From chrisb at csr.net Sat Apr 13 19:33:35 2013 From: chrisb at csr.net (Buckingham) Date: Sat, 13 Apr 2013 21:33:35 +0200 Subject: [Pki-users] TPS Service says Error: Authentication Failure Message-ID: <5169B30F.6050106@csr.net> Hello Dogtag Users, There is a little problem getting the TPS Services page to display anything other than ERROR: Authentication Failure for Operator Services, Agent Services and Administrator Services. It may happen with pki-ra but I have not tested to this point, I would like to solve this one error at a time. The first time I set up the TPS I saw that it was failing because of a wrong user, the logs displayed admin to access LDAP instead of the one I wanted. After stopping all of the pki sub-systems I did a pkiremove of the TPS sub-system. Then starting the other sub-systems I did a pkicreate and started the configuration from my browser (Firefox 16.0.1 on OSX). Probably due to fat fingers or something I forget to change the default "admin" to my particular user in one of the panes. However No luck, I still get the Authentication Error in the browser but do not see any complaints about admin authentication in the logs. Oh yes, I restarted the TPS sub-system after configuration, twice. The errors in the TPS logs are: File does not exist: /var/lib/pki-tps/docroot/img ,this happens every time I try to click on any of the 3 items in the list. Searching I see /var/lib/pki-tps/docroot is there but no img directory. and I also have been getting [error] Failed to authenticate request Looking under pki-ra there is a docroot/images. I did find a /usr/share/pki/tps/docroot but it also has no img directory. There is a /usr/share/pki/tps-ui/docroot/tps/admin/console/img and it has stuff in it (gifs and pngs). One thing I noticed is that all the other sub-systems have their img directories under the webapps directory, but not RA and TPS. My setup Fedora: Fedora release 15 (Lovelock) Kernel \r on an \m (\l) Dogtag: pki-ca 9.0.7-1.fc15 pki-kra 9.0.3-1.fc15 pki-ocsp 9.0.2-1.fc15 pki-ra 9.0.2-1.fc15 pki-tks 9.0.2-1.fc15 pki-setup 9.0.7-1.fc15 pki-common 9.0.7-1.fc15 pki=console 9.0.2-1.fc15 pki-native-tools 9.0.7-1.fc15 pki-selinux 9.0.7-1.fc15 389-DS: Admin & Console suite 1.2.1-2.fc15 DS_Base and Base-libs 1.2.8.3-1.fc15 DS-Console 1.2.5-1.fc15 389-dsgw 1.1.6-2.fc15 ESC: 1.1.0-14.fc15 I have looked, but google IS NOT my friend this time. Many thanks in advance. From sbaa at vip.qq.com Sat Apr 27 15:39:06 2013 From: sbaa at vip.qq.com (=?gb18030?B?97z3w8Oo?=) Date: Sat, 27 Apr 2013 23:39:06 +0800 Subject: [Pki-users] "Security Domain HTTPS Admin URL not found " Message-ID: Hi All I'am a new user of dogtag. I try the latest build 10.0.2. I install ca server success,but when I configure a ra subsystem, url : https://localhost.localdomain:12890/ra/admin/console/config/wizard it alwarys show error "Security Domain HTTPS Admin URL not found" and " Create a New Security Domai" cannot be choose. any ideas? thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From alee at redhat.com Sat Apr 27 17:04:36 2013 From: alee at redhat.com (Ade Lee) Date: Sat, 27 Apr 2013 13:04:36 -0400 Subject: [Pki-users] "Security Domain HTTPS Admin URL not found " In-Reply-To: References: Message-ID: <1367082276.10783.1.camel@localhost.localdomain> What value are you putting in for your security domain? Ade On