From mharmsen at redhat.com Wed Sep 8 23:42:30 2010 From: mharmsen at redhat.com (Matthew Harmsen) Date: Wed, 08 Sep 2010 16:42:30 -0700 Subject: [Pki-users] NOTICE: Access to legacy Dogtag Subversion Repositories on 'pki.fedoraproject.org' has been disabled Message-ID: <4C881F66.3040500@redhat.com> Everyone, This is to notify everyone that access to the Dogtag "pki" and "tomcatjss" subversion source repositories that were originally hosted on 'pki.fedoraproject.org' has now been disabled. Per previous email notification, the current Dogtag "pki" and "tomcatjss" repositories now exist on 'fedorahosted.org'. The URLs referenced below provide check-out details for these new repositories: * http://pki.fedoraproject.org/wiki/PKI_Subversion_Instructions (pki) * http://pki.fedoraproject.org/wiki/PKI_Pre-Built_Support_Components (tomcatjss) As previously reported, the Dogtag Wiki as well as the PKI and TOMCATJSS source tarballs will remain located at 'pki.fedoraproject.org'. Thanks, -- Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6654 bytes Desc: S/MIME Cryptographic Signature URL: From fdh at x-zone.org Mon Sep 20 21:28:54 2010 From: fdh at x-zone.org (Frederic d'Huart) Date: Mon, 20 Sep 2010 23:28:54 +0200 Subject: [Pki-users] Dogtag - subjectAltName not correctly substituted: $request.requestor_email$ Message-ID: <4C97D216.4060306@x-zone.org> FC12 latest update. pki-ca v1.3.6-1.fc12 and pki-ra v 1.3.1-1.fc12 yum repo fetch from: http://pki.fedoraproject.org/pki/download/pki/pki.repo When trying to generate a user certificate using the RA end user interface, I have notice the subjectAltName was not substituted correctly. My user certs always display: X509v3 Subject Alternative Name: email:$request.requestor_email$ The only reference found was related to RH Cert Manager on the following link: http://www.redhat.com/docs/manuals/cert-system/8.0/rel-notes/html/Release_Notes-Known_Issues-new.html defined as Bug N? 238039 but no workaround proposed. Does somebody knows how to fix this issue ? Thank you. From harshana at techcert.lk Tue Sep 21 04:10:11 2010 From: harshana at techcert.lk (Harshana Porawagama) Date: Tue, 21 Sep 2010 09:40:11 +0530 Subject: [Pki-users] Dogtag - subjectAltName not correctly substituted: $request.requestor_email$ In-Reply-To: <4C97D216.4060306@x-zone.org> References: <4C97D216.4060306@x-zone.org> Message-ID: <4C983023.1070505@techcert.lk> Hi, This happens because of the policy number 8 of the RA-Agent authenticated Agent User Certificate Enrollment profile (caRAagentCert). You can completely remove this policy as a workaround. I did that on our CA. This is also a problem when you use a certificate in MS Office Outlook 2007. There if you receive a signed email from a user it displays "Signed by" as "$request.requestor_email$" where it suppose to be the senders email. Regards, Harshana On 09/21/2010 02:58 AM, Frederic d'Huart wrote: > FC12 latest update. > pki-ca v1.3.6-1.fc12 and pki-ra v 1.3.1-1.fc12 > yum repo fetch from: http://pki.fedoraproject.org/pki/download/pki/pki.repo > > > When trying to generate a user certificate using the RA end user > interface, I have notice the subjectAltName was not substituted correctly. > > My user certs always display: > > X509v3 Subject Alternative Name: > email:$request.requestor_email$ > > > The only reference found was related to RH Cert Manager on the following > link: > > http://www.redhat.com/docs/manuals/cert-system/8.0/rel-notes/html/Release_Notes-Known_Issues-new.html > > defined as Bug N? 238039 but no workaround proposed. > > Does somebody knows how to