[Pki-users] Unable to connect to Secure Admin Port

Didier Moens Didier.Moens at dmbr.vib-UGent.be
Fri Mar 12 16:21:57 UTC 2010 

Dear Erwin,

Your reply is much appreciated ; apologies for not responding sooner, as
I was busy examining some alternative Dogtag paths (without success, see
below).


On 09/03/10 01:06, Erwin Himawan wrote:
> Hi Didier,
>
> I am not familiar with Red Hat.  I assumed Red Hat has some
> similarities with Fedora 11.
>
> If you do not mind, can you provide me with the last 20 lines of your
> /var/log/pki-ca-install.... file? (Assuming you are using default file
> location).
> One other useful log is your directory server installation log.  Do
> you successfully configure your directory server?
>
> Could you also make sure that you do not mix up your dogtag CS versions.
>
> Another pointer, when you run your pkicreate, make sure that your
> fedora directory serve is running.
> (/etc/init.d/dirsrv status)
>
> If the directory server is not running, you want to start it first;
> /etc/init.d/dirsrv start.


Thank you for the advice.


1. Concerning the directory server : at this stage, the DS is not
needed, as the connection to the DS is defined in the Installation
Wizard (which I am unable to start).

2. I would not mind providing you with logfiles, but I am comparing with
a pristine (and successful) installation of Dogtag on a fresh Fedora12
virtual machine, and there are no discernible differences.

3. My next step was to disable the troublesome HTTPS/SSL completely, by
removing the https references from /etc/pki-ca/server.xml.

While this works for Fedora12 (the Installation Wizard can be reached on
http://:9445 instead of https://:9445), I only had partial success with
RHEL5 : all server.xml-defined ports are now initialized (9180, 9443,
9444, 9445, 9701), but trying to access the Installation Wizard on
http://:9445 now yields an error page (HTTP Status 500 : "The server
encountered an unexpected condition which prevented it from fulfilling
the request.").

Needless to say, the requested file
/var/lib/pki-ca/webapps/ca/admin/console/login.vm (from the
dogtag-pki-common-ui-1.3.1-1.el5 rpm) is present on the system.

(All this was tested with both Sun Java and OpenJDK.)


4. The problem as described in [3.] leads me to believe that DogTag is
completely borked on RHEL5/CentOS5. I filed a bugzilla report for the
SSL problem (https://bugzilla.redhat.com/show_bug.cgi?id=568787) and I
will file another one for problem [3.].

However, there are dependency problems in EPEL5 too
(https://bugzilla.redhat.com/show_bug.cgi?id=566342 , comment #16). The
bugzilla entries have been filed 14 days ago, unfortunately without any
reply from the developers.

This, combined with the very low traffic on pki-users (not to mention
pki-devel) makes me wonder what the ambitions for DogTag are.


Maybe I need to crosspost to centos-devel, but I am not too sure whether
they care for packages originating from EPEL ...



Best regards,
Didier

-- 
===================================================================
Didier Moens                                            IT services
Department for Molecular Biomedical Research (DMBR)
VIB - Ghent University
Fiers-Schell-Van Montagu Research Building
Technologiepark 927 , B-9052 Zwijnaarde , Belgium
tel ++32(9)3313605  fax ++32(9)3313609
mailto:Didier.Moens at dmbr.vib-UGent.be      http://www.dmbr.UGent.be
===================================================================
This message represents the official view of the voices in my head.

More information about the Pki-users mailing list