[Pki-users] Failure to clone a CA
Marc Sauton
msauton at redhat.com
Mon Oct 20 18:45:28 UTC 2008
Klaus Heyden wrote:
>
> Hello,
>
> I’ve got a Problem at the Cloning of a CA.
>
> At the Web GUI when I import the CA Certificate file (savepkcs12) the
> WebGui showed me an error like “PKI not active”
>
> In the debug-file there are the following entries:
>
> [20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: process
>
> [20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet:serice()
> uri = /ca/admin/console/config/wizard
>
> [20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service()
> param name='password' value='xxxxxxxx'
>
> [20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service()
> param name='path' value='/tmp/savepkcs12'
>
> [20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service()
> param name='p' value='5'
>
> [20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service()
> param name='op' value='next'
>
> [20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: op=next
>
> [20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: size=19
>
> [20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: in next 5
>
> [20/Oct/2008:18:32:11][http-9443-Processor21]: RestoreKeyCertPanel:
> this is the clone subsystem
>
> [20/Oct/2008:18:32:11][http-9443-Processor21]: RestoreKeyCertPanel
> update: clone does not have all the certificates.
>
> [20/Oct/2008:18:32:11][http-9443-Processor21]: panel no=5
>
> [20/Oct/2008:18:32:11][http-9443-Processor21]: panel name=restorekeys
>
> [20/Oct/2008:18:32:11][http-9443-Processor21]: total number of panels=19
>
> I have bypass it by importing the Certificates with the pk12util at
> the same time. What can be the Problem because of not reading the
> file. The contains all necessary certificate (CA, Subsystem and OCSP).
> This was the export file of the generation of the first instance.
>
>
Is it possible the file /tmp/savepkcs12 copied on the cloned ca system
could not be read by the uid running the clone instance ?
> The next Problem which I can’t avoid, is that the Clone can’t finish
> the LDAP configuration. The Debug-File shows the following:
>
> [20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
> createChangeLog: Changelog entry has already used
>
> [20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
> enableReplication: replicadn:
> cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping tree,cn=config
>
> [20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
> enableReplication: Successfully create
> cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping
> tree,cn=config entry.
>
> [20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
> enableReplication: replicadn:
> cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping tree,cn=config
>
> [20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
> enableReplication: Successfully create
> cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping
> tree,cn=config entry.
>
> [20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
> setupReplication: Finished enabling replication
>
> [20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
> createReplicationAgreement: dn:
> cn=masterAgreement1-linux2.tampam.de-ca-clone2,cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping
> tree,cn=config
>
> [20/Oct/2008:19:23:51][http-9443-Processor19]: About to set
> description attr to masterAgreement1-linux2.tampam.de-ca-clone2
>
> [20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
> createReplicationAgreement: Successfully create replication agreement
> masterAgreement1-linux2.tampam.de-ca-clone2
>
> [20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
> createReplicationAgreement: dn:
> cn=cloneAgreement1-linux2.tampam.de-ca-clone2,cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping
> tree,cn=config
>
> [20/Oct/2008:19:23:51][http-9443-Processor19]: About to set
> description attr to cloneAgreement1-linux2.tampam.de-ca-clone2
>
> [20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
> createReplicationAgreement: Successfully create replication agreement
> cloneAgreement1-linux2.tampam.de-ca-clone2
>
> [20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
> initializeConsumer: initializeConsumer dn:
> cn=masterAgreement1-linux2.tampam.de-ca-clone2,cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping
> tree,cn=config
>
> [20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
> initializeConsumer: initializeConsumer host: linux1.tampam.de port: 389
>
> [20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
> initializeConsumer: start modifying
>
> [20/Oct/2008:19:23:52][http-9443-Processor19]: DatabasePanel
> initializeConsumer: Finish modification.
>
> [20/Oct/2008:19:23:52][http-9443-Processor19]: DatabasePanel
> initializeConsumer: thread sleeping for 5 seconds.
>
> [20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
> initializeConsumer: finish sleeping.
>
> [20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
> initializeConsumer: Successfully initialize consumer
>
> [20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
> comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
>
> [20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
> comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not
> found, let's wait!
>
> [20/Oct/2008:19:24:02][http-9443-Processor19]: DatabasePanel
> comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
>
> [20/Oct/2008:19:24:02][http-9443-Processor19]: DatabasePanel
> comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not
> found, let's wait!
>
> [20/Oct/2008:19:24:07][http-9443-Processor19]: DatabasePanel
> comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
>
> [20/Oct/2008:19:24:07][http-9443-Processor19]: DatabasePanel
> comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not
> found, let's wait!
>
> [20/Oct/2008:19:24:13][http-9443-Processor19]: DatabasePanel
> comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
>
> [20/Oct/2008:19:24:13][http-9443-Processor19]: DatabasePanel
> comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not
> found, let's wait!
>
> [20/Oct/2008:19:24:18][http-9443-Processor19]: DatabasePanel
> comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
>
> [20/Oct/2008:19:24:18][http-9443-Processor19]: DatabasePanel
> comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not
> found, let's wait!
>
> etc… at the last entries it repeats ever 5 seconds and the WebGUI
> “Internal Database” stops there waiting….
>
That seem quite unsual, could you provide more details on the exact
platform used, as well as rpm and directory server used ?
And may be file a bugzilla with the exact steps that were used.
>
> Perhaps some can help me
>
> Regard Klaus Heyden
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
More information about the Pki-users
mailing list