:53:24 jutta.cc.umanitoba.ca krb5kdc[39755](info): closing down fd 7
Mar 14 08:53:24 jutta.cc.umanitoba.ca krb5kdc[39755](info): closing down fd 6
Mar 14 08:53:31 jutta.cc.umanitoba.ca krb5kdc[39756](info): commencing operation
Mar 14 08:53:31 jutta.cc.umanitoba.ca krb5kdc[39758](info): commencing operation
Mar 14 08:53:31 jutta.cc.umanitoba.ca krb5kdc[39757](info): commencing operation
Mar 14 08:53:32 jutta.cc.umanitoba.ca krb5kdc[39762](info): commencing operation
Mar 14 08:53:33 jutta.cc.umanitoba.ca krb5kdc[39764](info): commencing operation
Mar 14 08:53:33 jutta.cc.umanitoba.ca krb5kdc[39760](info): commencing operation
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39763](info): commencing operation
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39759](info): commencing operation
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39761](info): commencing operation
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39755](Error): worker 39766 exited with status 256
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39763](debug): Got signal to request exit
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39759](debug): Got signal to request exit
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39763](info): closing down fd 8
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39759](info): closing down fd 8
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39763](info): closing down fd 9
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39759](info): closing down fd 9
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39763](info): closing down fd 7
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39759](info): closing down fd 7
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39763](info): closing down fd 6
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39759](info): closing down fd 6
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39760](debug): Got signal to request exit
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39761](debug): Got signal to request exit
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39758](debug): Got signal to request exit
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39762](debug): Got signal to request exit
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39757](debug): Got signal to request exit
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39759](info): shutting down
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39763](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39760](info): closing down fd 8
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39760](info): closing down fd 9
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39760](info): closing down fd 7
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39760](info): closing down fd 6
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39762](info): closing down fd 8
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39757](info): closing down fd 8
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39758](info): closing down fd 8
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39760](info): shutting down
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39761](info): closing down fd 8
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39762](info): closing down fd 9
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39757](info): closing down fd 9
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39761](info): closing down fd 9
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39758](info): closing down fd 9
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39762](info): closing down fd 7
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39757](info): closing down fd 7
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39761](info): closing down fd 7
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39758](info): closing down fd 7
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39762](info): closing down fd 6
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39757](info): closing down fd 6
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39761](info): closing down fd 6
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39758](info): closing down fd 6
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39762](info): shutting down
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39757](info): shutting down
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39758](info): shutting down
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39764](debug): Got signal to request exit
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39761](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39764](info): closing down fd 8
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39764](info): closing down fd 9
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39764](info): closing down fd 7
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39764](info): closing down fd 6
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 08:53:34 jutta.cc.umanitoba.ca krb5kdc[39764](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 08:53:39 jutta.cc.umanitoba.ca krb5kdc[39756](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 130.179.19.176: LOOKING_UP_SERVER: ldap/jutta.cc.umanitoba.ca at UOFMT1 for krbtgt/UOFMT1 at UOFMT1, Server error
Mar 14 08:53:39 jutta.cc.umanitoba.ca krb5kdc[39756](debug): Got signal to request exit
Mar 14 08:53:39 jutta.cc.umanitoba.ca krb5kdc[39756](info): closing down fd 12
Mar 14 08:53:39 jutta.cc.umanitoba.ca krb5kdc[39756](info): closing down fd 8
Mar 14 08:53:39 jutta.cc.umanitoba.ca krb5kdc[39756](info): closing down fd 9
Mar 14 08:53:39 jutta.cc.umanitoba.ca krb5kdc[39756](info): closing down fd 7
Mar 14 08:53:39 jutta.cc.umanitoba.ca krb5kdc[39756](info): closing down fd 6
Mar 14 08:53:39 jutta.cc.umanitoba.ca krb5kdc[39756](info): shutting down
otp: Loaded
Mar 14 11:55:33 jutta.cc.umanitoba.ca krb5kdc[44106](Error): preauth pkinit failed to initialize: No realms configured correctly for pkinit support
Mar 14 11:55:33 jutta.cc.umanitoba.ca krb5kdc[44106](info): setting up network...
