[Pki-users] Cloning CA
Jindrich Dolezal
jindrich.dolezal at adaptivemobile.com
Tue Feb 18 15:49:53 UTC 2014
so the root cause seems to be this (was bit higher in the debug log than
previous post):
[18/Feb/2014:15:34:58][http-9445-2]: SecurityDomainSessionTable: unable
to create session entry-1411012119543770863:
netscape.ldap.LDAPException: error result (21); host: value #0 invalid
per syntax
i found this ticket https://fedorahosted.org/pki/ticket/457
anyone knows if this was fixed or any workaround?
jd
On 02/18/2014 03:03 PM, Jindrich Dolezal wrote:
> additional info:
> on the master ca machine i found following in the log file:
>
> [18/Feb/2014:14:00:19][http-9444-2]: CMSServlet:service() uri =
> /ca/ee/ca/updateNumberRange
> [18/Feb/2014:14:00:19][http-9444-2]: CMSServlet::service() param
> name='type' value='request'
> [18/Feb/2014:14:00:19][http-9444-2]: CMSServlet::service() param
> name='xmlOutput' value='true'
> [18/Feb/2014:14:00:19][http-9444-2]: CMSServlet::service() param
> name='sessionID' value='-1411012119543770863'
> [18/Feb/2014:14:00:19][http-9444-2]: CMSServlet: caUpdateNumberRange
> start to service.
> [18/Feb/2014:14:00:19][http-9444-2]: UpdateNumberRange: processing...
> [18/Feb/2014:14:00:19][http-9444-2]: UpdateNumberRange process:
> authentication starts
> [18/Feb/2014:14:00:19][http-9444-2]: IP: 10.10.16.73
> [18/Feb/2014:14:00:19][http-9444-2]: AuthMgrName: TokenAuth
> [18/Feb/2014:14:00:19][http-9444-2]: CMSServlet: no client certificate
> found
> [18/Feb/2014:14:00:19][http-9444-2]: TokenAuthentication: start
> [18/Feb/2014:14:00:19][http-9444-2]: TokenAuthentication:
> content=sessionID=-1411012119543770863&hostname=10.10.16.73
> [18/Feb/2014:14:00:19][http-9444-1]: CMSServlet:service() uri =
> /ca/ee/ca/tokenAuthenticate
> [18/Feb/2014:14:00:19][http-9444-1]: CMSServlet::service() param
> name='hostname' value='10.10.16.73'
> [18/Feb/2014:14:00:19][http-9444-1]: CMSServlet::service() param
> name='sessionID' value='-1411012119543770863'
> [18/Feb/2014:14:00:19][http-9444-1]: CMSServlet: caTokenAuthenticate
> start to service.
> [18/Feb/2014:14:00:19][http-9444-1]: TokenAuthentication:
> sessionId=-1411012119543770863
> [18/Feb/2014:14:00:19][http-9444-1]: TokenAuthentication:
> givenHost=10.10.16.73
> [18/Feb/2014:14:00:19][http-9444-1]: TokenAuthentication: checking
> session in the session table
> [18/Feb/2014:14:00:19][http-9444-1]: CMSEngine: getPasswordStore():
> password store initialized before.
> [18/Feb/2014:14:00:19][http-9444-1]: CMSEngine: getPasswordStore():
> password store initialized.
> [18/Feb/2014:14:00:19][http-9444-1]: TokenAuthentication: session not
> found
> [18/Feb/2014:14:00:19][http-9444-1]: TokenAuthentication authenticate
> failed, session id does not exist.
> [18/Feb/2014:14:00:19][http-9444-2]: TokenAuthentication: status=1
> [18/Feb/2014:14:00:19][http-9444-2]: SignedAuditEventFactory: create()
> message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=TokenAuth][AttemptedCred=$Unidentified$]
> authentication failure
>
>
>
>
> On 02/18/2014 02:47 PM, Jindrich Dolezal wrote:
>> hi,
>>
>> im using dogtag 9.0 (pki-ca-9.0.3) on rhel 6.2 and want to make
>> clone. i'm following 'Deploy and Install guide' chapter 10.3. So have
>> master ca, created clone ca and run the configuration wizard. i got
>> to point (point 10) where i am supposed to "Import Keys and
>> Certificates". After filling p12 file and password i ended with:
>>
>> " org.xml.sax.SAXParseException; lineNumber: 2; columnNumber: 15;
>> Open quote is expected for attribute "BGCOLOR" associated with an
>> element type "BODY"."
>>
>> error appearing on the page (see attached picture).
>> Note that when i fill incorrect file or invalid passord, the wizard
>> tells me with appropriate error (like no such file/...) but when
>> everything is correct SAX exception appears. SAX exception also
>> appears when i left the inputs blank and click next => therefore this
>> step is unpassable.
>>
>> has anyone performed cloning with success?
>>
>> thanks,
>>
>> jd
>>
>>
>> </pre>****************************************************************************************<br>This
>> email and any files transmitted with are confidential and intended
>> solely for the<br>use of the individual or entity to whom they are
>> addressed. If you have received this<br>email in error then please
>> delete it and notify the sender. Do not make a copy or forward<br>it
>> to anyone. This footnote also confirms that this email message has
>> been swept for the<br>presence of computer viruses.<br><br>Adaptive
>> Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2,
>> Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson
>> (UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland,
>> Company No. 370343, VAT
>> Reg.No.IE6390343O<br>****************************************************************************************</pre>
>>
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>
> </pre>****************************************************************************************<br>This
> email and any files transmitted with are confidential and intended
> solely for the<br>use of the individual or entity to whom they are
> addressed. If you have received this<br>email in error then please
> delete it and notify the sender. Do not make a copy or forward<br>it
> to anyone. This footnote also confirms that this email message has
> been swept for the<br>presence of computer viruses.<br><br>Adaptive
> Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2,
> Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson
> (UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland,
> Company No. 370343, VAT
> Reg.No.IE6390343O<br>****************************************************************************************</pre>
>
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
</pre>****************************************************************************************<br>This email and any files transmitted with are confidential and intended solely for the<br>use of the individual or entity to whom they are addressed. If you have received this<br>email in error then please delete it and notify the sender. Do not make a copy or forward<br>it to anyone. This footnote also confirms that this email message has been swept for the<br>presence of computer viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2, Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, Company No. 370343, VAT Reg.No.IE6390343O<br>****************************************************************************************</pre>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140218/1ed087b8/attachment.htm>
More information about the Pki-users
mailing list