fix this issue ? > > Thank you. > > > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3976 bytes Desc: S/MIME Cryptographic Signature URL: From James.Kinney at gtri.gatech.edu Tue Sep 28 20:51:19 2010 From: James.Kinney at gtri.gatech.edu (James "Jim" Kinney) Date: Tue, 28 Sep 2010 16:51:19 -0400 Subject: [Pki-users] pki-ra Authentication error Message-ID: <4CA25547.7090501@gtri.gatech.edu> Setting up dogtag on Fedora 12 with versions 1.3.2-1 of dogtag-pki-ra-ui and 1.3.1-1 of pki-ra The 389 system is setup OK and the pkicreate for the ca went smooth. The debug log from the pki-ca shows an invalid hostname during the "Subject Names" section on the ra wizard screen: [28/Sep/2010:16:25:11][http-9444-Processor22]: TokenAuthentication: start [28/Sep/2010:16:25:11][http-9444-Processor22]: TokenAuthentication: content=sessionID=9216515598699103255&hostname=0:0:0:0:0:0:0:1 [28/Sep/2010:16:25:11][http-9444-Processor25]: CMSServlet:service() uri = /ca/ee/ca/tokenAuthenticate [28/Sep/2010:16:25:11][http-9444-Processor25]: CMSServlet::service() param name='hostname' value='0:0:0:0:0:0:0:1' [28/Sep/2010:16:25:11][http-9444-Processor25]: CMSServlet::service() param name='sessionID' value='9216515598699103255' [28/Sep/2010:16:25:11][http-9444-Processor25]: CMSServlet: caTokenAuthenticate start to service. [28/Sep/2010:16:25:11][http-9444-Processor25]: TokenAuthentication: sessionId=9216515598699103255 [28/Sep/2010:16:25:11][http-9444-Processor25]: TokenAuthentication: givenHost=0:0:0:0:0:0:0:1 [28/Sep/2010:16:25:11][http-9444-Processor25]: TokenAuthentication: checking session in the session table [28/Sep/2010:16:25:11][http-9444-Processor25]: CMSEngine: getPasswordStore(): password store initialized before. [28/Sep/2010:16:25:11][http-9444-Processor25]: CMSEngine: getPasswordStore(): password store initialized. [28/Sep/2010:16:25:11][http-9444-Processor25]: TokenAuthentication: found session [28/Sep/2010:16:25:11][http-9444-Processor25]: CMSEngine: getPasswordStore(): password store initialized before. [28/Sep/2010:16:25:11][http-9444-Processor25]: CMSEngine: getPasswordStore(): password store initialized. [28/Sep/2010:16:25:12][http-9444-Processor25]: TokenAuthentication: hostname=***.***.***.*** and givenHost=0:0:0:0:0:0:0:1 is different [28/Sep/2010:16:25:12][http-9444-Processor25]: TokenAuthenticate authenticate failed, wrong hostname. [28/Sep/2010:16:25:12][http-9444-Processor22]: TokenAuthentication: status=1 [28/Sep/2010:16:25:12][http-9444-Processor22]: ProfileSubmitServlet: authentication error Error: Failed Authentication [28/Sep/2010:16:25:12][http-9444-Processor25]: CMSServlet: curDate=Tue Sep 28 16:25:12 EDT 2010 id=caTokenAuthenticate time=1019 TokenAuthentication: hostname is the IP address of the system and not the hostname. All of the fields in the lead up screen use proper data and fqdn hostnames The debug log from pki-ra just after the /usr/bin/sslget line shows : Tue Sep 28 16:25:12 EDT 2010 - content = HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: application/xml Content-Length: 118 Date: Tue, 28 Sep 2010 20:25:12 GMT Connection: close 1Authentication Error Subject: CN=my.host.name,OU=pki-ca,O=STL Dogtag Domain Issuer : CN=Certificate Authority,OU=pki-ca,O=STL Dogtag Domain bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1 Tue Sep 28 16:25:12 EDT 2010 - NamePanel: response content= 1Authentication Error Tue Sep 28 16:25:12 EDT 2010 - NamePanel: Error = Authentication Error Tue Sep 28 16:25:12 EDT 2010 - RA wizard: update returns status '0' Ideas? -- James "Jim" Kinney (404) 407-7967 GTRI From