Mar 14 11:55:33 jutta.cc.umanitoba.ca krb5kdc[44106](info): listening on fd 6: udp 0.0.0.0.88 (pktinfo)
krb5kdc: setsockopt(7,IPV6_V6ONLY,1) worked
Mar 14 11:55:33 jutta.cc.umanitoba.ca krb5kdc[44106](info): listening on fd 7: udp ::.88 (pktinfo)
krb5kdc: setsockopt(8,IPV6_V6ONLY,1) worked
Mar 14 11:55:33 jutta.cc.umanitoba.ca krb5kdc[44106](info): listening on fd 9: tcp 0.0.0.0.88
Mar 14 11:55:33 jutta.cc.umanitoba.ca krb5kdc[44106](info): listening on fd 8: tcp ::.88
Mar 14 11:55:33 jutta.cc.umanitoba.ca krb5kdc[44106](info): set up 4 sockets
Mar 14 11:55:33 jutta.cc.umanitoba.ca krb5kdc[44107](info): creating 64 worker processes
Mar 14 11:55:34 jutta.cc.umanitoba.ca krb5kdc[44107](info): closing down fd 8
Mar 14 11:55:34 jutta.cc.umanitoba.ca krb5kdc[44107](info): closing down fd 9
Mar 14 11:55:34 jutta.cc.umanitoba.ca krb5kdc[44107](info): closing down fd 7
Mar 14 11:55:34 jutta.cc.umanitoba.ca krb5kdc[44107](info): closing down fd 6
Mar 14 11:55:39 jutta.cc.umanitoba.ca krb5kdc[44108](info): commencing operation
Mar 14 11:55:40 jutta.cc.umanitoba.ca krb5kdc[44111](info): commencing operation
Mar 14 11:55:40 jutta.cc.umanitoba.ca krb5kdc[44110](info): commencing operation
Mar 14 11:55:40 jutta.cc.umanitoba.ca krb5kdc[44112](info): commencing operation
Mar 14 11:55:40 jutta.cc.umanitoba.ca krb5kdc[44109](info): commencing operation
Mar 14 11:55:42 jutta.cc.umanitoba.ca krb5kdc[44108](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 130.179.19.176: NEEDED_PREAUTH: ldap/jutta.cc.umanitoba.ca at UOFMT1 for krbtgt/UOFMT1 at UOFMT1, Additional pre-authentication required
Mar 14 11:55:42 jutta.cc.umanitoba.ca krb5kdc[44108](info): closing down fd 12
Mar 14 11:55:42 jutta.cc.umanitoba.ca krb5kdc[44117](info): commencing operation
Mar 14 11:55:42 jutta.cc.umanitoba.ca krb5kdc[44113](info): commencing operation
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44114](info): commencing operation
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44118](info): commencing operation
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44115](info): commencing operation
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44119](info): commencing operation
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44116](info): commencing operation
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44107](Error): worker 44120 exited with status 256
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44114](debug): Got signal to request exit
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44118](debug): Got signal to request exit
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44114](info): closing down fd 8
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44114](info): closing down fd 9
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44116](debug): Got signal to request exit
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44114](info): closing down fd 7
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44118](info): closing down fd 8
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44114](info): closing down fd 6
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44118](info): closing down fd 9
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44114](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44118](info): closing down fd 7
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44118](info): closing down fd 6
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44119](debug): Got signal to request exit
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44118](info): shutting down
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44116](info): closing down fd 8
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44117](debug): Got signal to request exit
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44113](debug): Got signal to request exit
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44108](debug): Got signal to request exit
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44116](info): closing down fd 9
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44119](info): closing down fd 8
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44116](info): closing down fd 7
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44119](info): closing down fd 9
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44116](info): closing down fd 6
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44119](info): closing down fd 7
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44119](info): closing down fd 6
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44108](info): closing down fd 8
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44116](info): shutting down
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44113](info): closing down fd 8
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44108](info): closing down fd 9
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44115](debug): Got signal to request exit
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44119](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44113](info): closing down fd 9
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44110](debug): Got signal to request exit
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44111](debug): Got signal to request exit
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44108](info): closing down fd 7
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44113](info): closing down fd 7
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44108](info): closing down fd 6
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44113](info): closing down fd 6
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44112](debug): Got signal to request exit
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44108](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44113](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44115](info): closing down fd 8
