[Pki-users] [HELP NEEDED] External CA configuration for Dogtag
kritee jhawar
kriteejhawar at gmail.com
Fri Oct 10 11:14:10 UTC 2014
Hello,
I am an engineer from India and I have been struggling with this for the
past 2 weeks. Request you to help me out.
*USE-CASE: *
Dogtag is the private CA for multiple services in a cluster. Trust is
established by providing the root certificate of dogtag to all the
services. What happens if dogtag crashes? All the services will have to be
given the root certificate of the new dogatg.
How can we avoid this?
Can we bring up multiple instances dogtag with a static certificate every
time?
The only way I could find is by using the* external CA* option.
I am following the 2-step pkispawn process with 2 config files
(deployment-1.cfg and deployment-2.cfg)
In the first step the csr is generated. I take the csr and get a
certificate from the external CA and place it in the required location. The
root certificate of the CA has also been placed in the required location.
Step 2 of pkispawn goes through and the ca_admin cert is generated and
signed.
However, when i make a REST call to list the certificates, I get 2
different errors:
(Please note that I replicated the same steps with same files on 2 setups
and got 2 errors)
curl -k --request GET https://localhost:9443/ca/rest/certs
*ERROR 1*
<?xml version="1.0" encoding="UTF-8"
>
standalone="yes"?><PKIException><ClassName>com.netscape.certsrv.base.PKIException</ClassName><Code>500</Code><Message>Error
listing certs in
CertsResourceService.listCerts!</Message><Attributes/></PKIException>
*ERROR 2*
With the same steps i also get a NullPointerException as well (Attached
logs - null-pointer-error.txt)
When i see the status of my pki-instance after pkispawn step-2, It says
the Instance is loaded and needs to be configured. (attched logs :
post-pkispawn-2.txt)
However it starts using systemctl without any errors
I suspect I am missing some part in the configuration.
Any help/pointers would be very helpful!
Thanks
Kritee
*Attached files : *
deployment-1.txt - config file for pkispawn step 1
deployment-2.txt - config file for pkispawn step 2
pkispawn-1-log.txt - logs for pkisppawn step 1
pkispan-2-log.txt - logs for pkispawn step 2
dogtag-cert.txt - root certificate of dogtag generated by external CA
ca-admin-cert.txt - admin cert signed by dogtag
null-pointer-error.txt - null pointer exception while making a REST call to
list certs
post-pkispawn-2.txt - status of pki-instance after pkispawn step 2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20141010/1ad3862b/attachment.htm>
-------------- next part --------------
[root at dogtag-ext1 fedora]# pkispawn -s CA -f deployment.cfg -v
Loading deployment configuration from deployment.cfg.
Installing CA into /var/lib/pki/pki-tomcat.
pkispawn : INFO BEGIN spawning subsystem 'CA' of instance 'pki-tomcat' . . .
pkispawn : INFO ... initializing 'pki.deployment.initialization'
pkispawn : INFO ....... adding GID 'pkiuser' for group '17' . . .
pkispawn : INFO ....... adding UID 'pkiuser' for user '17' . . .
pkispawn : ERROR ....... Selinux is disabled. Not checking port contexts
pkispawn : INFO ... populating 'pki.deployment.infrastructure_layout'
pkispawn : INFO ....... mkdir -p /etc/sysconfig/pki
pkispawn : INFO ....... mkdir -p /etc/sysconfig/pki/tomcat
pkispawn : INFO ....... mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat
pkispawn : INFO ....... mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca
pkispawn : INFO ....... cp -p /etc/pki/default.cfg /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg
Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
pkispawn : INFO ....... mkdir -p /var/lib/pki
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/ca
pkispawn : INFO ....... ln -s /etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat/ca/registry
pkispawn : INFO ... populating 'pki.deployment.instance_layout'
pkispawn : INFO ....... mkdir -p /var/log/pki/pki-tomcat
pkispawn : INFO ....... mkdir -p /etc/pki/pki-tomcat
pkispawn : INFO ....... cp -rp /usr/share/pki/server/conf /etc/pki/pki-tomcat
pkispawn : INFO ....... setting ownerships, permissions, and acls on '/etc/pki/pki-tomcat'
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/common
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/common/lib
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/lib
