[Pki-users] Invalid Credential / User not found

Matthew Harmsen mharmsen at redhat.com
Fri Apr 25 23:59:37 UTC 2008 

Ebbe,

Actually, I have an update for you on your request.  Please see 
https://bugzilla.redhat.com/show_bug.cgi?id=440141.  If you checkout the 
subversion source, we now include a Perl script that will let you remove 
DS instances.  It's use is documented in the Dogtag Wiki at 
http://pki.fedoraproject.org/wiki/PKI_Components_Collectively_via_Subversion.  
Once again, thanks for using Dogtag!

-- Matt


Jack Magne wrote:
> Ebbe:
>
> You can leave your current directory instance. When you re-do the 
> config wizard, you will just have to give unique names for the new 
> directory trees it will have to create. Removing instances is a great 
> idea for us to work on.
>
> thanks,
> jack
>
> Ebbe Hansen wrote:
>> Thanks for the advice -- so far I have created three CA instances using
>> different names (pki-ca, pki-ca1, and pki-ca2) -- I will remove all
>> three and start all over!
>>
>> With respect to directory server instance(s)  - should I also remove
>> them?
>>
>> If yes -- what command(s) should I use?
>>
>> Ebbe
>>
>> "This message and any attached documents contain SPYRUS confidential
>> and/or proprietary information and may be subject to privilege or exempt
>> from disclosure under applicable law. These materials are intended only
>> for the use of the intended recipient. If you are not the intended
>> recipient of this electronic message, you are hereby notified that any
>> use of this message is strictly prohibited. Delivery of this message to
>> any person other than the intended recipient shall not constitute any
>> waiver of any privilege. If you have received this message in error,
>> please delete this message from your system and notify the sender
>> immediately. Thank you."
>>
>> -----Original Message-----
>> From: Jack Magne [mailto:jmagne at redhat.com] Sent: Friday, April 25, 
>> 2008 4:20 PM
>> To: Ebbe Hansen; pki-users at redhat.com
>> Subject: Re: [Pki-users] Invalid Credential / User not found
>>
>> Ebbe:
>>
>> Thanks for trying out Dogtag. A few tips to help out below.
>>
>> During the wizard when you saw the message "This certificate can't be 
>> verified and will not be imported. The certificate issuer might be 
>> unknown or untrusted, the certificate might have expired or been 
>> revoked, or the certificate might not have been approved.", you most 
>> probably had your agent certificate imported OK. We have a bug for 
>> this that we are working on. This message shows up despite an actual 
>> successful import.
>>
>> The "preop.pin" you speak of is used in the case that one has not yet 
>> completed the installation wizard.
>>
>> Here are few things you can try:
>>
>> 1. If you have already finished the wizard, you should be able to simply
>>
>> proceed to the agent interface URL without any pin, provided you have 
>> successfully imported the Admin cert. Simply go to 
>> "https://host.example.com:9443" and see if you can proceed using the 
>> agent interface.
>>
>> 2. If the nasty error message from above scared you off of actually 
>> finishing the configuration wizard, go back and do so. This is done with
>>
>> the URL that gets printed when the instance is installed. It looks 
>> something like:
>>
>> http://host.example.com:9080/ca/admin/console/config/login?<preop.pin>
>>
>> 3. If everything is too confused, you can start the process over by 
>> using our "pkiremove" tool which removes an existing instance. Try 
>> something like, as root:
>>
>> pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca
>>
>> The "pki-ca" at the end is the name of the instance you are trying to 
>> remove. The very first instance that is installed when you install 
>> the RPM is in fact "pki-ca".
>>
>>  From here you can try again by doing the following as root:
>>
>> rpm -ev pki-ca
>> yum install pki-ca
>>
>> This will reinstall your RPM for the CA and create a brand new instance.
>>
>> Note: Make sure you have used "pkiremove" to remove all instances you 
>> may have created before trying this.
>>
>> 4. If the above is too confusing, we can hash it out on the "#dogtag-pi"
>>
>> IRC channel.
>>
>> thanks,
>> jack
>>
>>
>> Ebbe Hansen wrote:
>>  
>>> After using the DogTag WEB Agent client once (based upon "preop.pin" 
>>> value) the WEB Agent fail to continue to operate with error message= 
>>> "Invalid Credential" .
>>>
>>> The "/var/lib/<instance>/logs/system" file reports an "User not found"
>>>     
>>
>>  
>>> error.
>>>
>>> NOTE: During the CA configuration setup the following Alert is 
>>> displayed when the administrator certificate is installed:
>>>
>>> "This certificate can't be verified and will not be imported. The 
>>> certificate issuer might be unknown or untrusted, the certificate 
>>> might have expired or been revoked, or the certificate might not 
>>> have been approved."
>>>
>>> Suggestions on what to try next will be appreciated?
>>>
>>> Ebbe Hansen @ SPYRUS
>>>
>>> "This message and any attached documents contain SPYRUS confidential 
>>> and/or proprietary information and may be subject to privilege or 
>>> exempt from disclosure under applicable law. These materials are 
>>> intended only for the use of the intended recipient. If you are not 
>>> the intended recipient of this electronic message, you are hereby 
>>> notified that any use of this message is strictly prohibited. Delivery
>>>     
>>
>>  
>>> of this message to any person other than the intended recipient 
>>> shall not constitute any waiver of any privilege. If you have 
>>> received this message in error, please delete this message from your 
>>> system and notify the sender immediately. Thank you."
>>>
>>>
>>>     
>> ------------------------------------------------------------------------
>>  
>>> _______________________________________________
>>> Pki-users mailing list
>>> Pki-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-users
>>>       
>>
>>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20080425/ddbdd697/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/pki-users/attachments/20080425/ddbdd697/attachment.bin>

More information about the Pki-users mailing list