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44110](info): closing down fd 8
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44115](info): closing down fd 9
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44110](info): closing down fd 9
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44111](info): closing down fd 8
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44115](info): closing down fd 7
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44110](info): closing down fd 7
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44112](info): closing down fd 8
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44111](info): closing down fd 9
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44110](info): closing down fd 6
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44115](info): closing down fd 6
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44111](info): closing down fd 7
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44112](info): closing down fd 9
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44111](info): closing down fd 6
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44110](info): shutting down
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44115](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44112](info): closing down fd 7
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44111](info): shutting down
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44117](info): closing down fd 8
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44112](info): closing down fd 6
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44117](info): closing down fd 9
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44112](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44117](info): closing down fd 7
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44117](info): closing down fd 6
Mar 14 11:55:43 jutta.cc.umanitoba.ca krb5kdc[44117](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 11:55:48 jutta.cc.umanitoba.ca krb5kdc[44109](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 130.179.19.176: LOOKING_UP_CLIENT: ldap/jutta.cc.umanitoba.ca at UOFMT1 for krbtgt/UOFMT1 at UOFMT1, Server error
Mar 14 11:55:48 jutta.cc.umanitoba.ca krb5kdc[44109](debug): Got signal to request exit
Mar 14 11:55:48 jutta.cc.umanitoba.ca krb5kdc[44109](info): closing down fd 12
Mar 14 11:55:48 jutta.cc.umanitoba.ca krb5kdc[44109](info): closing down fd 8
Mar 14 11:55:48 jutta.cc.umanitoba.ca krb5kdc[44109](info): closing down fd 9
Mar 14 11:55:48 jutta.cc.umanitoba.ca krb5kdc[44109](info): closing down fd 7
Mar 14 11:55:48 jutta.cc.umanitoba.ca krb5kdc[44109](info): closing down fd 6
Mar 14 11:55:48 jutta.cc.umanitoba.ca krb5kdc[44109](info): shutting down
otp: Loaded
Mar 14 13:35:22 jutta.cc.umanitoba.ca krb5kdc[48219](Error): preauth pkinit failed to initialize: No realms configured correctly for pkinit support
Mar 14 13:35:22 jutta.cc.umanitoba.ca krb5kdc[48219](info): setting up network...
Mar 14 13:35:22 jutta.cc.umanitoba.ca krb5kdc[48219](info): listening on fd 6: udp 0.0.0.0.88 (pktinfo)
krb5kdc: setsockopt(7,IPV6_V6ONLY,1) worked
Mar 14 13:35:22 jutta.cc.umanitoba.ca krb5kdc[48219](info): listening on fd 7: udp ::.88 (pktinfo)
krb5kdc: setsockopt(8,IPV6_V6ONLY,1) worked
Mar 14 13:35:22 jutta.cc.umanitoba.ca krb5kdc[48219](info): listening on fd 9: tcp 0.0.0.0.88
Mar 14 13:35:22 jutta.cc.umanitoba.ca krb5kdc[48219](info): listening on fd 8: tcp ::.88
Mar 14 13:35:22 jutta.cc.umanitoba.ca krb5kdc[48219](info): set up 4 sockets
Mar 14 13:35:22 jutta.cc.umanitoba.ca krb5kdc[48220](info): creating 64 worker processes
Mar 14 13:35:22 jutta.cc.umanitoba.ca krb5kdc[48220](info): closing down fd 8
Mar 14 13:35:22 jutta.cc.umanitoba.ca krb5kdc[48220](info): closing down fd 9
Mar 14 13:35:22 jutta.cc.umanitoba.ca krb5kdc[48220](info): closing down fd 7
Mar 14 13:35:22 jutta.cc.umanitoba.ca krb5kdc[48220](info): closing down fd 6
Mar 14 13:35:27 jutta.cc.umanitoba.ca krb5kdc[48222](info): commencing operation
Mar 14 13:35:27 jutta.cc.umanitoba.ca krb5kdc[48221](info): commencing operation
Mar 14 13:35:28 jutta.cc.umanitoba.ca krb5kdc[48224](info): commencing operation
Mar 14 13:35:28 jutta.cc.umanitoba.ca krb5kdc[48223](info): commencing operation
Mar 14 13:35:30 jutta.cc.umanitoba.ca krb5kdc[48227](info): commencing operation
Mar 14 13:35:30 jutta.cc.umanitoba.ca krb5kdc[48225](info): commencing operation
Mar 14 13:35:30 jutta.cc.umanitoba.ca krb5kdc[48228](info): commencing operation
Mar 14 13:35:30 jutta.cc.umanitoba.ca krb5kdc[48226](info): commencing operation
Mar 14 13:35:30 jutta.cc.umanitoba.ca krb5kdc[48222](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 130.179.19.176: NEEDED_PREAUTH: ldap/jutta.cc.umanitoba.ca at UOFMT1 for krbtgt/UOFMT1 at UOFMT1, Additional pre-authentication required
Mar 14 13:35:30 jutta.cc.umanitoba.ca krb5kdc[48222](info): closing down fd 12
Mar 14 13:35:31 jutta.cc.umanitoba.ca krb5kdc[48231](info): commencing operation
Mar 14 13:35:31 jutta.cc.umanitoba.ca krb5kdc[48232](info): commencing operation
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48229](info): commencing operation
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48230](info): commencing operation
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48220](Error): worker 48233 exited with status 256
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48221](debug): Got signal to request exit
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48225](debug): Got signal to request exit
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48221](info): closing down fd 8
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48227](debug): Got signal to request exit
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48221](info): closing down fd 9