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-i18n-ja.jar /var/lib/pki/pki-tomcat/lib/tomcat-i18n-ja.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-api.jar /var/lib/pki/pki-tomcat/lib/tomcat-api.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/catalina-ant.jar /var/lib/pki/pki-tomcat/lib/catalina-ant.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/commons-collections.jar /var/lib/pki/pki-tomcat/lib/commons-collections.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/catalina-tribes.jar /var/lib/pki/pki-tomcat/lib/catalina-tribes.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/annotations-api.jar /var/lib/pki/pki-tomcat/lib/annotations-api.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-el-2.2-api.jar /var/lib/pki/pki-tomcat/lib/tomcat-el-2.2-api.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/jasper.jar /var/lib/pki/pki-tomcat/lib/jasper.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-i18n-es.jar /var/lib/pki/pki-tomcat/lib/tomcat-i18n-es.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/commons-pool.jar /var/lib/pki/pki-tomcat/lib/commons-pool.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-servlet-3.0-api.jar /var/lib/pki/pki-tomcat/lib/tomcat-servlet-3.0-api.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-juli.jar /var/lib/pki/pki-tomcat/lib/tomcat-juli.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-jdbc.jar /var/lib/pki/pki-tomcat/lib/tomcat-jdbc.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-coyote.jar /var/lib/pki/pki-tomcat/lib/tomcat-coyote.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-jsp-2.2-api.jar /var/lib/pki/pki-tomcat/lib/tomcat-jsp-2.2-api.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/commons-dbcp.jar /var/lib/pki/pki-tomcat/lib/commons-dbcp.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-i18n-fr.jar /var/lib/pki/pki-tomcat/lib/tomcat-i18n-fr.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/log4j.jar /var/lib/pki/pki-tomcat/lib/log4j.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/jasper-el.jar /var/lib/pki/pki-tomcat/lib/jasper-el.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-util.jar /var/lib/pki/pki-tomcat/lib/tomcat-util.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/catalina-ha.jar /var/lib/pki/pki-tomcat/lib/catalina-ha.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/catalina.jar /var/lib/pki/pki-tomcat/lib/catalina.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/jasper-jdt.jar /var/lib/pki/pki-tomcat/lib/jasper-jdt.jar
pkispawn : INFO ....... ln -s /etc/pki/pki-tomcat/log4j.properties /var/lib/pki/pki-tomcat/lib/log4j.properties
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/temp
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work/Catalina
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/_
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca
pkispawn : INFO ....... ln -s /usr/share/tomcat/bin /var/lib/pki/pki-tomcat/bin
pkispawn : INFO ....... ln -s /usr/sbin/tomcat-sysd /var/lib/pki/pki-tomcat/pki-tomcat
pkispawn : INFO ....... ln -s /usr/share/java/apache-commons-collections.jar /var/lib/pki/pki-tomcat/common/lib/apache-commons-collections.jar
pkispawn : INFO ....... ln -s /usr/share/java/apache-commons-io.jar /var/lib/pki/pki-tomcat/common/lib/apache-commons-io.jar
pkispawn : INFO ....... ln -s /usr/share/java/apache-commons-lang.jar /var/lib/pki/pki-tomcat/common/lib/apache-commons-lang.jar
pkispawn : INFO ....... ln -s /usr/share/java/apache-commons-logging.jar /var/lib/pki/pki-tomcat/common/lib/apache-commons-logging.jar
pkispawn : INFO ....... ln -s /usr/share/java/commons-codec.jar /var/lib/pki/pki-tomcat/common/lib/apache-commons-codec.jar
pkispawn : INFO ....... ln -s /usr/share/java/httpcomponents/httpclient.jar /var/lib/pki/pki-tomcat/common/lib/httpclient.jar
pkispawn : INFO ....... ln -s /usr/share/java/httpcomponents/httpcore.jar /var/lib/pki/pki-tomcat/common/lib/httpcore.jar
pkispawn : INFO ....... ln -s /usr/share/java/javassist.jar /var/lib/pki/pki-tomcat/common/lib/javassist.jar
pkispawn : INFO ....... ln -s /usr/share/java/resteasy/jaxrs-api.jar /var/lib/pki/pki-tomcat/common/lib/jaxrs-api.jar
pkispawn : INFO ....... ln -s /usr/share/java/jettison.jar /var/lib/pki/pki-tomcat/common/lib/jettison.jar
pkispawn : INFO ....... ln -s /usr/lib/java/jss4.jar /var/lib/pki/pki-tomcat/common/lib/jss4.jar
pkispawn : INFO ....... ln -s /usr/share/java/ldapjdk.jar /var/lib/pki/pki-tomcat/common/lib/ldapjdk.jar
pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-tomcat.jar /var/lib/pki/pki-tomcat/common/lib/pki-tomcat.jar
pkispawn : INFO ....... ln -s /usr/share/java/resteasy/resteasy-atom-provider.jar /var/lib/pki/pki-tomcat/common/lib/resteasy-atom-provider.jar
pkispawn : INFO ....... ln -s /usr/share/java/resteasy/resteasy-jaxb-provider.jar /var/lib/pki/pki-tomcat/common/lib/resteasy-jaxb-provider.jar
pkispawn : INFO ....... ln -s /usr/share/java/resteasy/resteasy-jaxrs.jar /var/lib/pki/pki-tomcat/common/lib/resteasy-jaxrs.jar
pkispawn : INFO ....... ln -s /usr/share/java/resteasy/resteasy-jettison-provider.jar /var/lib/pki/pki-tomcat/common/lib/resteasy-jettison-provider.jar
pkispawn : INFO ....... ln -s /usr/share/java/scannotation.jar /var/lib/pki/pki-tomcat/common/lib/scannotation.jar
