[Pki-devel] [Fwd: Re: [Dogtag 1.0]]
Fabi Jubi
fabijubi at gmail.com
Fri Mar 28 15:17:58 UTC 2008
Hi Arshad,
I got error like this if the CA and the RA were in separetad firewall
zone. The problem was that in the communication: the CA got the firewall
address as source address and not the RA's
address. The soulution: we had to edit the hosts file like this:
IP address of firewall RAhostname
After the installation we could correct the hosts file and everythig worked
fine.
So, maybe check the name resolution.
Bye:
Peter
2008/3/28, Christina Fu <cfu at redhat.com>:
>
>
>
>
> ---------- Továbított levél ----------
> From: Christina Fu <cfu at redhat.com>
> To: pki-users at redhat.com
> Date: Fri, 28 Mar 2008 07:58:39 -0700
> Subject: Re: [Dogtag 1.0]
> Hi Arshad,
>
> Welcome to Dogtag!!
> The message "CA response: Authorization Error. Please also check
> previous related panels" is an indication that there is a problem
> between RA to CA communication.
> There are two places to trouble shoot.
> One is in the RA debug log, where, from the bottom of the log, you want
> to look for string "NamePanel: response content=" and see what the
> content value is. It should contain a non-zero return value from CA. A
> zero response means success.
> The other place is the CA debug log, where you might want to search for
> key word "profileSubmit" starting from the bottom of the log, and then
> scroll down slowly to find any error message relating to the
> authentication error.
>
> I believe the cookie has a timeout period, so if you waited too long in
> the middle of the installation of the RA, you would get an
> authentication error.
>
> Hope this helps. Let me know how it goes.
>
> Christina
> >
> >
> > -------- Original Message --------
> > Subject: Dogtag 1.0
> > Date: Wed, 19 Mar 2008 18:44:07 -0700
> > From: Arshad Noor <arshad.noor at strongauth.com>
> > Organization: StrongAuth, Inc.
> > To: pki-users at redhat.com, pki-devel at redhat.com
> >
> > Congratulations to the Dogtag team for finally open-sourcing
> > the product. Its a welcome addition to the open-source
> > community. Its been a long time coming, but better late than
> > never. :-)
> >
> > Question: In configuring the RA (after successfully setting
> > up the CA on 2.6.24.3-34.fc8 #1 SMP x86_64) there is an error
> > when trying to proceed past the "Subject Names" panel:
> >
> > "CA response: Authorization Error. Please also check previous related
> > panels."
> >
> > Any explanation of what went wrong? There doesn't appear to be
> > any errors in the error_log or debug files, but there is a small
> > ra-debug.log which shows an "Authentication Error".
> >
> > The only authentication credential I recall the wizard prompted
> > for was for the CA administrator ID (which was correct since the
> > cookie got established and I was able to proceed this far).
> >
> > TIA.
> >
> > Arshad Noor
> > StrongAuth, Inc.
> >
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20080328/3552cff8/attachment.htm>
More information about the Pki-devel
mailing list