Sat, 2013-04-27 at 23:39 +0800, ??? wrote: > Hi All > I'am a new user of dogtag. > I try the latest build 10.0.2. > I install ca server success,but when I configure a ra subsystem, > > > url : > https://localhost.localdomain:12890/ra/admin/console/config/wizard > > > it alwarys show error "Security Domain HTTPS Admin URL not found" and > " Create a New Security Domai" cannot be choose. > any ideas? > > > thanks > > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users From sbaa at vip.qq.com Sat Apr 27 18:27:52 2013 From: sbaa at vip.qq.com (=?gb18030?B?97z3w8Oo?=) Date: Sun, 28 Apr 2013 02:27:52 +0800 Subject: [Pki-users] =?gb18030?b?u9i4tKO6ICAiU2VjdXJpdHkgRG9tYWluIEhUVFBT?= =?gb18030?q?_Admin_URL_not_found_=22?= Message-ID: Hi alee I tried following urls https://localhost.localdomain:8443 https://localhost.localdomain:8443/ca http://localhost.localdomain:8080 http://localhost.localdomain:8080/ca but all failed. and i found some info in error log (/var/log/pki-ra/error_log ) GET /ca/admin/ca/getStatus HTTP/1.0 port: 8443 addr='localhost.localdomain' family='2' IP='127.0.0.1' exit after PR_Connect with error -5985: GET /ca/admin/ca/getStatus HTTP/1.0 port: 9445 addr='localhost.localdomain' family='2' IP='127.0.0.1' exit after PR_Connect with error -5961: ------------------ ???? ------------------ ???: "Ade Lee"; ????: 2013?4?28?(???) ??1:04 ???: "???"; ??: "Pki-users"; ??: Re: [Pki-users] "Security Domain HTTPS Admin URL not found " What value are you putting in for your security domain? Ade On Sat, 2013-04-27 at 23:39 +0800, ??? wrote: > Hi All > I'am a new user of dogtag. > I try the latest build 10.0.2. > I install ca server success,but when I configure a ra subsystem, > > > url : > https://localhost.localdomain:12890/ra/admin/console/config/wizard > > > it alwarys show error "Security Domain HTTPS Admin URL not found" and > " Create a New Security Domai" cannot be choose. > any ideas? > > > thanks > > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users . -------------- next part -------------- An HTML attachment was scrubbed... URL: From sbaa at vip.qq.com Sat Apr 27 18:35:23 2013 From: sbaa at vip.qq.com (=?gb18030?B?97z3w8Oo?=) Date: Sun, 28 Apr 2013 02:35:23 +0800 Subject: [Pki-users] =?gb18030?b?u9i4tKO6ICAiU2VjdXJpdHkgRG9tYWluIEhUVFBT?= =?gb18030?q?_Admin_URL_not_found_=22?= Message-ID: other debug info [root at localhost ~]# grep WARN /var/log/pki-ra-install.log [2013-04-27 14:10:57] [debug] WARNING: Possible missed substitution "[CA_HOST]" in /usr/share/pki/ra/conf/CS.cfg [2013-04-27 14:10:57] [debug] WARNING: Possible missed substitution "[CA_PORT]" in /usr/share/pki/ra/conf/CS.cfg [2013-04-27 14:10:57] [debug] WARNING: Possible missed substitution "[HSM_LABEL]" in /usr/share/pki/ra/conf/CS.cfg [2013-04-27 14:10:57] [debug] WARNING: Possible missed substitution "[NICKNAME]" in /usr/share/pki/ra/conf/CS.cfg [root at localhost ~]# curl http://localhost.localdomain:8080/ca/admin/ca/getStatus 1CArunning10.0.2-0.8.20130427T0339zgit4ffee7a.fc18[root at localhost ~]# ------------------ ???? ------------------ ???: "???"; ????: 2013?4?28?