[Pki-devel] "PKI Subsystem Configuration" help (RD at WoSign)
Kashyap Chamarthy
kchamart at redhat.com
Mon Jul 19 09:08:46 UTC 2010
(adding list)
On 07/19/2010 02:01 PM, RD at WoSign wrote:
> kashyap,
> Thank you for help.I have tried serval times by your advises on
> fedora12 or fedora13,but still failed.
> Install Dogtag Certificate System on fedora12, if I choose "Create a New
> Security Domain",whatever we enter, there is nothing to display,
> if choose "Join an Existing Security Domain ",it display error
> "org.xml.sax.SAXParseException: The string "--" is not permitted
> within comments.
I'm not sure, why you're hitting that message if you're using a domain name with valid
sane characters. As I mentioned earlier, it works perfectly fine for me with exact
security domain name as yours on Fedora12.
>
> There are also several doubts at the installation process:
> 1. On fedora 12, download the Binary Packages of Dogtag
> Certificate System 1.3 and later, include header(dir),repodata(dir) and
> *.rpm, but i don't known how to use.
Dogtag Certificate system 1.3 onwards, is now included in the Fedora repositories. So,
binary packages download is not necessary.
> 2. if i install the dogtag-pki, the SubSystem(pki-ca pki-kra and so
> on) will be setup, Both methods are equivalent?
Yes,
On a clean machine, installing 'dogtag-pki' should give you all subsystems. (dogtag-pki is
a meta package which will install all the required components)
-----
# yum install dogtag-pki
-----
/kashyap
> Look forward to your help,
> jeff
>
> 2010/7/13 Kashyap Chamarthy <kchamart at redhat.com
> <mailto:kchamart at redhat.com>>
>
> On 07/13/2010 08:06 AM, RD at WoSign wrote:
>
> Hi, all,
> I am trying to install Dogtag Certificate System, but at the
> "PKI
> Subsystem Configuration", we have the problem at step: "Creat e
> a New
> Securit y Domain", whatever we enter, it display error
> "$errorString",
> and if we choose the "*Join an Existing Security Domain *", it
> display
> error "org.xml.sax.SAXParseException: The string "--" is not
> permitted
> within comments.
> Maybe some components or configure is error, but I setup and
> configure
> pki subsystem(include Requirements and runtime tool) by the
> site:http://pki.fedoraproject.org/wiki/PKI_Install_Guide ,
>
> the infomation of my configure and environment:
>
> hostname: wotestca.com <http://wotestca.com/>
> <http://wotestca.com <http://wotestca.com/>>
>
> step 1:
> ============================================================
> Starting pki-ca: [OK]
> pki-ca (pid 2817) is running ...
> 'pki-ca' must still be CONFIGURED!
> (see /var/log/pki-ca-install.log)
> Before proceeding with the configuration, make sure
> the firewall settings of this machine permit proper
> access to this subsystem.
> Please start the configuration by accessing:
> https://wotestca.com:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz
> After configuration, the server can be operated by the command:
> /sbin/service pki-cad restart pki-ca
> ------------------------------------------------------------------------------------------------------------------------
>
> step 2:
> open :
> "https://wotestca.com:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz"
> to CA Setup Wizard
>
> step 3:
> choose "Create a New Security Domain", enter "
> testwosecdomain"
> and click "NEXT>" button,
>
>
> I tried same value you used above (_without_ the double quotes) on
> Fedora-12 for a 'New Security domain' and I was able to proceed
> perfectly fine.
>
>
> return errror"Invalid characters found in Security Domain Name
> testwosecdomain. Valid characters are A-Z, a-z, 0-9, dash and space"
>
>
> This clearly mentions what characters are 'valid'. Maybe you want to
> double-check that you're not inadvertently entering invalid
> characters(like "").
>
> hope that helps,
>
> /kashyap
>
>
>
>
> choose "Join an Existing Security Domain " ,
> if enter "https://wotestca.com:9445 <https://wotestca.com:9445/>
> <https://wotestca.com:9445/>"
>
> return error "org.xml.sax.SAXParseException: The string "--" is not
> permitted within comments"
>
> if enter" https://wotestca.com:9443 <https://wotestca.com:9443/>
> <https://wotestca.com:9443/>" or "
> https://wotestca.com:9446 <https://wotestca.com:9446/>
> <https://wotestca.com:9446/>"
>
> return error "Illegal SSL Admin HTTPS url value for the security
> domain "
>
>
> check the directory server:
> #service dirsrv status
> #dirsrv testca (pid 3342) is running......
>
> So, we can't go on, please tell me what's the problem, and how
> to do?
> thanks a lot.
>
> --
> Best Regards,
> jeff
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com <mailto:Pki-devel at redhat.com>
> https://www.redhat.com/mailman/listinfo/pki-devel
>
>
>
More information about the Pki-devel
mailing list