[Pki-users] Failure to clone a CA

Klaus Heyden kheyden at web.de
Mon Oct 20 17:29:42 UTC 2008 

Hello,

 

I've got a Problem at the Cloning of a CA.

At the Web GUI when I import the CA Certificate file (savepkcs12) the WebGui
showed me an error like "PKI not active"

In the debug-file there are the following entries:

[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: process

[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet:serice() uri =
/ca/admin/console/config/wizard

[20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service() param
name='password' value='xxxxxxxx'

[20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service() param
name='path' value='/tmp/savepkcs12'

[20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service() param
name='p' value='5'

[20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service() param
name='op' value='next'

[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: op=next

[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: size=19

[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: in next 5

[20/Oct/2008:18:32:11][http-9443-Processor21]: RestoreKeyCertPanel: this is
the clone subsystem

[20/Oct/2008:18:32:11][http-9443-Processor21]: RestoreKeyCertPanel update:
clone does not have all the certificates.

[20/Oct/2008:18:32:11][http-9443-Processor21]: panel no=5

[20/Oct/2008:18:32:11][http-9443-Processor21]: panel name=restorekeys

[20/Oct/2008:18:32:11][http-9443-Processor21]: total number of panels=19

I have bypass it by importing the Certificates with the pk12util at the same
time. What can be the Problem because of not reading the file. The contains
all necessary certificate (CA, Subsystem and OCSP). This was the export file
of the generation of the first instance.

 

The next Problem which I can't avoid, is that the Clone can't finish the
LDAP configuration. The Debug-File shows the following:

[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createChangeLog: Changelog entry has already used

[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
enableReplication: replicadn:
cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping tree,cn=config

[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
enableReplication: Successfully create
cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping tree,cn=config
entry.

[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
enableReplication: replicadn:
cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping tree,cn=config

[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
enableReplication: Successfully create
cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping tree,cn=config
entry.

[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
setupReplication: Finished enabling replication

[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createReplicationAgreement: dn:
cn=masterAgreement1-linux2.tampam.de-ca-clone2,cn=replica,cn="dc=linux1.tamp
am.de-ca-master",cn=mapping tree,cn=config

[20/Oct/2008:19:23:51][http-9443-Processor19]: About to set description attr
to masterAgreement1-linux2.tampam.de-ca-clone2

[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createReplicationAgreement: Successfully create replication agreement
masterAgreement1-linux2.tampam.de-ca-clone2

[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createReplicationAgreement: dn:
cn=cloneAgreement1-linux2.tampam.de-ca-clone2,cn=replica,cn="dc=linux1.tampa
m.de-ca-master",cn=mapping tree,cn=config

[20/Oct/2008:19:23:51][http-9443-Processor19]: About to set description attr
to cloneAgreement1-linux2.tampam.de-ca-clone2

[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createReplicationAgreement: Successfully create replication agreement
cloneAgreement1-linux2.tampam.de-ca-clone2

[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
initializeConsumer: initializeConsumer dn:
cn=masterAgreement1-linux2.tampam.de-ca-clone2,cn=replica,cn="dc=linux1.tamp
am.de-ca-master",cn=mapping tree,cn=config

[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
initializeConsumer: initializeConsumer host: linux1.tampam.de port: 389

[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
initializeConsumer: start modifying

[20/Oct/2008:19:23:52][http-9443-Processor19]: DatabasePanel
initializeConsumer: Finish modification.

[20/Oct/2008:19:23:52][http-9443-Processor19]: DatabasePanel
initializeConsumer: thread sleeping for 5 seconds.

[20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
initializeConsumer: finish sleeping.

[20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
initializeConsumer: Successfully initialize consumer

[20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master

[20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not found,
let's wait!

[20/Oct/2008:19:24:02][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master

[20/Oct/2008:19:24:02][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not found,
let's wait!

[20/Oct/2008:19:24:07][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master

[20/Oct/2008:19:24:07][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not found,
let's wait!

[20/Oct/2008:19:24:13][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master

[20/Oct/2008:19:24:13][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not found,
let's wait!

[20/Oct/2008:19:24:18][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master

[20/Oct/2008:19:24:18][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not found,
let's wait!

 

 

etc. at the last entries it repeats ever 5 seconds  and the WebGUI "Internal
Database" stops there waiting..

Perhaps some can help me

 

Regard Klaus Heyden

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20081020/957188ce/attachment.htm>

More information about the Pki-users mailing list