pkispawn : INFO ....... ln -s /usr/share/java/tomcatjss.jar /var/lib/pki/pki-tomcat/common/lib/tomcatjss.jar
pkispawn : INFO ....... ln -s /usr/share/java/velocity.jar /var/lib/pki/pki-tomcat/common/lib/velocity.jar
pkispawn : INFO ....... ln -s /usr/share/java/xerces-j2.jar /var/lib/pki/pki-tomcat/common/lib/xerces-j2.jar
pkispawn : INFO ....... ln -s /usr/share/java/xml-commons-apis.jar /var/lib/pki/pki-tomcat/common/lib/xml-commons-apis.jar
pkispawn : INFO ....... ln -s /usr/share/java/xml-commons-resolver.jar /var/lib/pki/pki-tomcat/common/lib/xml-commons-resolver.jar
pkispawn : INFO ....... mkdir -p /etc/pki/pki-tomcat/alias
pkispawn : INFO ....... ln -s /etc/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/alias
pkispawn : INFO ....... ln -s /etc/pki/pki-tomcat /var/lib/pki/pki-tomcat/conf
pkispawn : INFO ....... ln -s /var/log/pki/pki-tomcat /var/lib/pki/pki-tomcat/logs
pkispawn : INFO ... populating 'pki.deployment.subsystem_layout'
pkispawn : INFO ....... mkdir -p /var/log/pki/pki-tomcat/ca
pkispawn : INFO ....... mkdir -p /var/log/pki/pki-tomcat/ca/archive
pkispawn : INFO ....... mkdir -p /var/log/pki/pki-tomcat/ca/signedAudit
pkispawn : INFO ....... mkdir -p /etc/pki/pki-tomcat/ca
pkispawn : INFO ....... cp -rp /usr/share/pki/ca/emails /var/lib/pki/pki-tomcat/ca/emails
pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/ca/emails'
pkispawn : INFO ....... cp -rp /usr/share/pki/ca/profiles /var/lib/pki/pki-tomcat/ca/profiles
pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/ca/profiles'
pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/flatfile.txt /etc/pki/pki-tomcat/ca/flatfile.txt
pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/registry.cfg /etc/pki/pki-tomcat/ca/registry.cfg
pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/adminCert.profile /etc/pki/pki-tomcat/ca/adminCert.profile
pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/caAuditSigningCert.profile /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile
pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/caCert.profile /etc/pki/pki-tomcat/ca/caCert.profile
pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/caOCSPCert.profile /etc/pki/pki-tomcat/ca/caOCSPCert.profile
pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/serverCert.profile /etc/pki/pki-tomcat/ca/serverCert.profile
pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/subsystemCert.profile /etc/pki/pki-tomcat/ca/subsystemCert.profile
pkispawn : INFO ....... ln -s /var/lib/pki/pki-tomcat/webapps /var/lib/pki/pki-tomcat/ca/webapps
pkispawn : INFO ....... ln -s /var/lib/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/ca/alias
pkispawn : INFO ....... ln -s /etc/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/conf
pkispawn : INFO ....... ln -s /var/log/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/logs
pkispawn : INFO ... selinux disabled. skipping labelling 'pki.deployment.selinux_setup'
pkispawn : INFO ... deploying 'pki.deployment.webapp_deployment'
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/ROOT
pkispawn : INFO ....... cp -rp /usr/share/pki/server/webapps/ROOT /var/lib/pki/pki-tomcat/webapps/ROOT
pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/ROOT'
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/pki
pkispawn : INFO ....... cp -rp /usr/share/pki/server/webapps/pki/js /var/lib/pki/pki-tomcat/webapps/pki/js
pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/pki/js'
pkispawn : INFO ....... cp -rp /usr/share/pki/server/webapps/pki/META-INF /var/lib/pki/pki-tomcat/webapps/pki/META-INF
pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/pki/META-INF'
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/ca
pkispawn : INFO ....... cp -rp /usr/share/pki/server/webapps/pki/admin /var/lib/pki/pki-tomcat/webapps/ca/admin
pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/ca/admin'
pkispawn : INFO ....... cp -rp /usr/share/pki/ca/webapps/ca /var/lib/pki/pki-tomcat/webapps/ca
pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/ca'
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/classes
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib
pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-certsrv.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-certsrv.jar
pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-cmsbundle.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-cmsbundle.jar
pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-cmscore.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-cmscore.jar
pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-cms.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-cms.jar
pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-cmsutil.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-cmsutil.jar
pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-nsutil.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-nsutil.jar
pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-ca.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-ca.jar
pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/ca'
pkispawn : INFO ... assigning slots for 'pki.deployment.slot_substitution'
pkispawn : INFO ....... copying '/usr/share/pki/ca/conf/CS.cfg' --> '/etc/pki/pki-tomcat/ca/CS.cfg' with slot substitution
pkispawn : INFO ....... copying '/usr/share/pki/setup/pkidaemon_registry' --> '/etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat' with slot substitution
pkispawn : INFO ....... copying '/usr/share/pki/server/conf/catalina.properties' --> '/etc/pki/pki-tomcat/catalina.properties' with slot substitution
pkispawn : INFO ....... copying '/usr/share/pki/server/conf/serverCertNick.conf' --> '/etc/pki/pki-tomcat/serverCertNick.conf' with slot substitution
pkispawn : INFO ....... copying '/usr/share/pki/server/conf/server.xml' --> '/etc/pki/pki-tomcat/server.xml' with slot substitution
pkispawn : INFO ....... copying '/usr/share/pki/server/conf/context.xml' --> '/etc/pki/pki-tomcat/context.xml' with slot substitution
pkispawn : INFO ....... copying '/usr/share/pki/server/conf/tomcat.conf' --> '/etc/sysconfig/pki-tomcat' with slot substitution
pkispawn : INFO ....... copying '/usr/share/pki/server/conf/tomcat.conf' --> '/etc/pki/pki-tomcat/tomcat.conf' with slot substitution
pkispawn : INFO ....... applying in-place slot substitutions on '/var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/velocity.properties'
pkispawn : INFO ....... applying in-place slot substitutions on '/var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/web.xml'
pkispawn : INFO ....... copying '/usr/share/pki/ca/conf/proxy.conf' --> '/etc/pki/pki-tomcat/ca/proxy.conf' with slot substitution
pkispawn : INFO ....... applying in-place slot substitutions on '/var/lib/pki/pki-tomcat/webapps/ca/ee/ca/ProfileSelect.template'
pkispawn : INFO ... generating 'pki.deployment.security_databases'
pkispawn : INFO ....... generating '/etc/pki/pki-tomcat/password.conf'
pkispawn : INFO ....... generating '/etc/pki/pki-tomcat/pfile'
pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/password.conf'
pkispawn : INFO ....... executing 'certutil -N -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile'
pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/alias/cert8.db'
pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/alias/key3.db'
pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/alias/secmod.db'
pkispawn : INFO ....... generating noise file called '/etc/pki/pki-tomcat/ca/noise' and filling it with '1024' random bytes
pkispawn : INFO ....... executing 'certutil -S -d /etc/pki/pki-tomcat/alias -h 'internal' -n 'Server-Cert cert-pki-tomcat' -s 'cn=dogtag-ext1.novalocal,o=2014-10-10 09:20:58' -m 0 -v 12 -c 'cn=dogtag-ext1.novalocal,o=2014-10-10 09:20:58' -t 'CTu,CTu,CTu' -z /etc/pki/pki-tomcat/ca/noise -f /etc/pki/pki-tomcat/pfile -x > /dev/null 2>&1'
pkispawn : INFO ....... rm -f /etc/pki/pki-tomcat/ca/noise
pkispawn : INFO ....... rm -f /etc/pki/pki-tomcat/pfile
pkispawn : INFO ... configuring 'pki.deployment.configuration'
pkispawn : INFO ....... mkdir -p /root/.dogtag/pki-tomcat/ca
pkispawn : INFO ....... generating '/root/.dogtag/pki-tomcat/ca/password.conf'
pkispawn : INFO ....... modifying '/root/.dogtag/pki-tomcat/ca/password.conf'
pkispawn : INFO ....... generating '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf'
pkispawn : INFO ....... modifying '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf'
pkispawn : INFO ....... mkdir -p /root/.dogtag/pki-tomcat/ca/alias
pkispawn : INFO ....... executing 'certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf'
pkispawn : INFO ....... ln -s /lib/systemd/system/pki-tomcatd at .service /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd at pki-tomcat.service
pkispawn : INFO ....... executing 'systemctl daemon-reload'
pkispawn : INFO ....... executing 'systemctl start pki-tomcatd at pki-tomcat.service'
pkispawn : INFO ....... constructing PKI configuration data.
pkispawn : INFO ....... generating noise file called '/root/.dogtag/pki-tomcat/ca/alias/noise' and filling it with '2048' random bytes
pkispawn : INFO ....... executing '['certutil', '-R', '-d', '/root/.dogtag/pki-tomcat/ca/alias', '-s', 'cn=PKI Administrator,o=cisco.com', '-g', '2048', '-z', '/root/.dogtag/pki-tomcat/ca/alias/noise', '-f', '/root/.dogtag/pki-tomcat/ca/password.conf', '-o', '/root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin']'
pkispawn : INFO ....... ['BtoA', '/root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin', '/root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin.asc']
pkispawn : INFO ....... configuring PKI configuration data.