(???) ??2:27 ???: "alee"; ??: "Pki-users"; ??: ??? [Pki-users] "Security Domain HTTPS Admin URL not found " Hi alee I tried following urls https://localhost.localdomain:8443 https://localhost.localdomain:8443/ca http://localhost.localdomain:8080 http://localhost.localdomain:8080/ca but all failed. and i found some info in error log (/var/log/pki-ra/error_log ) GET /ca/admin/ca/getStatus HTTP/1.0 port: 8443 addr='localhost.localdomain' family='2' IP='127.0.0.1' exit after PR_Connect with error -5985: GET /ca/admin/ca/getStatus HTTP/1.0 port: 9445 addr='localhost.localdomain' family='2' IP='127.0.0.1' exit after PR_Connect with error -5961: ------------------ ???? ------------------ ???: "Ade Lee"; ????: 2013?4?28?(???) ??1:04 ???: "???"; ??: "Pki-users"; ??: Re: [Pki-users] "Security Domain HTTPS Admin URL not found " What value are you putting in for your security domain? Ade On Sat, 2013-04-27 at 23:39 +0800, ??? wrote: > Hi All > I'am a new user of dogtag. > I try the latest build 10.0.2. > I install ca server success,but when I configure a ra subsystem, > > > url : > https://localhost.localdomain:12890/ra/admin/console/config/wizard > > > it alwarys show error "Security Domain HTTPS Admin URL not found" and > " Create a New Security Domai" cannot be choose. > any ideas? > > > thanks > > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users . -------------- next part -------------- An HTML attachment was scrubbed... URL: From alee at redhat.com Sun Apr 28 06:00:30 2013 From: alee at redhat.com (Ade Lee) Date: Sun, 28 Apr 2013 02:00:30 -0400 Subject: [Pki-users] =?utf-8?b?5Zue5aSN77yaICAiU2VjdXJpdHkgRG9tYWluIEhU?= =?utf-8?q?TPS_Admin_URL_not_found_=22?= In-Reply-To: References: Message-ID: <1367128830.16323.7.camel@aleeredhat.laptop> I ran into the same problem: The one you want is https://localhost.domain:8443 I resolved this by setting selinux in permissive mode. I will file a bug against selinux policy on Monday. Ade On Sun, 2013-04-28 at 02:27 +0800, ??? wrote: > Hi alee > > > I tried following urls > > > https://localhost.localdomain:8443 > https://localhost.localdomain:8443/ca > http://localhost.localdomain:8080 > http://localhost.localdomain:8080/ca > > > but all failed. > > > and i found some info in error log (/var/log/pki-ra/error_log ) > GET /ca/admin/ca/getStatus HTTP/1.0 > > > port: 8443 > addr='localhost.localdomain' > family='2' > IP='127.0.0.1' > exit after PR_Connect with error -5985: > GET /ca/admin/ca/getStatus HTTP/1.0 > > > port: 9445 > addr='localhost.localdomain' > family='2' > IP='127.0.0.1' > exit after PR_Connect with error -5961: > > > ------------------ ???? ------------------ > ???: "Ade Lee"; > ????: 2013?4?28?(???) ??1:04 > ???: "???"; > ??: "Pki-users"; > ??: Re: [Pki-users] "Security Domain HTTPS Admin URL not found " > > > What value are you putting in for your security domain? > > Ade > On Sat, 2013-04-27 at 23:39 +0800, ??? wrote: > > Hi All > > I'am a new user of dogtag. > > I try the latest build 10.0.2. > > I install ca server success,but when I configure a ra subsystem, > > > > > > url : > > https://localhost.localdomain:12890/ra/admin/console/config/wizard > > > > > > it alwarys show error "Security Domain HTTPS Admin URL not found" > and > > " Create a New Security Domai" cannot be choose. > > any ideas? > > > > > > thanks > > > > > > _______________________________________________ > > Pki-users mailing list > > Pki-users at redhat.com > > https://www.redhat.com/mailman/listinfo/pki-users > > > . > From sbaa at vip.qq.com Sun Apr 28 07:13:55 2013 From: sbaa at vip.qq.com (=?gb18030?B?97z3w8Oo?