From arshad.noor at strongauth.com Thu Mar 20 01:44:07 2008 From: arshad.noor at strongauth.com (Arshad Noor) Date: Wed, 19 Mar 2008 18:44:07 -0700 Subject: [Pki-users] Dogtag 1.0 Message-ID: <47E1C167.3030705@strongauth.com> Congratulations to the Dogtag team for finally open-sourcing the product. Its a welcome addition to the open-source community. Its been a long time coming, but better late than never. :-) Question: In configuring the RA (after successfully setting up the CA on 2.6.24.3-34.fc8 #1 SMP x86_64) there is an error when trying to proceed past the "Subject Names" panel: "CA response: Authorization Error. Please also check previous related panels." Any explanation of what went wrong? There doesn't appear to be any errors in the error_log or debug files, but there is a small ra-debug.log which shows an "Authentication Error". The only authentication credential I recall the wizard prompted for was for the CA administrator ID (which was correct since the cookie got established and I was able to proceed this far). TIA. Arshad Noor StrongAuth, Inc. From cfu at redhat.com Fri Mar 28 14:58:39 2008 From: cfu at redhat.com (Christina Fu) Date: Fri, 28 Mar 2008 07:58:39 -0700 Subject: [Pki-users] Re: [Dogtag 1.0] In-Reply-To: <47EC5EA0.7070201@redhat.com> References: <47EC5EA0.7070201@redhat.com> Message-ID: <47ED079F.2010605@redhat.com> Hi Arshad, Welcome to Dogtag!! The message "CA response: Authorization Error. Please also check previous related panels" is an indication that there is a problem between RA to CA communication. There are two places to trouble shoot. One is in the RA debug log, where, from the bottom of the log, you want to look for string "NamePanel: response content=" and see what the content value is. It should contain a non-zero return value from CA. A zero response means success. The other place is the CA debug log, where you might want to search for key word "profileSubmit" starting from the bottom of the log, and then scroll down slowly to find any error message relating to the authentication error. I believe the cookie has a timeout period, so if you waited too long in the middle of the installation of the RA, you would get an authentication error. Hope this helps. Let me know how it goes. Christina > > > -------- Original Message -------- > Subject: Dogtag 1.0 > Date: Wed, 19 Mar 2008 18:44:07 -0700 > From: Arshad Noor > Organization: StrongAuth, Inc. > To: pki-users at redhat.com, pki-devel at redhat.com > > Congratulations to the Dogtag team for finally open-sourcing > the product. Its a welcome addition to the open-source > community. Its been a long time coming, but better late than > never. :-) > > Question: In configuring the RA (after successfully setting > up the CA on 2.6.24.3-34.fc8 #1 SMP x86_64) there is an error > when trying to proceed past the "Subject Names" panel: > > "CA response: Authorization Error. Please also check previous related > panels." > > Any explanation of what went wrong? There doesn't appear to be > any errors in the error_log or debug files, but there is a small > ra-debug.log which shows an "Authentication Error". > > The only authentication credential I recall the wizard prompted > for was for the CA administrator ID (which was correct since the > cookie got established and I was able to proceed this far). > > TIA. > > Arshad Noor > StrongAuth, Inc. > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3225 bytes Desc: S/MIME Cryptographic Signature URL: From fabijubi at gmail.com Fri Mar 28 15:17:58 2008 From: fabijubi at gmail.com (Fabi Jubi) Date: Fri, 28 Mar 2008 16:17:58 +0100 Subject: [Pki-users] Re: [Pki-devel] [Fwd: Re: [Dogtag 1.0]] In-Reply-To: <47ED0886.60401@redhat.com> References: <47ED0886.60401@redhat.com> Message-ID: <5c0f7d050803280817x7be2ccc8h886d028c0daba1a0@mail.gmail.com> Hi Arshad, I got error like this if the CA and the RA were in separetad firewall zone. The problem was that in the communication: the CA got the firewall address as source address and not the RA's address. The soulution: we had to edit the hosts file like this: IP address of firewall RAhostname After the installation we could correct the hosts file and everythig worked fine. So, maybe check the name resolution. Bye: Peter 2008/3/28, Christina Fu : > > > > > ---------- Tov?b?tott lev?l ---------- > From: Christina Fu > To: pki-users at redhat.com > Date: Fri, 28 Mar 2008 07:58:39 -0700 > Subject: Re: [Dogtag 1.0] > Hi Arshad, > > Welcome to Dogtag!! > The message "CA response: Authorization Error. Please also check > previous related panels" is an indication that there is a problem > between RA to CA communication. > There are two places to trouble shoot. > One is in the RA debug log, where, from the bottom of the log, you want > to look for string "NamePanel: response content=" and see what the > content value is. It should contain a non-zero return value from CA. A > zero response means success. > The other