AW: [Pki-users] Failure to clone a CA

Klaus Heyden kheyden at web.de
Tue Oct 21 17:01:36 UTC 2008


Hello,


-----Ursprüngliche Nachricht-----
>> I’ve got a Problem at the Cloning of a CA.
>>
>> At the Web GUI when I import the CA Certificate file (savepkcs12) the 
>> WebGui showed me an error like “PKI not active”

[some log deleted]

>> [20/Oct/2008:18:32:11][http-9443-Processor21]: RestoreKeyCertPanel: 
>> this is the clone subsystem
>> [20/Oct/2008:18:32:11][http-9443-Processor21]: RestoreKeyCertPanel 
>> update: clone does not have all the certificates.
>> [20/Oct/2008:18:32:11][http-9443-Processor21]: panel no=5
>> [20/Oct/2008:18:32:11][http-9443-Processor21]: panel name=restorekeys
>> [20/Oct/2008:18:32:11][http-9443-Processor21]: total number of panels=19
>> I have bypass it by importing the Certificates with the pk12util at 
>> the same time. What can be the Problem because of not reading the 
>> file. The contains all necessary certificate (CA, Subsystem and OCSP). 
>> This was the export file of the generation of the first instance.

> Is it possible the file /tmp/savepkcs12 copied on the cloned ca system 
> could not be read by the uid running the clone instance ?

The file have chmod 666 so it must be readable by nobody, I've checked it

>> The next Problem which I can’t avoid, is that the Clone can’t finish 
>> the LDAP configuration. The Debug-File shows the following:
>>
>>
>> [20/Oct/2008:19:24:18][http-9443-Processor19]: DatabasePanel 
>> comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not 
>> found, let's wait!
>> etc
 at the last entries it repeats ever 5 seconds and the WebGUI 
>> “Internal Database” stops there waiting
.
>>
> That seem quite unsual, could you provide more details on the exact 
> platform used, as well as rpm and directory server used ?
> And may be file a bugzilla with the exact steps that were used.

I am using this in a Fedora Core 9  installation and i've also this Problem
in RHEL 5.2 (target platform), with actual updates. The Directory server is
Fedora 1.1.3-2 (Fedora base package), the certificate server is 1.0.0-6
(pki-ca package), pki-common package is 1.0.0-8.

This are the packages:
Certificate Server:
pki-java-tools-1.0.0-1.fc9.noarch
pki-setup-1.0.0-2.fc9.noarch
pki-util-1.0.0-2.fc9.noarch
pki-native-tools-1.0.0-1.fc9.i386
pki-common-ui-1.0.0-2.fc9.noarch
pki-ca-ui-1.0.0-1.fc9.noarch
pki-ca-1.0.0-6.fc9.noarch
pki-common-1.0.0-8.fc9.noarch
Directory Server:
fedora-ds-dsgw-1.1.1-1.fc9.i386
fedora-ds-admin-1.1.6-1.fc9.i386
fedora-ds-admin-console-1.1.2-1.fc9.noarch
fedora-ds-console-1.1.2-2.fc9.noarch
fedora-ds-base-1.1.3-2.fc9.i386
fedora-ds-1.1.2-1.fc9.i386

regards Klaus





More information about the Pki-users mailing list