=) Date: Sun, 28 Apr 2013 15:13:55 +0800 Subject: [Pki-users] =?gb18030?b?u9i4tKO6ILvYuLSjuiAgIlNlY3VyaXR5RG9tYWlu?= =?gb18030?q?_HTTPS_Admin_URL_not_found_=22?= Message-ID: Hi Alee Thank you, I finished the configuration for RA server by disable SElinux But when I test the SCEP feature, I got such error: In error log: [Sun Apr 28 03:05:56.891164 2013] [:error] [pid 1822:tid 140696560207616] [Sun Apr 28 03:05:56 2013] -e: Could not find pkiclient.xml in /var/lib/pki-ra/docroot/ee/scep/ at /var/lib/pki-ra/docroot/ee/scep/pkiclient.cgi line 81.\n on firefox: Software error: Could not find pkiclient.xml in /var/lib/pki-ra/docroot/ee/scep/ at /var/lib/pki-ra/docroot/ee/scep/pkiclient.cgi line 81. For help, please send mail to the webmaster (you at example.com), giving this error message and the time and date of the error. Thanks sbaa ------------------ ???? ------------------ ???: "alee"; ????: 2013?4?28?(???) ??2:00 ???: "???"; ??: "Pki-users"; ??: Re: ??? [Pki-users] "SecurityDomain HTTPS Admin URL not found " I ran into the same problem: The one you want is https://localhost.domain:8443 I resolved this by setting selinux in permissive mode. I will file a bug against selinux policy on Monday. Ade On Sun, 2013-04-28 at 02:27 +0800, ??? wrote: > Hi alee > > > I tried following urls > > > https://localhost.localdomain:8443 > https://localhost.localdomain:8443/ca > http://localhost.localdomain:8080 > http://localhost.localdomain:8080/ca > > > but all failed. > > > and i found some info in error log (/var/log/pki-ra/error_log ) > GET /ca/admin/ca/getStatus HTTP/1.0 > > > port: 8443 > addr='localhost.localdomain' > family='2' > IP='127.0.0.1' > exit after PR_Connect with error -5985: > GET /ca/admin/ca/getStatus HTTP/1.0 > > > port: 9445 > addr='localhost.localdomain' > family='2' > IP='127.0.0.1' > exit after PR_Connect with error -5961: > > > ------------------ ???? ------------------ > ???: "Ade Lee"; > ????: 2013?4?28?(???) ??1:04 > ???: "???"; > ??: "Pki-users"; > ??: Re: [Pki-users] "Security Domain HTTPS Admin URL not found " > > > What value are you putting in for your security domain? > > Ade > On Sat, 2013-04-27 at 23:39 +0800, ??? wrote: > > Hi All > > I'am a new user of dogtag. > > I try the latest build 10.0.2. > > I install ca server success,but when I configure a ra subsystem, > > > > > > url : > > https://localhost.localdomain:12890/ra/admin/console/config/wizard > > > > > > it alwarys show error "Security Domain HTTPS Admin URL not found" > and > > " Create a New Security Domai" cannot be choose. > > any ideas? > > > > > > thanks > > > > > > _______________________________________________ > > Pki-users mailing list > > Pki-users at redhat.com > > https://www.redhat.com/mailman/listinfo/pki-users > > > . > . -------------- next part -------------- An HTML attachment was scrubbed... URL: From alee at redhat.com Tue Apr 30 05:06:39 2013 From: alee at redhat.com (Ade Lee) Date: Tue, 30 Apr 2013 01:06:39 -0400 Subject: [Pki-users] =?utf-8?b?5Zue5aSN77yaIOWbnuWkje+8miAgIlNlY3VyaXR5?= =?utf-8?q?Domain_HTTPS_Admin_URL_not_found_=22?