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48223](debug): Got signal to request exit
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48221](info): closing down fd 7
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48221](info): closing down fd 6
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48221](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48231](debug): Got signal to request exit
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48229](debug): Got signal to request exit
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48222](debug): Got signal to request exit
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48227](info): closing down fd 8
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48225](info): closing down fd 8
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48228](debug): Got signal to request exit
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48227](info): closing down fd 9
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48223](info): closing down fd 8
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48225](info): closing down fd 9
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48232](debug): Got signal to request exit
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48227](info): closing down fd 7
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48222](info): closing down fd 8
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48230](debug): Got signal to request exit
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48223](info): closing down fd 9
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48225](info): closing down fd 7
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48229](info): closing down fd 8
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48228](info): closing down fd 8
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48227](info): closing down fd 6
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48231](info): closing down fd 8
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48222](info): closing down fd 9
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48227](info): shutting down
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48229](info): closing down fd 9
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48225](info): closing down fd 6
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48223](info): closing down fd 7
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48231](info): closing down fd 9
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48222](info): closing down fd 7
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48228](info): closing down fd 9
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48232](info): closing down fd 8
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48229](info): closing down fd 7
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48231](info): closing down fd 7
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48222](info): closing down fd 6
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48223](info): closing down fd 6
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48229](info): closing down fd 6
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48225](info): shutting down
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48228](info): closing down fd 7
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48232](info): closing down fd 9
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48230](info): closing down fd 8
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48232](info): closing down fd 7
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48231](info): closing down fd 6
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48222](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48229](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48223](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48230](info): closing down fd 9
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48231](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48232](info): closing down fd 6
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48230](info): closing down fd 7
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48232](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48230](info): closing down fd 6
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48230](info): shutting down
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48224](debug): Got signal to request exit
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48224](info): closing down fd 8
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48224](info): closing down fd 9
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48224](info): closing down fd 7
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48224](info): closing down fd 6
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48224](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48226](debug): Got signal to request exit
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48228](info): closing down fd 6
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48226](info): closing down fd 8
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48226](info): closing down fd 9
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48228](info): shutting down
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48226](info): closing down fd 7
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48226](info): closing down fd 6
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 13:35:32 jutta.cc.umanitoba.ca krb5kdc[48226](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
otp: Loaded
Mar 14 14:13:21 jutta.cc.umanitoba.ca krb5kdc[57026](Error): preauth pkinit failed to initialize: No realms configured correctly for pkinit support
Mar 14 14:13:21 jutta.cc.umanitoba.ca krb5kdc[57026](info): setting up network...
