[Pki-users] failed Administrator logon

Klaus Heyden kheyden at web.de
Wed Oct 29 21:01:27 UTC 2008


Hello,

i've checked it, the CA is trusted (Firefox Browser). I have also the problem that the Logon with pkiconsole now crashed. The login-window came up after username/password the pkiconsole exits. Tomorrow i will look for the debug-log what happens and also uses the IE for testing.

regards Klaus Heyden

> -----Ursprüngliche Nachricht-----
> Von: "Marc Sauton" <msauton at redhat.com>
> Gesendet: 29.10.08 20:38:09
> An:  Klaus (Allianz ASIC)" <KLAUS.HEYDEN at ALLIANZ.DE>
> CC: pki-users at redhat.com
> Betreff: Re: [Pki-users] failed Administrator logon


> Heyden, Klaus (Allianz ASIC) wrote:
> > Hello,
> >  
> > i have the problem the the CA don't accept the Administrator login. 
> > Either on HTTPS-interface or via pkiconsole. It's a new installation 
> > and the Admin-Certificate exists in the Browser with secret key. The 
> > problem ist that the CA first dor thier job normal. When i now try to 
> > login i got a catalina error like this. i dont reconfigure the CA only 
> > restart. I also configured an HSM (Luna) but dont use key's inside the 
> > HSM.
> You may want to collect the ca debug log when you try to do client auth 
> in your browser against the https agent pages.
> Or review the debug log during the ca instance configuration, near the 
> key generation for the ca instance or when you selected either a 
> software token or hsm, for any errors.
> I suppose the ca instance was restarted after the web based wizard 
> configuration was successfully completed.
> It is always possible to use another client certificate for an agent or 
> admin user of the certificate system.
> You may want to verify the browser has and trust the issuer of the agent 
> cert you try to use.
> > -------------------catalina.out----------------------------------
> > Oct 29, 2008 5:43:55 PM org.apache.catalina.core.ApplicationContext log"
> > INFO: caListRequests: You did not provide a valid certificate for this 
> > operation
> > ----------------------------------------------------------------------
> >  
> > the debug-file shows:
> > ---------------------debug----------------------------------------
> > [29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet:service() 
> > uri = /ca/agent/header
> > [29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet::service() 
> > param name='selected' value='ca'
> > [29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet: caheader 
> > start to service.
> > [29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet.java: 
> > renderTemplate
> > [29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet: curDate=Wed 
> > Oct 29 18:15:07 CET 2008 id=caheader time=0
> > [29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet:service() 
> > uri = /ca/agent/ca/listRequests.html
> > [29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet: 
> > caListRequests start to service.
> > [29/Oct/2008:18:15:07][http-9443-Processor21]: DisplayHtmlServlet 
> > about to service
> > [29/Oct/2008:18:15:07][http-9443-Processor21]: IP: 10.94.112.222
> > [29/Oct/2008:18:15:07][http-9443-Processor21]: AuthMgrName: 
> > certUserDBAuthMgr
> > [29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet: retrieving 
> > SSL certificate
> > [29/Oct/2008:18:15:07][http-9443-Processor21]: 
> > SignedAuditEventFactory: create() 
> > message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=$Unidentified$][AttemptedCred=$Unidentified$] 
> > authentication failure
> > [29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]: getConn: mNumConns 
> > now 2
> > [29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]: 
> > ObjectStreamMapper:mapObjectToLDAPAttributeSet revokedCerts size=84
> > [29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]: 
> > ObjectStreamMapper:mapObjectToLDAPAttributeSet unrevokedCerts size=84
> > [29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]: 
> > ObjectStreamMapper:mapObjectToLDAPAttributeSet expiredCerts size=84
> > [29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]: returnConn: 
> > mNumConns now 3
> > ----------------------------------------------------------------------
> >  
> > certutil -L -d . shows me:
> > ----------------------------------------------------------------------
> > Certificate Nickname                                         Trust 
> > Attributes
> >                                                              
> > SSL,S/MIME,JAR/XPI
> > ocspSigningCert cert-ca4-1                                   u,u,u
> > subsystemCert cert-ca4-1                                     u,u,u
> > caSigningCert cert-ca4-1                                     CTu,Cu,Cu
> > Server-Cert cert-ca4-1                                       u,u,u
> > Allianz Group Root CA II - Allianz Group                     CT,C,C
> > ----------------------------------------------------------------------
> >  
> >  
> > reagards
> > Klaus Heyden
> >  
> >  
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Pki-users mailing list
> > Pki-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-users
> >   
> 
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
> 


_________________________________________________________________________
In 5 Schritten zur eigenen Homepage. Jetzt Domain sichern und gestalten! 
Nur 3,99 EUR/Monat! http://www.maildomain.web.de/?mc=021114





More information about the Pki-users mailing list