[Pki-users] failed Administrator logon

Marc Sauton msauton at redhat.com
Wed Oct 29 22:05:32 UTC 2008 

Also make sure you have the correct expected java runtime for your platform:
http://pki.fedoraproject.org/wiki/PKI_Runtime_Environments
M.

Klaus Heyden wrote:
> Hello,
>
> i've checked it, the CA is trusted (Firefox Browser). I have also the problem that the Logon with pkiconsole now crashed. The login-window came up after username/password the pkiconsole exits. Tomorrow i will look for the debug-log what happens and also uses the IE for testing.
>
> regards Klaus Heyden
>
>   
>> -----Ursprüngliche Nachricht-----
>> Von: "Marc Sauton" <msauton at redhat.com>
>> Gesendet: 29.10.08 20:38:09
>> An:  Klaus (Allianz ASIC)" <KLAUS.HEYDEN at ALLIANZ.DE>
>> CC: pki-users at redhat.com
>> Betreff: Re: [Pki-users] failed Administrator logon
>>     
>
>
>   
>> Heyden, Klaus (Allianz ASIC) wrote:
>>     
>>> Hello,
>>>  
>>> i have the problem the the CA don't accept the Administrator login. 
>>> Either on HTTPS-interface or via pkiconsole. It's a new installation 
>>> and the Admin-Certificate exists in the Browser with secret key. The 
>>> problem ist that the CA first dor thier job normal. When i now try to 
>>> login i got a catalina error like this. i dont reconfigure the CA only 
>>> restart. I also configured an HSM (Luna) but dont use key's inside the 
>>> HSM.
>>>       
>> You may want to collect the ca debug log when you try to do client auth 
>> in your browser against the https agent pages.
>> Or review the debug log during the ca instance configuration, near the 
>> key generation for the ca instance or when you selected either a 
>> software token or hsm, for any errors.
>> I suppose the ca instance was restarted after the web based wizard 
>> configuration was successfully completed.
>> It is always possible to use another client certificate for an agent or 
>> admin user of the certificate system.
>> You may want to verify the browser has and trust the issuer of the agent 
>> cert you try to use.
>>     
>>> -------------------catalina.out----------------------------------
>>> Oct 29, 2008 5:43:55 PM org.apache.catalina.core.ApplicationContext log"
>>> INFO: caListRequests: You did not provide a valid certificate for this 
>>> operation
>>> ----------------------------------------------------------------------
>>>  
>>> the debug-file shows:
>>> ---------------------debug----------------------------------------
>>> [29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet:service() 
>>> uri = /ca/agent/header
>>> [29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet::service() 
>>> param name='selected' value='ca'
>>> [29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet: caheader 
>>> start to service.
>>> [29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet.java: 
>>> renderTemplate
>>> [29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet: curDate=Wed 
>>> Oct 29 18:15:07 CET 2008 id=caheader time=0
>>> [29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet:service() 
>>> uri = /ca/agent/ca/listRequests.html
>>> [29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet: 
>>> caListRequests start to service.
>>> [29/Oct/2008:18:15:07][http-9443-Processor21]: DisplayHtmlServlet 
>>> about to service
>>> [29/Oct/2008:18:15:07][http-9443-Processor21]: IP: 10.94.112.222
>>> [29/Oct/2008:18:15:07][http-9443-Processor21]: AuthMgrName: 
>>> certUserDBAuthMgr
>>> [29/Oct/2008:18:15:07][http-9443-Processor21]: CMSServlet: retrieving 
>>> SSL certificate
>>> [29/Oct/2008:18:15:07][http-9443-Processor21]: 
>>> SignedAuditEventFactory: create() 
>>> message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=$Unidentified$][AttemptedCred=$Unidentified$] 
>>> authentication failure
>>> [29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]: getConn: mNumConns 
>>> now 2
>>> [29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]: 
>>> ObjectStreamMapper:mapObjectToLDAPAttributeSet revokedCerts size=84
>>> [29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]: 
>>> ObjectStreamMapper:mapObjectToLDAPAttributeSet unrevokedCerts size=84
>>> [29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]: 
>>> ObjectStreamMapper:mapObjectToLDAPAttributeSet expiredCerts size=84
>>> [29/Oct/2008:18:15:08][CRLIssuingPoint-MasterCRL]: returnConn: 
>>> mNumConns now 3
>>> ----------------------------------------------------------------------
>>>  
>>> certutil -L -d . shows me:
>>> ----------------------------------------------------------------------
>>> Certificate Nickname                                         Trust 
>>> Attributes
>>>                                                              
>>> SSL,S/MIME,JAR/XPI
>>> ocspSigningCert cert-ca4-1                                   u,u,u
>>> subsystemCert cert-ca4-1                                     u,u,u
>>> caSigningCert cert-ca4-1                                     CTu,Cu,Cu
>>> Server-Cert cert-ca4-1                                       u,u,u
>>> Allianz Group Root CA II - Allianz Group                     CT,C,C
>>> ----------------------------------------------------------------------
>>>  
>>>  
>>> reagards
>>> Klaus Heyden
>>>  
>>>  
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Pki-users mailing list
>>> Pki-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-users
>>>   
>>>       
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>>
>>     
>
>
> _________________________________________________________________________
> In 5 Schritten zur eigenen Homepage. Jetzt Domain sichern und gestalten! 
> Nur 3,99 EUR/Monat! http://www.maildomain.web.de/?mc=021114
>
>

More information about the Pki-users mailing list