James.Kinney at gtri.gatech.edu Tue Sep 28 21:33:37 2010 From: James.Kinney at gtri.gatech.edu (James "Jim" Kinney) Date: Tue, 28 Sep 2010 17:33:37 -0400 Subject: [Pki-users] pki-ra Authentication error In-Reply-To: <4CA25547.7090501@gtri.gatech.edu> References: <4CA25547.7090501@gtri.gatech.edu> Message-ID: <4CA25F31.7040601@gtri.gatech.edu> additional data from the pki-ra/error log (with some cruft snipped out): [Tue Sep 28 16:23:31 2010] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:pki_ra_t:s0 [Tue Sep 28 16:23:31 2010] [info] Initializing SSL Session Cache of size 10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400. [Tue Sep 28 16:23:31 2010] [info] Init: Initializing (virtual) servers for SSL [Tue Sep 28 16:23:31 2010] [info] Configuring server for SSL protocol [Tue Sep 28 16:23:31 2010] [error] Unknown cipher ecdhe_ecdsa_aes_256_sha [Tue Sep 28 16:23:31 2010] [info] Using nickname Server-Cert cert-pki-ra. [Tue Sep 28 16:23:31 2010] [info] Configuring server for SSL protocol [Tue Sep 28 16:23:31 2010] [error] Unknown cipher ecdhe_ecdsa_aes_256_sha [Tue Sep 28 16:23:31 2010] [info] Using nickname Server-Cert cert-pki-ra. [Tue Sep 28 16:23:31 2010] [info] Server: Apache/2.2.14, Interface: mod_nss/2.2.14, Library: NSS/3.12.6.2 [Tue Sep 28 16:23:31 2010] [info] Shutting down SSL Session ID Cache [Tue Sep 28 16:23:32 2010] [info] Initializing SSL Session Cache of size 10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400. [Tue Sep 28 16:23:32 2010] [info] Server: Apache/2.2.14, Interface: mod_nss/2.2.14, Library: NSS/3.12.6.2 [Tue Sep 28 16:23:32 2010] [warn] pid file /var/lib/pki-ra/run/pki-ra.pid overwritten -- Unclean shutdown of previous Apache run? [Tue Sep 28 16:23:32 2010] [notice] Apache/2.2.15 (Unix) mod_nss/2.2.14 NSS/3.12.6.2 mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations [Tue Sep 28 16:23:32 2010] [info] Server built: Apr 10 2010 15:21:49 [Tue Sep 28 16:23:32 2010] [debug] worker.c(1757): AcceptMutex: sysvsem (default: sysvsem) [Tue Sep 28 16:23:32 2010] [info] Configuring server for SSL protocol [Tue Sep 28 16:23:32 2010] [error] Unknown cipher ecdhe_ecdsa_aes_256_sha [Tue Sep 28 16:23:32 2010] [info] Using nickname Server-Cert cert-pki-ra. [Tue Sep 28 16:23:32 2010] [info] Configuring server for SSL protocol [Tue Sep 28 16:23:32 2010] [error] Unknown cipher ecdhe_ecdsa_aes_256_sha [Tue Sep 28 16:23:32 2010] [info] Using nickname Server-Cert cert-pki-ra. [Tue Sep 28 16:23:50 2010] [info] SSL input filter read failed. [Tue Sep 28 16:23:50 2010] [error] SSL Library Error: -12271 SSL client cannot verify your certificate GET /ca/admin/ca/getStatus HTTP/1.0 port: 9445 addr='my.host.name' family='10' PR_Write wrote 39 bytes from bigBuf bytes: [GET /ca/admin/ca/getStatus HTTP/1.0 ] do_writes shutting down send socket do_writes exiting with (failure = 0) connection 1 read 249 bytes (249 total). these bytes read: connection 1 read 249 bytes total. ----------------------------- GET /ca/admin/ca/getStatus HTTP/1.0 port: 9445 addr='my.host.name' family='10' PR_Write wrote 39 bytes from bigBuf bytes: [GET /ca/admin/ca/getStatus HTTP/1.0 ] do_writes shutting down send socket do_writes exiting with (failure = 0) connection 1 read 249 bytes (249 total). these bytes read: connection 1 read 249 bytes total. ----------------------------- GET /ca/admin/ca/getCertChain HTTP/1.0 port: 9445 addr='my.host.name' family='10' PR_Write wrote 42 bytes from bigBuf bytes: [GET /ca/admin/ca/getCertChain HTTP/1.0 ] do_writes shutting down send socket do_writes exiting with (failure = 0) connection 1 read 1637 