[Pki-users] Invalid Credential / User not found

Jack Magne jmagne at redhat.com
Fri Apr 25 23:47:35 UTC 2008 

Ebbe:

You can leave your current directory instance. When you re-do the config 
wizard, you will just have to give unique names for the new directory 
trees it will have to create. Removing instances is a great idea for us 
to work on.

thanks,
jack

Ebbe Hansen wrote:
> Thanks for the advice -- so far I have created three CA instances using
> different names (pki-ca, pki-ca1, and pki-ca2) -- I will remove all
> three and start all over!
>
> With respect to directory server instance(s)  - should I also remove
> them?
>
> If yes -- what command(s) should I use?
>
> Ebbe
>
> "This message and any attached documents contain SPYRUS confidential
> and/or proprietary information and may be subject to privilege or exempt
> from disclosure under applicable law. These materials are intended only
> for the use of the intended recipient. If you are not the intended
> recipient of this electronic message, you are hereby notified that any
> use of this message is strictly prohibited. Delivery of this message to
> any person other than the intended recipient shall not constitute any
> waiver of any privilege. If you have received this message in error,
> please delete this message from your system and notify the sender
> immediately. Thank you."
>
> -----Original Message-----
> From: Jack Magne [mailto:jmagne at redhat.com] 
> Sent: Friday, April 25, 2008 4:20 PM
> To: Ebbe Hansen; pki-users at redhat.com
> Subject: Re: [Pki-users] Invalid Credential / User not found
>
> Ebbe:
>
> Thanks for trying out Dogtag. A few tips to help out below.
>
> During the wizard when you saw the message "This certificate can't be 
> verified and will not be imported. The certificate issuer might be 
> unknown or untrusted, the certificate might have expired or been 
> revoked, or the certificate might not have been approved.", you most 
> probably had your agent certificate imported OK. We have a bug for this 
> that we are working on. This message shows up despite an actual 
> successful import.
>
> The "preop.pin" you speak of is used in the case that one has not yet 
> completed the installation wizard.
>
> Here are few things you can try:
>
> 1. If you have already finished the wizard, you should be able to simply
>
> proceed to the agent interface URL without any pin, provided you have 
> successfully imported the Admin cert. Simply go to 
> "https://host.example.com:9443" and see if you can proceed using the 
> agent interface.
>
> 2. If the nasty error message from above scared you off of actually 
> finishing the configuration wizard, go back and do so. This is done with
>
> the URL that gets printed when the instance is installed. It looks 
> something like:
>
> http://host.example.com:9080/ca/admin/console/config/login?<preop.pin>
>
> 3. If everything is too confused, you can start the process over by 
> using our "pkiremove" tool which removes an existing instance. Try 
> something like, as root:
>
> pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca
>
> The "pki-ca" at the end is the name of the instance you are trying to 
> remove. The very first instance that is installed when you install the 
> RPM is in fact "pki-ca".
>
>  From here you can try again by doing the following as root:
>
> rpm -ev pki-ca
> yum install pki-ca
>
> This will reinstall your RPM for the CA and create a brand new instance.
>
> Note: Make sure you have used "pkiremove" to remove all instances you 
> may have created before trying this.
>
> 4. If the above is too confusing, we can hash it out on the "#dogtag-pi"
>
> IRC channel.
>
> thanks,
> jack
>
>
> Ebbe Hansen wrote:
>   
>> After using the DogTag WEB Agent client once (based upon "preop.pin" 
>> value) the WEB Agent fail to continue to operate with error message= 
>> "Invalid Credential" .
>>
>> The "/var/lib/<instance>/logs/system" file reports an "User not found"
>>     
>
>   
>> error.
>>
>> NOTE: During the CA configuration setup the following Alert is 
>> displayed when the administrator certificate is installed:
>>
>> "This certificate can't be verified and will not be imported. The 
>> certificate issuer might be unknown or untrusted, the certificate 
>> might have expired or been revoked, or the certificate might not have 
>> been approved."
>>
>> Suggestions on what to try next will be appreciated?
>>
>> Ebbe Hansen @ SPYRUS
>>
>> "This message and any attached documents contain SPYRUS confidential 
>> and/or proprietary information and may be subject to privilege or 
>> exempt from disclosure under applicable law. These materials are 
>> intended only for the use of the intended recipient. If you are not 
>> the intended recipient of this electronic message, you are hereby 
>> notified that any use of this message is strictly prohibited. Delivery
>>     
>
>   
>> of this message to any person other than the intended recipient shall 
>> not constitute any waiver of any privilege. If you have received this 
>> message in error, please delete this message from your system and 
>> notify the sender immediately. Thank you."
>>
>>
>>     
> ------------------------------------------------------------------------
>   
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>>   
>>     
>
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3237 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/pki-users/attachments/20080425/a273626d/attachment.bin>

More information about the Pki-users mailing list