[Pki-users] Addendum: 10.0.2 CA Instllation failed on LDAP and CA chain

Ade Lee alee at redhat.com
Mon May 6 14:08:10 UTC 2013


Those values should have been set during installation.

To debug this, I need to see:
rpm -q pki-server
rpm -qa |grep pki
cat etc/redhat-release
getenforce
logs under /var/log/pki/pki-tomcat

I'm a little confused that you got as far as being able to start
installing the TPS with the CA not installed correctly.  To install a
TPS, you must install a TKS first.  Also, you may also install a KRA if
you plan to use server side key generation.

Please note also, there is currently an selinux bug that will require
you to have selinux in permissive mode when installing a TPS or RA.

Ade

On Mon, 2013-05-06 at 14:50 +0200, Buckingham wrote:
> Hello,
> 
> After further investigation into the failing setup/configuration, I 
> found that /etc/pki/pki-tomcat/ca/CS.cfg has no values set for the 
> following:
> authz.instance.DirAclAuthz.ldap.basedn
> authz.instance.DirAclAuthz.ldap.ldapconn.host
> authz.instance.DirAclAuthz.ldap.ldapconn.port
> 
> Also authz.instance.DirAclAuthz.ldap.ldapauth.bindDN does not set 
> the DN that I entered during interactive setup.
> 
> My question is: why do these variables in the CS.cfg fail to get 
> set during both interactinve and non-interactive installations?
> 
> Regards
> 
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users





More information about the Pki-users mailing list