bytes (1637 total). these bytes read: connection 1 read 1637 bytes total. ----------------------------- certutil: function failed: security library: bad database. GET /ca/admin/ca/getDomainXML HTTP/1.0 port: 9445 addr='my.host.name' family='10' -- SSL3: Server Certificate Validated. PR_Write wrote 42 bytes from bigBuf bytes: [GET /ca/admin/ca/getDomainXML HTTP/1.0 ] do_writes shutting down send socket do_writes exiting with (failure = 0) connection 1 read 2147 bytes (2147 total). these bytes read: connection 1 read 2147 bytes total. ----------------------------- [Tue Sep 28 16:24:29 2010] -e: Use of uninitialized value $host in string eq at /var/lib/pki-ra/lib/perl/PKI/RA/SubsystemTypePanel.pm line 122. [Tue Sep 28 16:24:33 2010] -e: Use of uninitialized value $host in string eq at /var/lib/pki-ra/lib/perl/PKI/RA/CAInfoPanel.pm line 186. GET /ca/ee/ca/getCertChain HTTP/1.0 port: 9444 addr='my.host.name' family='10' -- SSL3: Server Certificate Validated. PR_Write wrote 39 bytes from bigBuf bytes: [GET /ca/ee/ca/getCertChain HTTP/1.0 ] do_writes shutting down send socket do_writes exiting with (failure = 0) connection 1 read 1637 bytes (1637 total). these bytes read: connection 1 read 1637 bytes total. ----------------------------- certutil: could not find certificate named "Trusted CA c2cert0": security library: bad database. [Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $pwd in string ne at /var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 148. [Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $pwd in string ne at /var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 148. [Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $file in concatenation (.) or string at /var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 214. [Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $name in concatenation (.) or string at /var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 231. [Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $file in concatenation (.) or string at /var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 214. [Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $name in concatenation (.) or string at /var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 231. [Tue Sep 28 16:24:47 2010] -e: Use of uninitialized value $done in concatenation (.) or string at /var/lib/pki-ra/lib/perl/PKI/RA/SizePanel.pm line 172. [Tue Sep 28 16:24:47 2010] -e: Use of uninitialized value $done in string eq at /var/lib/pki-ra/lib/perl/PKI/RA/SizePanel.pm line 173. [Tue Sep 28 16:24:53 2010] -e: Use of uninitialized value $genKeyPair in concatenation (.) or string at /var/lib/pki-ra/lib/perl/PKI/RA/SizePanel.pm line 80. [Tue Sep 28 16:24:53 2010] -e: Use of uninitialized value $done in string eq at /var/lib/pki-ra/lib/perl/PKI/RA/SizePanel.pm line 81. [Tue Sep 28 16:24:54 2010] -e: Use of uninitialized value $host in string eq at /var/lib/pki-ra/lib/perl/PKI/RA/NamePanel.pm line 480. rm: cannot remove `/var/lib/pki-ra/conf/sslserver_cert.txt': No such file or directory 256+0 records in 256+0 records out 256 bytes (256 B) copied, 0.00106719 s, 240 kB/s Generating key. This may take a few moments... POST /ca/ee/ca/profileSubmit HTTP/1.0 Content-Length: 1171 Content-Type: application/x-www-form-urlencoded profileId=caInternalAuthServerCert&cert_request_type=pkcs10&requestor_name=RA-my.host.name-12889&cert_request=bigsnip&xmlOutput=true&sessionID=9216515598699103255&auth_hostname=my.host.name&auth_port=9444port: 9444 addr='sis-jpk-vm22.stl.gtri.gatech.edu' family='10' -- SSL3: Server Certificate