= In-Reply-To: References: Message-ID: <1367298399.23973.2.camel@aleeredhat.laptop> I don't see anything in the code about pkiclient.xml. Can you detail exactly what you did to test SCEP? Thanks, Ade On Sun, 2013-04-28 at 15:13 +0800, ??? wrote: > Hi Alee > > > Thank you, I finished the configuration for RA server by disable > SElinux > But when I test the SCEP feature, I got such error: > In error log: > [Sun Apr 28 03:05:56.891164 2013] [:error] [pid 1822:tid > 140696560207616] [Sun Apr 28 03:05:56 2013] -e: Could not find > pkiclient.xml in /var/lib/pki-ra/docroot/ee/scep/ > at /var/lib/pki-ra/docroot/ee/scep/pkiclient.cgi line 81.\n > > > on firefox: > Software error: > Could not find pkiclient.xml in /var/lib/pki-ra/docroot/ee/scep/ at /var/lib/pki-ra/docroot/ee/scep/pkiclient.cgi line 81. > > For help, please send mail to the webmaster (you at example.com), giving > this error message and the time and date of the error. > > > > > Thanks > sbaa > ------------------ ???? ------------------ > ???: "alee"; > ????: 2013?4?28?(???) ??2:00 > ???: "???"; > ??: "Pki-users"; > ??: Re: ??? [Pki-users] "SecurityDomain HTTPS Admin URL not found > " > > > I ran into the same problem: > > The one you want is https://localhost.domain:8443 > > I resolved this by setting selinux in permissive mode. I will file a > bug against selinux policy on Monday. > > Ade > > On Sun, 2013-04-28 at 02:27 +0800, ??? wrote: > > Hi alee > > > > > > I tried following urls > > > > > > https://localhost.localdomain:8443 > > https://localhost.localdomain:8443/ca > > http://localhost.localdomain:8080 > > http://localhost.localdomain:8080/ca > > > > > > but all failed. > > > > > > and i found some info in error log (/var/log/pki-ra/error_log ) > > GET /ca/admin/ca/getStatus HTTP/1.0 > > > > > > port: 8443 > > addr='localhost.localdomain' > > family='2' > > IP='127.0.0.1' > > exit after PR_Connect with error -5985: > > GET /ca/admin/ca/getStatus HTTP/1.0 > > > > > > port: 9445 > > addr='localhost.localdomain' > > family='2' > > IP='127.0.0.1' > > exit after PR_Connect with error -5961: > > > > > > ------------------ ???? ------------------ > > ???: "Ade Lee"; > > ????: 2013?4?28?(???) ??1:04 > > ???: "???"; > > ??: "Pki-users"; > > ??: Re: [Pki-users] "Security Domain HTTPS Admin URL not found " > > > > > > What value are you putting in for your security domain? > > > > Ade > > On Sat, 2013-04-27 at 23:39 +0800, ??? wrote: > > > Hi All > > > I'am a new user of dogtag. > > > I try the latest build 10.0.2. > > > I install ca server success,but when I configure a ra subsystem, > > > > > > > > > url : > > > https://localhost.localdomain:12890/ra/admin/console/config/wizard > > > > > > > > > it alwarys show error "Security Domain HTTPS Admin URL not found" > > and > > > " Create a New Security Domai" cannot be choose. > > > any ideas? > > > > > > > > > thanks > > > > > > > > > _______________________________________________ > > > Pki-users mailing list > > > Pki-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/pki-users > > > > > > . > > > > > . > From sbaa at vip.qq.com Tue Apr 30 06:33:51 2013 From: sbaa at vip.qq.com (=?gb18030?B?97z3w8Oo?=) Date: Tue, 30 Apr 2013 14:33:51 +0800 Subject: [Pki-users] =?gb18030?b?u9i4tKO6ILvYuLSjuiC72Li0o7ogICJTZWN1cml0?= =?gb18030?q?yDomain_HTTPSAdmin_URL_not_found_=22?= Message-ID: Hi Alee I used firefox's keymanager plugin to do some simple test. Just connect to RA server and click next and next ,then encontered this error. But I did't go through any source about pkiclient.cgi ,so I 'm not sure where introduce the file pkiclient.xml. another question, If the client request can choose some file which used by server cgi internally, is there any security risk? Best Regards sbaa ------------------ ???? ------------------ ???: "alee"; ????: 2013?4?30?