pkispawn : INFO ....... request: -----BEGIN CERTIFICATE REQUEST-----
MIICmDCCAYACAQAwUzEPMA0GA1UEBxMGS3JpdGVlMQ0wCwYDVQQLEwRDSUJVMRYwFAYDVQQKEw1D
aXNjbyBTeXN0ZW1zMRkwFwYDVQQDExBkb2d0YWcuY2lzY28uY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAmLgfNwidSyR47kwVAOGor/kHOiTJS5qc4fsCJM6gQDnsC7lXbC6XcdYK
tQHs9Y7/HbzQDiMZNGS/hHRRGh68qZdr/pCxSbONobMczM7thjUQ5crUgJCI1tG2XaMKBRQMtqNA
fJY/SBaVEBpRzp+0DJ51D+qGjyJaq2Pzzj+pCJLMQPv/rQ9BSFLr8Js+QErn7j5JQwZ7k4wkZCoK
wcAVgwDzQ3xCtKew+M5Xgj9OzmkQgZk1SViPBLXl58gy+ukuBHBHSXWAY+b34N9IQnW1rozz073e
fD8ZSgHQYWsjRxCdniOvgd37gviyDlMIaOh7+HapYj1k+VCzmKimU4ZrJQIDAQABoAAwDQYJKoZI
hvcNAQELBQADggEBAFI5HrchG9WxTzgtCf6v21V8PFsWHEPVBr1gM+ihgiSXSp7sSmvjBvEUN+Ik
mHbo4ssq+KpHWeQZmKc1tlmiF5IBoP6yiAvkHelphdqRM+DkrkMYnR8cabx4amFOEfmPBE38hLHA
+eaFiVxHSorbkoZsBnSrYDz1/+5xD+4/VJrMvQiP9eRp1hG0sXjH5sLoV70LoHhO94yga0w26Gpj
xkzxSrxFVFH7walY0J09rqvtGOfJ7y4Pg4hy24L0WLDux063uUjNVmRs8zmYHB5AgX2Ke1YI2XYP
AHPTL9m3+wdVUuPCYVrf6njZS7CFygcG5c4W6prdu5ZcJ7cqYdSgiho=
-----END CERTIFICATE REQUEST-----
pkispawn : INFO ....... saving CA Signing CSR to file: '/home/fedora/ca_signing.csr'
pkispawn : INFO ... finalizing 'pki.deployment.finalization'
pkispawn : INFO ....... cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20141010092058
pkispawn : INFO ....... generating manifest file called '/etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest'
pkispawn : INFO ....... cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20141010092058
pkispawn : INFO ....... executing 'systemctl daemon-reload'
pkispawn : INFO ....... executing 'systemctl restart pki-tomcatd at pki-tomcat.service'
pkispawn : INFO ....... rm -rf /root/.dogtag/pki-tomcat/ca
pkispawn : INFO END spawning subsystem 'CA' of instance 'pki-tomcat'
==========================================================================
-----BEGIN CERTIFICATE REQUEST-----
[root at dogtag-ext1 fedora]# pkispawn -s CA -f dep.cfg -v
Loading deployment configuration from dep.cfg.
Installing CA into /var/lib/pki/pki-tomcat.
pkispawn : INFO BEGIN spawning subsystem 'CA' of instance 'pki-tomcat' . . .
pkispawn : INFO ... initializing 'pki.deployment.initialization'
pkispawn : INFO ....... adding GID 'pkiuser' for group '17' . . .
pkispawn : INFO ....... adding UID 'pkiuser' for user '17' . . .
pkispawn : ERROR ....... Selinux is disabled. Not checking port contexts
pkispawn : INFO ... skip populating 'pki.deployment.infrastructure_layout'
pkispawn : INFO ... skip populating 'pki.deployment.instance_layout'
pkispawn : INFO ... skip populating 'pki.deployment.subsystem_layout'
pkispawn : INFO ... skip populating 'pki.deployment.selinux_setup'
pkispawn : INFO ... skip deploying 'pki.deployment.webapp_deployment'
pkispawn : INFO ... skip assigning slots for 'pki.deployment.slot_substitution'
pkispawn : INFO ... skip generating 'pki.deployment.security_databases'
pkispawn : INFO ... configuring 'pki.deployment.configuration'
pkispawn : INFO ....... mkdir -p /root/.dogtag/pki-tomcat/ca
pkispawn : INFO ....... generating '/root/.dogtag/pki-tomcat/ca/password.conf'
pkispawn : INFO ....... modifying '/root/.dogtag/pki-tomcat/ca/password.conf'
pkispawn : INFO ....... generating '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf'
pkispawn : INFO ....... modifying '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf'
pkispawn : INFO ....... mkdir -p /root/.dogtag/pki-tomcat/ca/alias
pkispawn : INFO ....... executing 'certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf'
pkispawn : INFO ....... executing 'systemctl daemon-reload'
pkispawn : INFO ....... executing 'systemctl start pki-tomcatd at pki-tomcat.service'
pkispawn : INFO ....... constructing PKI configuration data.
pkispawn : INFO ....... generating noise file called '/root/.dogtag/pki-tomcat/ca/alias/noise' and filling it with '2048' random bytes
pkispawn : INFO ....... executing '['certutil', '-R', '-d', '/root/.dogtag/pki-tomcat/ca/alias', '-s', 'cn=PKI Administrator,o=cisco.com Security Domain', '-g', '2048', '-z', '/root/.dogtag/pki-tomcat/ca/alias/noise', '-f', '/root/.dogtag/pki-tomcat/ca/password.conf', '-o', '/root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin']'
pkispawn : INFO ....... ['BtoA', '/root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin', '/root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin.asc']
loading external CA signing certificate from file: '/home/fedora/dogtag.cisco.com.cer'
loading external CA signing certificate chain from file: '/home/fedora/test-root-ca-2048.cer'
pkispawn : INFO ....... configuring PKI configuration data.
