[Pki-devel] pki-dogtag operation(ca , subca)

Harshana Porawagama harshanahnd at gmail.com
Thu Jan 13 09:30:26 UTC 2011 

Yes,
Since you have two CA instances running on the same machine, you should
select the relevant Administrator certificate.
In your browser select the option "Ask me every time" in the question "When
a server request my personal certificate". Then select the relevant
certificate for the relevant CA instance.


2011/1/13 RD at WoSign <rd at wosign.com>

> *Hi,*
>    Sorry,  I've found a the way to solve the problem, Login in adminitrator
> console view the log, find that my choose's certificate is not *Credential
> *, if we choose another *Credential certificate, the system is normal.
>    thanks all,
>
> * * Best Regards,
>    jeff*
>
> 在 2011年1月13日 上午10:31,RD at WoSign <rd at wosign.com>写道:
>
> hi,all,
>>       I have installed Dogtag Certificate System by
>> pki_install_guide,include ca, subca, kra, ocsp,tks,ra and tps,  configure is
>> finished.
>> i have problem in using the Dogtag Certificate Sytem, there many main
>> requestes follow.
>>      note: my test domain is wotest.com   , operate platform is fedora 13
>>     * 1.* after pkicreate and configure,Enrollment Certificate  by URL *
>> https://wotest.com:9444/ca/ee/ca/ * and Issue Certifite  are OK,
>> but i access subca  Agent Service, can't fetch the subca's Certificate
>> Enrollment  submited by SSL END USER SERVICES(*
>> https://wotest.com:9544/ca/ee/ca*/).
>> Subca's Agent Service Click *List Requests<https://woto.localdomain:9443/ca/agent/ca/frameListReq.html>
>> *  display :
>> *Problem Processing Your Request *  *
>> *
>>
>> *The Certificate Manager encountered an unexpected error while processing
>> your request. The following is a detailed message of the error that
>> occurred.
>> *
>>
>> *Invalid Credential.
>> *
>>
>> *Please consult your local administrator for further assistance. The
>> Certificate System logs may provide further information. *
>>
>>
>> * 2.*  if I restart fc13 and execute the "service pki-cad start "
>> ,display:
>>    * pki-ca (pid 3386) is running ...
>>
>>     Unsecure Port       = http://wotest.com:9180/ca/ee/ca
>>     Secure Agent Port   = https://wotest.com:9443/ca/agent/ca
>>     Secure EE Port      = https://wotest.com:9444/ca/ee/ca
>>     Secure Admin Port   = https://wotest.com:9445/ca/services
>>     EE Client Auth Port = https://wotest.com:9446/ca/eeca/ca
>>     PKI Console Port    = pkiconsole https://wotest.com:9445/ca* *
>>     Tomcat Port         = 9701 (for shutdown)
>>
>>     PKI Instance Name:   pki-ca
>>
>>     PKI Subsystem Type:  Root CA (Security Domain)
>>
>>     Registered PKI Security Domain Information:
>>
>> ==========================================================================
>>     Name:  wotest
>>     URL:   https://wotest.com:9445
>>
>> ==========================================================================
>>
>> [root at woto jeff]# service pki-cad start pki-subca
>> Starting pki-subca:
>>                                                            [确定]
>>
>> pki-subca (pid 4341) is running ...
>>
>>     Unsecure Port       = http://wotest.com:9580/ca/ee/ca
>>     Secure Agent Port   = https://wotest.com:9543/ca/agent/ca
>>     Secure EE Port      = https:/wotest.com:9544/ca/ee/ca
>>     Secure Admin Port   = https://wotest.com:9545/ca/services
>>     EE Client Auth Port = https://wotest.com:9546/ca/eeca/ca
>>     PKI Console Port    = pkiconsole https://wotest.com:9545/ca
>>     Tomcat Port         = 9801 (for shutdown)
>>
>>     PKI Instance Name:   pki-subca
>>
>>     PKI Subsystem Type:  Subordinate CA
>>
>>     Registered PKI Security Domain Information:
>>
>> ==========================================================================
>>     Name:  wotest
>>     URL:   https://wotest.com:9445
>>
>> ==========================================================================
>> *
>>
>>    if i access Agent Services in CA or SUBCA, Click *List Requests<https://woto.localdomain:9443/ca/agent/ca/frameListReq.html>
>> *  display :
>> *Problem Processing Your Request *  *
>> *
>>
>> *The Certificate Manager encountered an unexpected error while processing
>> your request. The following is a detailed message of the error that
>> occurred.
>> *
>>
>> *Invalid Credential.
>> *
>>
>> *Please consult your local administrator for further assistance. The
>> Certificate System logs may provide further information.
>> *
>>
>>
>> So, we can't go on, please tell me what's the problem, and how to   do?
>>     thanks a lot.
>>
>>     --
>>     Best Regards,
>>     jeff
>>
>>
>>
>>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
>
>


-- 
Best Regards,
Harshana
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20110113/880602bf/attachment.htm>

More information about the Pki-devel mailing list