[Pki-users] Invalid Credential / User not found
Matthew Harmsen
mharmsen at redhat.com
Fri Apr 25 23:59:37 UTC 2008
Ebbe,
Actually, I have an update for you on your request. Please see
https://bugzilla.redhat.com/show_bug.cgi?id=440141. If you checkout the
subversion source, we now include a Perl script that will let you remove
DS instances. It's use is documented in the Dogtag Wiki at
http://pki.fedoraproject.org/wiki/PKI_Components_Collectively_via_Subversion.
Once again, thanks for using Dogtag!
-- Matt
Jack Magne wrote:
> Ebbe:
>
> You can leave your current directory instance. When you re-do the
> config wizard, you will just have to give unique names for the new
> directory trees it will have to create. Removing instances is a great
> idea for us to work on.
>
> thanks,
> jack
>
> Ebbe Hansen wrote:
>> Thanks for the advice -- so far I have created three CA instances using
>> different names (pki-ca, pki-ca1, and pki-ca2) -- I will remove all
>> three and start all over!
>>
>> With respect to directory server instance(s) - should I also remove
>> them?
>>
>> If yes -- what command(s) should I use?
>>
>> Ebbe
>>
>> "This message and any attached documents contain SPYRUS confidential
>> and/or proprietary information and may be subject to privilege or exempt
>> from disclosure under applicable law. These materials are intended only
>> for the use of the intended recipient. If you are not the intended
>> recipient of this electronic message, you are hereby notified that any
>> use of this message is strictly prohibited. Delivery of this message to
>> any person other than the intended recipient shall not constitute any
>> waiver of any privilege. If you have received this message in error,
>> please delete this message from your system and notify the sender
>> immediately. Thank you."
>>
>> -----Original Message-----
>> From: Jack Magne [mailto:jmagne at redhat.com] Sent: Friday, April 25,
>> 2008 4:20 PM
>> To: Ebbe Hansen; pki-users at redhat.com
>> Subject: Re: [Pki-users] Invalid Credential / User not found
>>
>> Ebbe:
>>
>> Thanks for trying out Dogtag. A few tips to help out below.
>>
>> During the wizard when you saw the message "This certificate can't be
>> verified and will not be imported. The certificate issuer might be
>> unknown or untrusted, the certificate might have expired or been
>> revoked, or the certificate might not have been approved.", you most
>> probably had your agent certificate imported OK. We have a bug for
>> this that we are working on. This message shows up despite an actual
>> successful import.
>>
>> The "preop.pin" you speak of is used in the case that one has not yet
>> completed the installation wizard.
>>
>> Here are few things you can try:
>>
>> 1. If you have already finished the wizard, you should be able to simply
>>
>> proceed to the agent interface URL without any pin, provided you have
>> successfully imported the Admin cert. Simply go to
>> "https://host.example.com:9443" and see if you can proceed using the
>> agent interface.
>>
>> 2. If the nasty error message from above scared you off of actually
>> finishing the configuration wizard, go back and do so. This is done with
>>
>> the URL that gets printed when the instance is installed. It looks
>> something like:
>>
>> http://host.example.com:9080/ca/admin/console/config/login?<preop.pin>
>>
>> 3. If everything is too confused, you can start the process over by
>> using our "pkiremove" tool which removes an existing instance. Try
>> something like, as root:
>>
>> pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca
>>
>> The "pki-ca" at the end is the name of the instance you are trying to
>> remove. The very first instance that is installed when you install
>> the RPM is in fact "pki-ca".
>>
>> From here you can try again by doing the following as root:
>>
>> rpm -ev pki-ca
>> yum install pki-ca
>>
>> This will reinstall your RPM for the CA and create a brand new instance.
>>
>> Note: Make sure you have used "pkiremove" to remove all instances you
>> may have created before trying this.
>>
>> 4. If the above is too confusing, we can hash it out on the "#dogtag-pi"
>>
>> IRC channel.
>>
>> thanks,
>> jack
>>
>>
>> Ebbe Hansen wrote:
>>
>>> After using the DogTag WEB Agent client once (based upon "preop.pin"
>>> value) the WEB Agent fail to continue to operate with error message=
>>> "Invalid Credential" .
>>>
>>> The "/var/lib/<instance>/logs/system" file reports an "User not found"
>>>
>>
>>
>>> error.
>>>
>>> NOTE: During the CA configuration setup the following Alert is
>>> displayed when the administrator certificate is installed:
>>>
>>> "This certificate can't be verified and will not be imported. The
>>> certificate issuer might be unknown or untrusted, the certificate
>>> might have expired or been revoked, or the certificate might not
>>> have been approved."
>>>
>>> Suggestions on what to try next will be appreciated?
>>>
>>> Ebbe Hansen @ SPYRUS
>>>
>>> "This message and any attached documents contain SPYRUS confidential
>>> and/or proprietary information and may be subject to privilege or
>>> exempt from disclosure under applicable law. These materials are
>>> intended only for the use of the intended recipient. If you are not
>>> the intended recipient of this electronic message, you are hereby
>>> notified that any use of this message is strictly prohibited. Delivery
>>>
>>
>>
>>> of this message to any person other than the intended recipient
>>> shall not constitute any waiver of any privilege. If you have
>>> received this message in error, please delete this message from your
>>> system and notify the sender immediately. Thank you."
>>>
>>>
>>>
>> ------------------------------------------------------------------------
>>
>>> _______________________________________________
>>> Pki-users mailing list
>>> Pki-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-users
>>>
>>
>>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20080425/ddbdd697/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/pki-users/attachments/20080425/ddbdd697/attachment.bin>
More information about the Pki-users
mailing list