Validated. PR_Write wrote 1283 bytes from bigBuf bytes: [POST /ca/ee/ca/profileSubmit HTTP/1.0 Content-Length: 1171 Content-Type: application/x-www-form-urlencoded profileId=caInternalAuthServerCert&cert_request_type=pkcs10&requestor_name=RA-sis-jpk-vm22.stl.gtri.gatech.edu-12889&cert_request=bigsnip&xmlOutput=true&sessionID=9216515598699103255&auth_hostname=my.host.name&auth_port=9444] do_writes shutting down send socket do_writes exiting with (failure = 0) connection 1 read 272 bytes (272 total). these bytes read: connection 1 read 272 bytes total. ----------------------------- [Tue Sep 28 16:25:12 2010] -e: Use of uninitialized value $host in string eq at /var/lib/pki-ra/lib/perl/PKI/RA/NamePanel.pm line 480. -- James "Jim" Kinney (404) 407-7967 GTRI From sean.veale at gdc4s.com Tue Sep 28 21:55:51 2010 From: sean.veale at gdc4s.com (sean.veale at gdc4s.com) Date: Tue, 28 Sep 2010 17:55:51 -0400 Subject: [Pki-users] pki-ra Authentication error In-Reply-To: <4CA25F31.7040601@gtri.gatech.edu> References: <4CA25547.7090501@gtri.gatech.edu> <4CA25F31.7040601@gtri.gatech.edu> Message-ID: <5E904A528F23FA469961CECAC5F4178702B73B04@NDHMC4SXCH.gdc4s.com> I'd turn SELinux off or set it permissive mode and give it another try Sean This message and/or attachments may include information subject to GDC4S O.M. 1.8.6 and GD Corporate Policy 07-105 and are intended to be accessed only by authorized recipients. Use, storage and transmission are governed by General Dynamics and its policies. Contractual restrictions apply to third parties. Recipients should refer to the policies or contract to determine proper handling. Unauthorized review, use, disclosure or distribution is prohibited. If you are not an intended recipient, please contact the sender and destroy all copies of the original message. -----Original Message----- From: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] On Behalf Of James "Jim" Kinney Sent: Tuesday, September 28, 2010 5:34 PM To: pki-users at redhat.com Subject: Re: [Pki-users] pki-ra Authentication error additional data from the pki-ra/error log (with some cruft snipped out): [Tue Sep 28 16:23:31 2010] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:pki_ra_t:s0 [Tue Sep 28 16:23:31 2010] [info] Initializing SSL Session Cache of size 10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400. [Tue Sep 28 16:23:31 2010] [info] Init: Initializing (virtual) servers for SSL [Tue Sep 28 16:23:31 2010] [info] Configuring server for SSL protocol [Tue Sep 28 16:23:31 2010] [error] Unknown cipher ecdhe_ecdsa_aes_256_sha [Tue Sep 28 16:23:31 2010] [info] Using nickname Server-Cert cert-pki-ra. [Tue Sep 28 16:23:31 2010] [info] Configuring server for SSL protocol [Tue Sep 28 16:23:31 2010] [error] Unknown cipher ecdhe_ecdsa_aes_256_sha [Tue Sep 28 16:23:31 2010] [info] Using nickname Server-Cert cert-pki-ra. [Tue Sep 28 16:23:31 2010] [info] Server: Apache/2.2.14, Interface: mod_nss/2.2.14, Library: NSS/3.12.6.2 [Tue Sep 28 16:23:31 2010] [info] Shutting down SSL Session ID Cache [Tue Sep 28 16:23:32 2010] [info] Initializing SSL Session Cache of size 10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400. [Tue Sep 28 16:23:32 2010] [info] Server: Apache/2.2.14, Interface: mod_nss/2.2.14, Library: NSS/3.12.6.2 [Tue Sep 28 16:23:32 2010] [warn] pid file /var/lib/pki-ra/run/pki-ra.pid overwritten -- Unclean shutdown of previous Apache run? [Tue Sep 28 16:23:32 2010] [notice] Apache/2.2.15 (Unix) mod_nss/2.2.14 NSS/3.12.6.2 mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations [Tue Sep 28 16:23:32 2010] [info] Server