place is the CA debug log, where you might want to search for > key word "profileSubmit" starting from the bottom of the log, and then > scroll down slowly to find any error message relating to the > authentication error. > > I believe the cookie has a timeout period, so if you waited too long in > the middle of the installation of the RA, you would get an > authentication error. > > Hope this helps. Let me know how it goes. > > Christina > > > > > > -------- Original Message -------- > > Subject: Dogtag 1.0 > > Date: Wed, 19 Mar 2008 18:44:07 -0700 > > From: Arshad Noor > > Organization: StrongAuth, Inc. > > To: pki-users at redhat.com, pki-devel at redhat.com > > > > Congratulations to the Dogtag team for finally open-sourcing > > the product. Its a welcome addition to the open-source > > community. Its been a long time coming, but better late than > > never. :-) > > > > Question: In configuring the RA (after successfully setting > > up the CA on 2.6.24.3-34.fc8 #1 SMP x86_64) there is an error > > when trying to proceed past the "Subject Names" panel: > > > > "CA response: Authorization Error. Please also check previous related > > panels." > > > > Any explanation of what went wrong? There doesn't appear to be > > any errors in the error_log or debug files, but there is a small > > ra-debug.log which shows an "Authentication Error". > > > > The only authentication credential I recall the wizard prompted > > for was for the CA administrator ID (which was correct since the > > cookie got established and I was able to proceed this far). > > > > TIA. > > > > Arshad Noor > > StrongAuth, Inc. > > > > > _______________________________________________ > Pki-devel mailing list > Pki-devel at redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From figlesias at gmv.com Mon Mar 31 09:57:28 2008 From: figlesias at gmv.com (Fernando Iglesias Pulido) Date: Mon, 31 Mar 2008 11:57:28 +0200 Subject: [Pki-users] URL could not be retrieved Message-ID: <6521FB3B15FFB14786E4D644EFE3676F480DC6@GMVMAIL2.gmv.es> Hi, I'm trying access at Fedora PKI main page and download the Certificate system source code but always get the same error: url could not be retreived. Anybody could suggest me an URL to download that source code? Regards ______________________ Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener informacion clasificada por su emisor como confidencial en el marco de su Sistema de Gestion de Seguridad de la Informacion siendo para uso exclusivo del destinatario, quedando prohibida su divulgacion copia o distribucion a terceros sin la autorizacion expresa del remitente. Si Vd. ha recibido este mensaje erroneamente, se ruega lo notifique al remitente y proceda a su borrado. Gracias por su colaboracion. ______________________ This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it. ______________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: From cfu at redhat.com Mon Mar 31 14:51:42 2008 From: cfu at redhat.com (Christina Fu) Date: Mon, 31 Mar 2008 07:51:42 -0700 Subject: [Pki-users] URL could not be retrieved In-Reply-To: <6521FB3B15FFB14786E4D644EFE3676F480DC6@GMVMAIL2.gmv.es> References: <6521FB3B15FFB14786E4D644EFE3676F480DC6@GMVMAIL2.gmv.es> Message-ID: <47F0FA7E.6060401@redhat.com> Fernando Iglesias Pulido wrote: > Hi, > > I'm trying access at Fedora PKI main page and download the > Certificate system source code but always get the same error: url > could not be retreived. Anybody could suggest me an URL to download > that source code? > > Regards > > > ------------------------------------------------------------------------ > Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede > contener informaci?n clasificada por su emisor como confidencial en el > marco de su Sistema de Gesti?n de Seguridad de la Informaci?n siendo > para uso exclusivo del destinatario, quedando prohibida su divulgaci?n > copia o distribuci?n a terceros sin la autorizaci?n expresa del > remitente. Si Vd. ha recibido este mensaje err?neamente, se ruega lo > notifique al remitente y proceda a su borrado. Gracias por su > colaboraci?n. > ------------------------------------------------------------------------ > This message including any attachments may contain confidential > information, according to our Information Security Management System, > and intended solely for a specific individual to whom they are > addressed. Any unauthorised copy, disclosure or distribution of this > message is strictly forbidden. If you have received this transmission > in error, please notify the sender immediately and delete it. > > ------------------------------------------------------------------------ > ------------------------------------------------------------------------ > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users > HI, Welcome to Dogtag! Have you tried http://pki.fedoraproject.org/wiki/PKI_Building? We will check our main page to see if any link is broken. thanks you. Christina