[Pki-devel] "PKI Subsystem Configuration" help (RD at WoSign)

Kashyap Chamarthy kchamart at redhat.com
Mon Jul 19 09:08:46 UTC 2010 

(adding list)

On 07/19/2010 02:01 PM, RD at WoSign wrote:
> kashyap,
>         Thank you for help.I have tried serval times by your advises on
> fedora12 or fedora13,but still failed.
> Install Dogtag Certificate System on fedora12, if I choose "Create a New
> Security Domain",whatever we enter, there is nothing to display,
> if choose "Join an Existing Security Domain ",it display error
> "org.xml.sax.SAXParseException: The   string "--" is not permitted
> within comments.

I'm not sure, why you're hitting that message if you're using a domain name with valid 
sane characters. As I mentioned earlier, it works perfectly fine for me with exact 
security domain name as yours on Fedora12.
>
>      There are also several doubts at the installation process:
>     1. On fedora 12, download the Binary Packages  of  Dogtag
> Certificate System 1.3 and later, include header(dir),repodata(dir) and
> *.rpm, but i don't known how to use.

Dogtag Certificate system 1.3 onwards, is now included in the Fedora repositories. So, 
binary packages download is not necessary.


>     2. if i install the dogtag-pki, the SubSystem(pki-ca pki-kra and so
> on) will be setup,  Both methods are equivalent?

Yes,

On a clean machine, installing 'dogtag-pki' should give you all subsystems. (dogtag-pki is 
a meta package which will install all the required components)
-----
# yum install dogtag-pki
-----

/kashyap


>     Look forward to your help,
> jeff
>
> 2010/7/13 Kashyap Chamarthy <kchamart at redhat.com
> <mailto:kchamart at redhat.com>>
>
>     On 07/13/2010 08:06 AM, RD at WoSign wrote:
>
>         Hi, all,
>             I am trying to install Dogtag Certificate System, but at the
>         "PKI
>         Subsystem Configuration", we have the problem at step: "Creat e
>         a New
>         Securit y Domain", whatever we enter, it display error
>         "$errorString",
>         and if we choose the "*Join an Existing Security Domain *", it
>         display
>         error "org.xml.sax.SAXParseException: The   string "--" is not
>         permitted
>         within comments.
>         Maybe some components or configure is error, but I setup and
>         configure
>         pki subsystem(include Requirements and runtime tool) by the
>         site:http://pki.fedoraproject.org/wiki/PKI_Install_Guide ,
>
>         the infomation of my configure and environment:
>
>         hostname: wotestca.com <http://wotestca.com/>
>         <http://wotestca.com <http://wotestca.com/>>
>
>         step 1:
>         ============================================================
>         Starting pki-ca:                                           [OK]
>         pki-ca (pid 2817) is running ...
>         'pki-ca' must still be CONFIGURED!
>              (see /var/log/pki-ca-install.log)
>         Before proceeding with the configuration, make sure
>         the firewall settings of this machine permit proper
>         access to this subsystem.
>         Please start the configuration by accessing:
>         https://wotestca.com:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz
>         After configuration, the server can be operated by the command:
>              /sbin/service pki-cad restart pki-ca
>         ------------------------------------------------------------------------------------------------------------------------
>
>         step 2:
>         open :
>         "https://wotestca.com:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz"
>         to CA Setup Wizard
>
>         step 3:
>               choose "Create a New Security Domain",  enter "
>         testwosecdomain"
>         and click "NEXT>" button,
>
>
>     I tried same value you used above (_without_ the double quotes) on
>     Fedora-12 for a 'New Security domain' and I was able to proceed
>     perfectly fine.
>
>
>         return errror"Invalid characters found in Security Domain Name
>         testwosecdomain. Valid characters are A-Z, a-z, 0-9, dash and space"
>
>
>     This clearly mentions what characters are 'valid'. Maybe you want to
>     double-check that you're not inadvertently entering invalid
>     characters(like "").
>
>     hope that helps,
>
>     /kashyap
>
>
>
>
>              choose "Join an Existing Security Domain " ,
>         if enter "https://wotestca.com:9445 <https://wotestca.com:9445/>
>         <https://wotestca.com:9445/>"
>
>         return error "org.xml.sax.SAXParseException: The string "--" is not
>         permitted within comments"
>
>         if enter" https://wotestca.com:9443 <https://wotestca.com:9443/>
>         <https://wotestca.com:9443/>" or "
>         https://wotestca.com:9446 <https://wotestca.com:9446/>
>         <https://wotestca.com:9446/>"
>
>         return error "Illegal SSL Admin HTTPS url value for the security
>         domain "
>
>
>         check the directory server:
>         #service dirsrv status
>         #dirsrv  testca (pid 3342) is running......
>
>         So, we can't go on, please tell me what's the problem, and how
>         to   do?
>         thanks a lot.
>
>         --
>         Best Regards,
>         jeff
>
>
>
>         _______________________________________________
>         Pki-devel mailing list
>         Pki-devel at redhat.com <mailto:Pki-devel at redhat.com>
>         https://www.redhat.com/mailman/listinfo/pki-devel
>
>
>

More information about the Pki-devel mailing list