pkispawn : INFO ....... ['AtoB', '/root/.dogtag/pki-tomcat/ca_admin.cert', '/root/.dogtag/pki-tomcat/ca_admin.cert.der']
pkispawn : INFO ....... ['certutil', '-A', '-d', '/root/.dogtag/pki-tomcat/ca/alias', '-n', 'PKI Administrator', '-t', 'u,u,u', '-i', '/root/.dogtag/pki-tomcat/ca_admin.cert.der', '-f', '/root/.dogtag/pki-tomcat/ca/password.conf']
pkispawn : INFO ....... ['pk12util', '-d', '/root/.dogtag/pki-tomcat/ca/alias', '-o', '/root/.dogtag/pki-tomcat/ca_admin_cert.p12', '-n', 'PKI Administrator', '-w', '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf', '-k', '/root/.dogtag/pki-tomcat/ca/password.conf']
pkispawn : INFO ... finalizing 'pki.deployment.finalization'
pkispawn : INFO ....... cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20141010092609
pkispawn : INFO ....... generating manifest file called '/etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest'
pkispawn : INFO ....... cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20141010092609
pkispawn : INFO ....... executing 'systemctl daemon-reload'
pkispawn : INFO ....... executing 'systemctl restart pki-tomcatd at pki-tomcat.service'
Job for pki-tomcatd at pki-tomcat.service canceled.
pkispawn : INFO ....... rm -rf /root/.dogtag/pki-tomcat/ca
pkispawn : INFO END spawning subsystem 'CA' of instance 'pki-tomcat'
==========================================================================
INSTALLATION SUMMARY
==========================================================================
Administrator's username: caadmin
Administrator's PKCS #12 file:
/root/.dogtag/pki-tomcat/ca_admin_cert.p12
To check the status of the subsystem:
systemctl status pki-tomcatd\@pki-tomcat.service
To restart the subsystem:
systemctl restart pki-tomcatd\@pki-tomcat.service
The URL for the subsystem is:
https://dogtag-ext1.novalocal:9443/ca
==========================================================================
-------------- next part --------------
[root at dogtag-ext1 fedora]# systemctl status pki-tomcatd\@pki-tomcat.service
pki-tomcatd at pki-tomcat.service - PKI Tomcat Server pki-tomcat
Loaded: loaded (/usr/lib/systemd/system/pki-tomcatd at .service; enabled)
Active: inactive (dead) since Fri 2014-10-10 09:26:19 UTC; 41s ago
Process: 24551 ExecStop=/usr/bin/pkidaemon stop tomcat %i (code=exited, status=0/SUCCESS)
Main PID: 24361 (code=exited, status=143)
CGroup: name=systemd:/system/pki-tomcatd at .service/pki-tomcatd at pki-tomcat.service
Oct 10 09:21:38 dogtag-ext1.novalocal systemd[1]: Starting PKI Tomcat Server pki-tomcat...
Oct 10 09:21:39 dogtag-ext1.novalocal pkidaemon[24193]: 'pki-tomcat' must still be CONFIGURED!
Oct 10 09:21:39 dogtag-ext1.novalocal pkidaemon[24193]: (see /var/log/pki-tomcat-install.log)
Oct 10 09:21:39 dogtag-ext1.novalocal systemd[1]: Started PKI Tomcat Server pki-tomcat.
Oct 10 09:26:09 dogtag-ext1.novalocal systemd[1]: Started PKI Tomcat Server pki-tomcat.
Oct 10 09:26:18 dogtag-ext1.novalocal systemd[1]: Stopping PKI Tomcat Server pki-tomcat...
Oct 10 09:26:18 dogtag-ext1.novalocal systemd[1]: Stopping PKI Tomcat Server pki-tomcat...
Oct 10 09:26:19 dogtag-ext1.novalocal systemd[1]: Stopped PKI Tomcat Server pki-tomcat.
[root at dogtag-ext1 fedora]# systemctl start pki-tomcatd\@pki-tomcat.service
[root at dogtag-ext1 fedora]# systemctl status pki-tomcatd\@pki-tomcat.service
pki-tomcatd at pki-tomcat.service - PKI Tomcat Server pki-tomcat
Loaded: loaded (/usr/lib/systemd/system/pki-tomcatd at .service; enabled)
Active: active (running) since Fri 2014-10-10 09:28:18 UTC; 5s ago
Process: 24551 ExecStop=/usr/bin/pkidaemon stop tomcat %i (code=exited, status=0/SUCCESS)
Process: 24616 ExecStart=/usr/bin/pkidaemon start tomcat %i (code=exited, status=0/SUCCESS)
Main PID: 24784 (java)
CGroup: name=systemd:/system/pki-tomcatd at .service/pki-tomcatd at pki-tomcat.service
ââ24784 /usr/lib/jvm/jre/bin/java -DRESTEASY_LIB=/usr/share/java/resteasy -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/...
Oct 10 09:28:15 dogtag-ext1.novalocal systemd[1]: Starting PKI Tomcat Server pki-tomcat...
Oct 10 09:28:18 dogtag-ext1.novalocal systemd[1]: Started PKI Tomcat Server pki-tomcat.
-------------- next part --------------
[root at dogtag-ext1 fedora]# openssl pkcs12 -info -in /root/.dogtag/pki-tomcat/ca_admin_cert.p12
Enter Import Password:
MAC Iteration 2000
MAC verified OK
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
Bag Attributes
friendlyName: PKI Administrator
localKeyID: 41 11 6B 4D 01 78 64 1E 77 7B 17 6F D9 B9 AC 5C F5 9B 88 3F
Key Attributes: <No Attributes>
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQItOgp54c/WGICAggA
MBQGCCqGSIb3DQMHBAjDFi6FqfuIjASCBMgvHxHvir3peQMZX7OQsbTOCHQreAIx
aIrkNZHAzLfKBOCsDmMINysCLW7bjOL8dokYtuCYlGDNYAQLLkPBbAgrqKcVDFTF
162m8qcxfiBJrlcRbnoVpFumuexayYC/WESfM8S1YpL3oY62t/h0acKeGW5GG3a/
M8od8ddnlEa2lSR/x/eiBqLDDVgpgaUVuDZtkyvRvbZzyoh8FK7obZbwjjGYqb2q
CbDLmqLkqkXVuQ0DC+u98PF0RPmQjOQ5QyyYvIKSzdqC5SXqtHZEOAOpHwGzcWoV
+a6Bn6sVtvQSVJN6tV90LUx3OE7r/WzsUAk8Juf6kU69vIg8bUbXe7cPPiKX1sMj
aO+5a/o/T6tkXMS7D1smW65TkMDEnI2XPBPPo4tmhofnng+CRdBMbzxqabZ2PYZD
rKFs3L9eK9XaPBHpIGa2RPq0vCyR8nfHtcVtgnLeFlmoRqVi6/CQCl0Yz7SMl+7R
TdVGoBYpR/EvlmfQd6PxpublMWHmrA5vq7kgz58FTwH058U4IXCgYz1qJjEZhslf
xoNd2u8pBPlSlidCX2KuS2MqF3BmlpkydT61MW/Re+h2Dn8ShNdjuFSXSDRH1W8t
XmuzmIRl1dPZTLPt3PKos3j4vrokoBJLJaX6XLD5OZ3uj0aOual540PsCZRZjeCY
4KjVVCUzwGibjfE5Wh6GJb2rP+FbOJS7hVxM0EA+MKlEZRtnxP05bl0griuUOHvL
6GDJnUO6cSecVXdLlRa0qoD3hqPNvQ02LrhuCskEZz2Ndf+tPgNIcNNlytz1sKx2
Sk/BXVjbqL3UwY9hVqp5Z9CZ7RIQLm8/YrFTaMVs796Z9GcvwElXMhC+TsfQ8QE0
86YCw8KaZchA3mvzKYWIe2mwEBF0TX1WT0/xPLdRfT6uDhbZvcu3iFOAxMwCRdXR
rFWenhCNp9oKYQJQZ/WhNYPC9Y38MNJ4CXIuGbT8B2IUqhN/26Y//8oU09HDSFxB
DB1xHKj/vi8lUiVZgZIpUcXtRwPuzAecqHUNsfcSIA6Xx1+s2GnVbTXELNMyS7jG
8ol6IPJh9JIjJ8zT7YXlDyT9AR6vBYBcEylYZqjq2IvcjvNLm3qrxMYWJMfNoxxi
B80nfNnZQkUNqlC6bFM3R9ip+7aAYZeRchpB4LcmjmeIhaXK3EMhKXsezTjfWOKE
qrSh6pFPwcMeDQwSeEk0LdCA+rq1Aazgse5RbAB/fAMh0OctE/D5UxB/VoI/NKTJ
vNc4aZp5GwADu7ydJbP3t3OTP5YkHegGkih8BUVNumDIoLWFUw/WRvfXXRdYTuPQ
z9lzl4qWES6/J/hZCLGSgFZpYxdB2At1lG20DYcdHtxdR5o10ZGIBJ2n6Eb4ol/7
kn+OVTBUbdDIixoE2c4UV5g+WvukscJ7gIW4xTgeIw48XsznHpwyt3E6J6OY1L4c
kbrBGhsJrlXfvx/BuLJUEU8hi8Rj4x20b+y2xmULilUN7/BPT6ug+9eMB8WuAa9s
RKgKBTGtBfbPLl1URG8RGD/ZmO0xYlFg80qzOQXE9ZUDiKawR3ZEAxAEJClaYSO1
KwBUUMC9XEG49SCjrmIzgoBWZlpgQkmAvlwnr7tWuIFOdzv9wScDtoK84On0Hfno
Lzo=
-----END ENCRYPTED PRIVATE KEY-----
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2000
Certificate bag
Bag Attributes
friendlyName: PKI Administrator
localKeyID: 41 11 6B 4D 01 78 64 1E 77 7B 17 6F D9 B9 AC 5C F5 9B 88 3F
subject=/O=cisco.com Security Domain/CN=PKI Administrator
issuer=/L=Kritee/OU=CIBU/O=Cisco Systems/CN=dogtag.cisco.com
-----BEGIN CERTIFICATE-----
MIIDqTCCApGgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBTMQ8wDQYDVQQHEwZLcml0
ZWUxDTALBgNVBAsTBENJQlUxFjAUBgNVBAoTDUNpc2NvIFN5c3RlbXMxGTAXBgNV
BAMTEGRvZ3RhZy5jaXNjby5jb20wHhcNMTQxMDEwMDkyNjE3WhcNMTYwOTI5MDky
