[Pki-users] Pki-users Digest, Vol 47, Issue 2
Dan Whitmire
dan.whitmire at sonshineaccess.com
Thu Feb 9 02:39:19 UTC 2012
On 02/08/2012 11:00 AM, pki-users-request at redhat.com wrote:
> Send Pki-users mailing list submissions to
> pki-users at redhat.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://www.redhat.com/mailman/listinfo/pki-users
> or, via email, send a message with subject or body 'help' to
> pki-users-request at redhat.com
>
> You can reach the person managing the list at
> pki-users-owner at redhat.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Pki-users digest..."
>
>
> Today's Topics:
>
> 1. TKS Not Starting Correctly (Dan Whitmire)
> 2. Re: TKS Not Starting Correctly (E Deon Lackey)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 07 Feb 2012 19:51:43 -0600
> From: Dan Whitmire<dan.whitmire at sonshineaccess.com>
> To: pki-users at redhat.com
> Subject: [Pki-users] TKS Not Starting Correctly
> Message-ID:<4F31D52F.1040405 at sonshineaccess.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> I'd really appreciate it is anyone can help with a problem I'm having
> with the TKS Subsystem. I have CA, RA, TKS, and TPS installed.
> However, when starting the pki-tksd service I get the message that is
> started [ok] but when I try to complete the configuration after install,
> I get:
>
> # service pki-tksd status
> pki-tks-SonshineAccess dead but subsys locked [WARNING]
>
>
> Log files:
> # tail /var/log/pki-tks-SonshineAccess/selftests.log
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> Initializing self test plugins:
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading all self test plugin logger parameters
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading all self test plugin instances
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading all self test plugin instance parameters
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading self test plugins in on-demand order
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading self test plugins in startup order
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem: Self
> test plugins have been successfully loaded!
> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] SelfTestSubsystem:
> Running self test plugins specified to be executed at startup:
> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] TKSKnownSessionKey:
> TKS self test called TKSKnownSessionKey FAILED!
> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] SelfTestSubsystem: The
> CRITICAL self test plugin called
> selftests.container.instance.TKSKnownSessionKey running at startup FAILED
>
> # tail /var/log/pki-tks-SonshineAccess/system
> 9458.main - [02/Feb/2012:21:46:46 CST] [13] [3] authz instance
> DirAclAuthz initialization failed and skipped, error=Property
> internaldb.ldapconn.port missing value
> # tail /var/log/pki-tks-SonshineAccess/debug
> [07/Feb/2012:19:23:54][main]: TKSKnownSessionKey self test FAILED
> [07/Feb/2012:19:23:54][main]: SignedAuditEventFactory: create()
> message=[AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure]
> self tests execution (see selftests.log for details)
>
> [07/Feb/2012:19:23:54][main]: CMSEngine.shutdown()
> [07/Feb/2012:19:23:55][main]: LogFile:In log shutdown
> [07/Feb/2012:19:23:55][main]: SignedAuditEventFactory: create()
> message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success]
> audit function shutdown
>
> [07/Feb/2012:19:23:55][main]: LogFile:In log shutdown
> [07/Feb/2012:19:23:55][main]: SignedAuditEventFactory: create()
> message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success]
> audit function shutdown
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 07 Feb 2012 20:22:48 -0600
> From: E Deon Lackey<dlackey at redhat.com>
> To: pki-users at redhat.com
> Subject: Re: [Pki-users] TKS Not Starting Correctly
> Message-ID:<4F31DC78.7060408 at redhat.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Hey, Dan.
>
> It failed at the SessionKey test, so I *think* you need to create a
> shared secret for the TKS and TPS to use.
>
> When you configure the TKS (go through the wizard), then the last step
> is #13, here:
> http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Deploy_and_Install_Guide/setting-up-others.html
>
> That creates a shared secret key. Without it, the TKS fails to start.
>
> Once the TKS is set up, you can set up the TPS, which are steps 17/18 here:
> http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Deploy_and_Install_Guide/setting-up-tps.html
>
> I think. If it doesn't work, then someone with more knowledge can help
> you out. :)
> Deon
>
>
> On 2/7/2012 7:51 PM, Dan Whitmire wrote:
>> I'd really appreciate it is anyone can help with a problem I'm having
>> with the TKS Subsystem. I have CA, RA, TKS, and TPS installed.
>> However, when starting the pki-tksd service I get the message that is
>> started [ok] but when I try to complete the configuration after
>> install, I get:
>>
>> # service pki-tksd status
>> pki-tks-SonshineAccess dead but subsys locked [WARNING]
>>
>>
>> Log files:
>> # tail /var/log/pki-tks-SonshineAccess/selftests.log
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> Initializing self test plugins:
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> loading all self test plugin logger parameters
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> loading all self test plugin instances
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> loading all self test plugin instance parameters
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> loading self test plugins in on-demand order
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> loading self test plugins in startup order
>> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
>> Self test plugins have been successfully loaded!
>> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] SelfTestSubsystem:
>> Running self test plugins specified to be executed at startup:
>> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] TKSKnownSessionKey:
>> TKS self test called TKSKnownSessionKey FAILED!
>> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] SelfTestSubsystem:
>> The CRITICAL self test plugin called
>> selftests.container.instance.TKSKnownSessionKey running at startup FAILED
>>
>> # tail /var/log/pki-tks-SonshineAccess/system
>> 9458.main - [02/Feb/2012:21:46:46 CST] [13] [3] authz instance
>> DirAclAuthz initialization failed and skipped, error=Property
>> internaldb.ldapconn.port missing value
>> # tail /var/log/pki-tks-SonshineAccess/debug
>> [07/Feb/2012:19:23:54][main]: TKSKnownSessionKey self test FAILED
>> [07/Feb/2012:19:23:54][main]: SignedAuditEventFactory: create()
>> message=[AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure]
>> self tests execution (see selftests.log for details)
>>
>> [07/Feb/2012:19:23:54][main]: CMSEngine.shutdown()
>> [07/Feb/2012:19:23:55][main]: LogFile:In log shutdown
>> [07/Feb/2012:19:23:55][main]: SignedAuditEventFactory: create()
>> message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success]
>> audit function shutdown
>>
>> [07/Feb/2012:19:23:55][main]: LogFile:In log shutdown
>> [07/Feb/2012:19:23:55][main]: SignedAuditEventFactory: create()
>> message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success]
>> audit function shutdown
>>
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>
>
> ------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
>
> End of Pki-users Digest, Vol 47, Issue 2
> ****************************************
I entered the command found in the documentation
# tkstool -T -d /var/lib/pki-tks-SonshineAccess/alias -n sharedSecret
Enter Password or Pin for "NSS Certificate DB":
I enter a password and it continues to ask "Enter Password or Pin for
"NSS Certificate DB":" Is there something I'm ding wrong when I setup
my system? Everything looks the same as the document. I don't recall
having this problem when I set this up on Fedora 13. I'm using Fedora 15.
More information about the Pki-users
mailing list