(???) ??1:06 ???: "???"; ??: "Pki-users"; ??: Re: ??? ??? [Pki-users] "SecurityDomain HTTPSAdmin URL not found " I don't see anything in the code about pkiclient.xml. Can you detail exactly what you did to test SCEP? Thanks, Ade On Sun, 2013-04-28 at 15:13 +0800, ??? wrote: > Hi Alee > > > Thank you, I finished the configuration for RA server by disable > SElinux > But when I test the SCEP feature, I got such error: > In error log: > [Sun Apr 28 03:05:56.891164 2013] [:error] [pid 1822:tid > 140696560207616] [Sun Apr 28 03:05:56 2013] -e: Could not find > pkiclient.xml in /var/lib/pki-ra/docroot/ee/scep/ > at /var/lib/pki-ra/docroot/ee/scep/pkiclient.cgi line 81.\n > > > on firefox: > Software error: > Could not find pkiclient.xml in /var/lib/pki-ra/docroot/ee/scep/ at /var/lib/pki-ra/docroot/ee/scep/pkiclient.cgi line 81. > > For help, please send mail to the webmaster (you at example.com), giving > this error message and the time and date of the error. > > > > > Thanks > sbaa > ------------------ ???? ------------------ > ???: "alee"; > ????: 2013?4?28?(???) ??2:00 > ???: "???"; > ??: "Pki-users"; > ??: Re: ??? [Pki-users] "SecurityDomain HTTPS Admin URL not found > " > > > I ran into the same problem: > > The one you want is https://localhost.domain:8443 > > I resolved this by setting selinux in permissive mode. I will file a > bug against selinux policy on Monday. > > Ade > > On Sun, 2013-04-28 at 02:27 +0800, ??? wrote: > > Hi alee > > > > > > I tried following urls > > > > > > https://localhost.localdomain:8443 > > https://localhost.localdomain:8443/ca > > http://localhost.localdomain:8080 > > http://localhost.localdomain:8080/ca > > > > > > but all failed. > > > > > > and i found some info in error log (/var/log/pki-ra/error_log ) > > GET /ca/admin/ca/getStatus HTTP/1.0 > > > > > > port: 8443 > > addr='localhost.localdomain' > > family='2' > > IP='127.0.0.1' > > exit after PR_Connect with error -5985: > > GET /ca/admin/ca/getStatus HTTP/1.0 > > > > > > port: 9445 > > addr='localhost.localdomain' > > family='2' > > IP='127.0.0.1' > > exit after PR_Connect with error -5961: > > > > > > ------------------ ???? ------------------ > > ???: "Ade Lee"; > > ????: 2013?4?28?(???) ??1:04 > > ???: "???"; > > ??: "Pki-users"; > > ??: Re: [Pki-users] "Security Domain HTTPS Admin URL not found " > > > > > > What value are you putting in for your security domain? > > > > Ade > > On Sat, 2013-04-27 at 23:39 +0800, ??? wrote: > > > Hi All > > > I'am a new user of dogtag. > > > I try the latest build 10.0.2. > > > I install ca server success,but when I configure a ra subsystem, > > > > > > > > > url : > > > https://localhost.localdomain:12890/ra/admin/console/config/wizard > > > > > > > > > it alwarys show error "Security Domain HTTPS Admin URL not found" > > and > > > " Create a New Security Domai" cannot be choose. > > > any ideas? > > > > > > > > > thanks > > > > > > > > > _______________________________________________ > > > Pki-users mailing list > > > Pki-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/pki-users > > > > > > . > > > > > . > . -------------- next part -------------- An HTML attachment was scrubbed... URL: