AW: [Pki-users] Failure to clone a CA
Klaus Heyden
kheyden at web.de
Tue Oct 21 17:01:36 UTC 2008
Hello,
-----Ursprüngliche Nachricht-----
>> Ive got a Problem at the Cloning of a CA.
>>
>> At the Web GUI when I import the CA Certificate file (savepkcs12) the
>> WebGui showed me an error like PKI not active
[some log deleted]
>> [20/Oct/2008:18:32:11][http-9443-Processor21]: RestoreKeyCertPanel:
>> this is the clone subsystem
>> [20/Oct/2008:18:32:11][http-9443-Processor21]: RestoreKeyCertPanel
>> update: clone does not have all the certificates.
>> [20/Oct/2008:18:32:11][http-9443-Processor21]: panel no=5
>> [20/Oct/2008:18:32:11][http-9443-Processor21]: panel name=restorekeys
>> [20/Oct/2008:18:32:11][http-9443-Processor21]: total number of panels=19
>> I have bypass it by importing the Certificates with the pk12util at
>> the same time. What can be the Problem because of not reading the
>> file. The contains all necessary certificate (CA, Subsystem and OCSP).
>> This was the export file of the generation of the first instance.
> Is it possible the file /tmp/savepkcs12 copied on the cloned ca system
> could not be read by the uid running the clone instance ?
The file have chmod 666 so it must be readable by nobody, I've checked it
>> The next Problem which I cant avoid, is that the Clone cant finish
>> the LDAP configuration. The Debug-File shows the following:
>>
>>
>> [20/Oct/2008:19:24:18][http-9443-Processor19]: DatabasePanel
>> comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not
>> found, let's wait!
>> etc
at the last entries it repeats ever 5 seconds and the WebGUI
>> Internal Database stops there waiting
.
>>
> That seem quite unsual, could you provide more details on the exact
> platform used, as well as rpm and directory server used ?
> And may be file a bugzilla with the exact steps that were used.
I am using this in a Fedora Core 9 installation and i've also this Problem
in RHEL 5.2 (target platform), with actual updates. The Directory server is
Fedora 1.1.3-2 (Fedora base package), the certificate server is 1.0.0-6
(pki-ca package), pki-common package is 1.0.0-8.
This are the packages:
Certificate Server:
pki-java-tools-1.0.0-1.fc9.noarch
pki-setup-1.0.0-2.fc9.noarch
pki-util-1.0.0-2.fc9.noarch
pki-native-tools-1.0.0-1.fc9.i386
pki-common-ui-1.0.0-2.fc9.noarch
pki-ca-ui-1.0.0-1.fc9.noarch
pki-ca-1.0.0-6.fc9.noarch
pki-common-1.0.0-8.fc9.noarch
Directory Server:
fedora-ds-dsgw-1.1.1-1.fc9.i386
fedora-ds-admin-1.1.6-1.fc9.i386
fedora-ds-admin-console-1.1.2-1.fc9.noarch
fedora-ds-console-1.1.2-2.fc9.noarch
fedora-ds-base-1.1.3-2.fc9.i386
fedora-ds-1.1.2-1.fc9.i386
regards Klaus
More information about the Pki-users
mailing list