Mar 14 14:13:21 jutta.cc.umanitoba.ca krb5kdc[57026](info): listening on fd 6: udp 0.0.0.0.88 (pktinfo)
krb5kdc: setsockopt(7,IPV6_V6ONLY,1) worked
Mar 14 14:13:21 jutta.cc.umanitoba.ca krb5kdc[57026](info): listening on fd 7: udp ::.88 (pktinfo)
krb5kdc: setsockopt(8,IPV6_V6ONLY,1) worked
Mar 14 14:13:21 jutta.cc.umanitoba.ca krb5kdc[57026](info): listening on fd 9: tcp 0.0.0.0.88
Mar 14 14:13:21 jutta.cc.umanitoba.ca krb5kdc[57026](info): listening on fd 8: tcp ::.88
Mar 14 14:13:21 jutta.cc.umanitoba.ca krb5kdc[57026](info): set up 4 sockets
Mar 14 14:13:21 jutta.cc.umanitoba.ca krb5kdc[57027](info): creating 64 worker processes
Mar 14 14:13:21 jutta.cc.umanitoba.ca krb5kdc[57027](info): closing down fd 8
Mar 14 14:13:21 jutta.cc.umanitoba.ca krb5kdc[57027](info): closing down fd 9
Mar 14 14:13:21 jutta.cc.umanitoba.ca krb5kdc[57027](info): closing down fd 7
Mar 14 14:13:21 jutta.cc.umanitoba.ca krb5kdc[57027](info): closing down fd 6
Mar 14 14:13:26 jutta.cc.umanitoba.ca krb5kdc[57029](info): commencing operation
Mar 14 14:13:26 jutta.cc.umanitoba.ca krb5kdc[57028](info): commencing operation
Mar 14 14:13:28 jutta.cc.umanitoba.ca krb5kdc[57031](info): commencing operation
Mar 14 14:13:28 jutta.cc.umanitoba.ca krb5kdc[57030](info): commencing operation
Mar 14 14:13:29 jutta.cc.umanitoba.ca krb5kdc[57036](info): commencing operation
Mar 14 14:13:29 jutta.cc.umanitoba.ca krb5kdc[57033](info): commencing operation
Mar 14 14:13:29 jutta.cc.umanitoba.ca krb5kdc[57035](info): commencing operation
Mar 14 14:13:29 jutta.cc.umanitoba.ca krb5kdc[57034](info): commencing operation
Mar 14 14:13:29 jutta.cc.umanitoba.ca krb5kdc[57032](info): commencing operation
Mar 14 14:13:29 jutta.cc.umanitoba.ca krb5kdc[57029](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 130.179.19.176: NEEDED_PREAUTH: ldap/jutta.cc.umanitoba.ca at UOFMT1 for krbtgt/UOFMT1 at UOFMT1, Additional pre-authentication required
Mar 14 14:13:29 jutta.cc.umanitoba.ca krb5kdc[57029](info): closing down fd 12
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57027](Error): worker 57040 exited with status 256
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57030](debug): Got signal to request exit
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57031](debug): Got signal to request exit
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57036](debug): Got signal to request exit
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57028](debug): Got signal to request exit
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57033](debug): Got signal to request exit
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57029](debug): Got signal to request exit
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57035](debug): Got signal to request exit
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57034](debug): Got signal to request exit
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57029](info): closing down fd 8
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57028](info): closing down fd 8
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57030](info): closing down fd 8
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57029](info): closing down fd 9
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57028](info): closing down fd 9
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57029](info): closing down fd 7
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57030](info): closing down fd 9
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57028](info): closing down fd 7
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57029](info): closing down fd 6
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57028](info): closing down fd 6
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57030](info): closing down fd 7
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57031](info): closing down fd 8
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57033](info): closing down fd 8
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57029](info): shutting down
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57031](info): closing down fd 9
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57028](info): shutting down
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57030](info): closing down fd 6
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57031](info): closing down fd 7
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57035](info): closing down fd 8
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57034](info): closing down fd 8
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57033](info): closing down fd 9
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57035](info): closing down fd 9
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57035](info): closing down fd 7
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57031](info): closing down fd 6
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57030](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57034](info): closing down fd 9
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57035](info): closing down fd 6
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57031](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57034](info): closing down fd 7
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57035](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57034](info): closing down fd 6
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57033](info): closing down fd 7
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57034](info): shutting down
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57033](info): closing down fd 6
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57033](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57036](info): closing down fd 8
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57036](info): closing down fd 9
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57036](info): closing down fd 7
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57036](info): closing down fd 6
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57036](info): shutting down
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57032](debug): Got signal to request exit
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
krb5kdc: Server error - while fetching master key K/M for realm UOFMT1
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57032](info): closing down fd 8
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57032](info): closing down fd 9
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57032](info): closing down fd 7
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57032](info): closing down fd 6
Mar 14 14:13:31 jutta.cc.umanitoba.ca krb5kdc[57032](info): shutting down
krb5kdc: Server error - while fetching master keys list for realm UOFMT1
krb5kdc: Server error - while fetching master keys list for realm UOFMT1
krb5kdc: Server error - while fetching master keys list for realm UOFMT1
More information about the Freeipa-users
mailing list