built: Apr 10 2010 15:21:49 [Tue Sep 28 16:23:32 2010] [debug] worker.c(1757): AcceptMutex: sysvsem (default: sysvsem) [Tue Sep 28 16:23:32 2010] [info] Configuring server for SSL protocol [Tue Sep 28 16:23:32 2010] [error] Unknown cipher ecdhe_ecdsa_aes_256_sha [Tue Sep 28 16:23:32 2010] [info] Using nickname Server-Cert cert-pki-ra. [Tue Sep 28 16:23:32 2010] [info] Configuring server for SSL protocol [Tue Sep 28 16:23:32 2010] [error] Unknown cipher ecdhe_ecdsa_aes_256_sha [Tue Sep 28 16:23:32 2010] [info] Using nickname Server-Cert cert-pki-ra. [Tue Sep 28 16:23:50 2010] [info] SSL input filter read failed. [Tue Sep 28 16:23:50 2010] [error] SSL Library Error: -12271 SSL client cannot verify your certificate GET /ca/admin/ca/getStatus HTTP/1.0 port: 9445 addr='my.host.name' family='10' PR_Write wrote 39 bytes from bigBuf bytes: [GET /ca/admin/ca/getStatus HTTP/1.0 ] do_writes shutting down send socket do_writes exiting with (failure = 0) connection 1 read 249 bytes (249 total). these bytes read: connection 1 read 249 bytes total. ----------------------------- GET /ca/admin/ca/getStatus HTTP/1.0 port: 9445 addr='my.host.name' family='10' PR_Write wrote 39 bytes from bigBuf bytes: [GET /ca/admin/ca/getStatus HTTP/1.0 ] do_writes shutting down send socket do_writes exiting with (failure = 0) connection 1 read 249 bytes (249 total). these bytes read: connection 1 read 249 bytes total. ----------------------------- GET /ca/admin/ca/getCertChain HTTP/1.0 port: 9445 addr='my.host.name' family='10' PR_Write wrote 42 bytes from bigBuf bytes: [GET /ca/admin/ca/getCertChain HTTP/1.0 ] do_writes shutting down send socket do_writes exiting with (failure = 0) connection 1 read 1637 bytes (1637 total). these bytes read: connection 1 read 1637 bytes total. ----------------------------- certutil: function failed: security library: bad database. GET /ca/admin/ca/getDomainXML HTTP/1.0 port: 9445 addr='my.host.name' family='10' -- SSL3: Server Certificate Validated. PR_Write wrote 42 bytes from bigBuf bytes: [GET /ca/admin/ca/getDomainXML HTTP/1.0 ] do_writes shutting down send socket do_writes exiting with (failure = 0) connection 1 read 2147 bytes (2147 total). these bytes read: connection 1 read 2147 bytes total. ----------------------------- [Tue Sep 28 16:24:29 2010] -e: Use of uninitialized value $host in string eq at /var/lib/pki-ra/lib/perl/PKI/RA/SubsystemTypePanel.pm line 122. [Tue Sep 28 16:24:33 2010] -e: Use of uninitialized value $host in string eq at /var/lib/pki-ra/lib/perl/PKI/RA/CAInfoPanel.pm line 186. GET /ca/ee/ca/getCertChain HTTP/1.0 port: 9444 addr='my.host.name' family='10' -- SSL3: Server Certificate Validated. PR_Write wrote 39 bytes from bigBuf bytes: [GET /ca/ee/ca/getCertChain HTTP/1.0 ] do_writes shutting down send socket do_writes exiting with (failure = 0) connection 1 read 1637 bytes (1637 total). these bytes read: connection 1 read 1637 bytes total. ----------------------------- certutil: could not find certificate named "Trusted CA c2cert0": security library: bad database. [Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $pwd in string ne at /var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 148. [Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $pwd in string ne at /var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 148. [Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $file in concatenation (.) or string at /var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 214. [Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $name in concatenation (.) or string at /var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 231. [Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $file in concatenation (.) or string at /var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 214. [Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $name in concatenation (.) or string at /var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 231. [Tue Sep 28 16:24:47 2010] -e: Use of uninitialized value $done in concatenation (.) or string at /var/lib/pki-ra/lib/perl/PKI/RA/SizePanel.pm line 172. [Tue Sep 28 16:24:47 2010] -e: Use of uninitialized value $done in string eq at /var/lib/pki-ra/lib/perl/PKI/RA/SizePanel.pm line 173. [Tue Sep 28 16:24:53 2010] -e: Use of uninitialized value $genKeyPair in concatenation (.) or string at /var/lib/pki-ra/lib/perl/PKI/RA/SizePanel.pm line 80. [Tue Sep 28 16:24:53 2010] -e: Use of uninitialized value $done in string eq at /var/lib/pki-ra/lib/perl/PKI/RA/SizePanel.pm line 81. [Tue Sep 28 16:24:54 2010] -e: Use of uninitialized value $host in string eq at /var/lib/pki-ra/lib/perl/PKI/RA/NamePanel.pm line 480. rm: cannot remove `/var/lib/pki-ra/conf/sslserver_cert.txt': No such file or directory 256+0 records in 256+0 records out 256 bytes (256 B) copied, 0.00106719 s, 240 kB/s Generating key. This may take a few moments... POST /ca/ee/ca/profileSubmit HTTP/1.0 Content-Length: 1171 Content-Type: application/x-www-form-urlencoded profileId=caInternalAuthServerCert&cert_request_type=pkcs10&requestor_na me=RA-my.host.name-12889&cert_request=bigsnip&xmlOutput=true&sessionID=9 216515598699103255&auth_hostname=my.host.name&auth_port=9444port: 9444 addr='sis-jpk-vm22.stl.gtri.gatech.edu' family='10' -- SSL3: Server Certificate Validated. PR_Write wrote 1283 bytes from bigBuf bytes: [POST /ca/ee/ca/profileSubmit HTTP/1.0 Content-Length: 1171 Content-Type: application/x-www-form-urlencoded profileId=caInternalAuthServerCert&cert_request_type=pkcs10&requestor_na me=RA-sis-jpk-vm22.stl.gtri.gatech.edu-12889&cert_request=bigsnip&xmlOut put=true&sessionID=9216515598699103255&auth_hostname=my.host.name&auth_p ort=9444] do_writes shutting down send socket do_writes exiting with (failure = 0) connection 1 read 272 bytes (272 total). these bytes read: connection 1 read 272 bytes total. ----------------------------- [Tue Sep 28 16:25:12 2010] -e: Use of uninitialized value $host in string eq at /var/lib/pki-ra/lib/perl/PKI/RA/NamePanel.pm line 480. -- James "Jim" Kinney (404) 407-7967 GTRI _______________________________________________ Pki-users mailing list Pki-users at redhat.com https://www.redhat.com/mailman/listinfo/pki-users From joshua.roys at gtri.gatech.edu Wed Sep 29 21:38:12 2010 From: joshua.roys at gtri.gatech.edu (Joshua Roys) Date: Wed, 29 Sep 2010 17:38:12 -0400 Subject: [Pki-users] pki-ra Authentication error In-Reply-To: <5E904A528F23FA469961CECAC5F4178702B73B04@NDHMC4SXCH.gdc4s.com> References: <4CA25547.7090501@gtri.gatech.edu> <4CA25F31.7040601@gtri.gatech.edu> <5E904A528F23FA469961CECAC5F4178702B73B04@NDHMC4SXCH.gdc4s.com> Message-ID: <4CA3B1C4.3050203@gtri.gatech.edu> Hello, The issue was discovered to be ipv6. Or one might say the lack of it! TokenAuthentication: hostname=192.168.x.y and givenHost=0:0:0:0:0:0:0:1 is different TokenAuthenticate authenticate failed, wrong hostname. TokenAuthentication: status=1 ProfileSubmitServlet: authentication error Error: Failed Authentication Removing the hostname from the ::1 line in /etc/hosts fixed the issue. Josh -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3086 bytes Desc: S/MIME Cryptographic Signature URL: