[Pki-users] Help with the dogtag certificate system
Aleksander Adamowski
aleksander.adamowski.dogtag at altkom.pl
Thu May 29 09:27:18 UTC 2008
Nacho wrote:
>
> CMS Warning: FAILURE: Cannot build CA chain. Error
> java.security.cert.CertificateException: Certificate is not a PKCS #11 cer
> tificate|FAILURE: authz instance DirAclAuthz initialization failed and
> skipped, error=Property internaldb.ldapconn.port missi
> ng value|
I think this last line give us a hint. It seems that
internaldb.ldapconn.port is not set - it controls the port for internal
LDAP connection.
What port is your LDAP that holds CMS's internal database listening on?
I have my LDAP server listening on localhost on port 389, so in
/etc/pki-ca/CS.cfg I have:
authz.instance.DirAclAuthz.ldap.ldapconn.port=389
....
internaldb.ldapconn.port=389
Make sure all the .*ldapconn.* settings are correctly set and then
restart pki-ca.
In case of further problems, analyze /var/log/pki-ca/debug first,
because catalina.out only contains servlet container's errors and
servlet container is quite unlikely to malfunction (its role is quite
simple here).
--
Best Regards,
Aleksander Adamowski
GG#: 274614
ICQ UIN: 19780575
http://olo.org.pl
More information about the Pki-users
mailing list