NjE3WjBAMSIwIAYDVQQKExljaXNjby5jb20gU2VjdXJpdHkgRG9tYWluMRowGAYD
VQQDExFQS0kgQWRtaW5pc3RyYXRvcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALk6tHHrgmQSrOzTnGIWKZ/zMbry1EnoRaALSqn7Mwb38tFN+NgOqDOk
Np8DbFBfA4B7Myw0lxkRkCCnUIf4etTQ3tnZroN6hd5hKNl+GiIdtyHOI+xQ9H5e
+U48/RyLPLtaG+hQR3bNPJVJ+zGiKynwxSjrTMHoa/mJX3YkCYhKIImbkbNiBnN8
JgW3NGX9CxxdvHfcBN9jK0O+90bQuuWudZi34FQLxMLcI33cN0GfruErvyH/YgMZ
ZitwvTMUx1kOreTNv4IG4AIIs154eIg3hdugSVITg7lNiNXk8AUu2gB0QtrISjEv
nMEkey5wWypjdDmT8nwY3V7fWP7684ECAwEAAaOBmjCBlzAfBgNVHSMEGDAWgBQL
VyuTi45bmeGZ+tYuLVIktqlw+TBFBggrBgEFBQcBAQQ5MDcwNQYIKwYBBQUHMAGG
KWh0dHA6Ly9kb2d0YWctZXh0MS5ub3ZhbG9jYWw6OTA4MC9jYS9vY3NwMA4GA1Ud
DwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZI
hvcNAQELBQADggEBAGxtujrjwKvyL7w4wi26uYi5+CiJUeoYt15GoVUL9KgYiT7l
l4RAvhYweClqtVl/oh9IBkYP8CpIZdQGTOm/WBz3a5HnzOkiQ5021mp57+2q4E71
BYxP2kziJ50CMD2SD27kI183NNSPxiFKaXbsww+wecOR+9eUi9RJwSwYs5YNhQbl
8+xUAmtI8umlyVxuVMg21tib71ESJSrZ7Pj40MOZLpkLf5EW6kuuQJCMCmJVUXT8
1pELwwG0q2ttzwxaKl4mN8q1Rhs0DxZ3Je/A9HyyoGpGP4dKKUlKyomQ5/JQ7yYB
zAqSGkubASTn0IErwIRkqf31ZcP8Xe62CuJECb8=
-----END CERTIFICATE-----
-------------- next part --------------
[DEFAULT]
pki_instance_name = <name>
pki_http_port = 9080
pki_https_port = 9443
pki_ajp_port = 9009
pki_tomcat_server_port = 9005
[CA]
pki_admin_uid = <name>
pki_admin_password = <passwd>
pki_backup_password = <passwd>
pki_client_database_password = <passwd>
pki_client_pkcs12_password = <passwd>
pki_import_admin_cert = False
pki_client_admin_cert = /<path-to-admin-cert>/ca_admin.cert
pki_admin_name=%(pki_admin_uid)s
pki_admin_nickname=PKI Administrator
pki_admin_subject_dn=cn=PKI Administrator,o=%(pki_security_domain_name)s
pki_ds_hostname = <localhost.localdomian>
pki_ds_ldap_port = <port>
pki_ds_bind_dn = cn=<name>
pki_ds_password = <passwd>
pki_ds_base_dn = o=<name>
pki_security_domain_name = <domain name>
pki_security_domain_password = <passwd>
pki_client_pin = <passwd>
pki_clone_pkcs12_password = <passwd>
pki_one_time_pin = <passwd>
pki_pin = <passwd>
pki_token_password = <passwd>
pki_ca_signing_key_algorithm=SHA256withRSA
pki_ca_signing_key_size=2048
pki_ca_signing_key_type=rsa
pki_ca_signing_signing_algorithm=SHA256withRSA
pki_ca_signing_subject_dn=cn=<name>,o=<name>,ou=<name>,L=<name>
pki_ca_signing_token=Internal Key Storage Token
pki_external=True
pki_external_csr_path=/home/fedora/ca_signing.csr
-------------- next part --------------
[DEFAULT]
pki_instance_name = <name>
pki_http_port = 9080
pki_https_port = 9443
pki_ajp_port = 9009
pki_tomcat_server_port = 9005
[CA]
pki_admin_uid = <name>
pki_admin_password = <passwd>
pki_backup_password = <passwd>
pki_client_database_password = <passwd>
pki_client_pkcs12_password = <passwd>
pki_import_admin_cert = False
pki_client_admin_cert = /<path-to-admin-cert>/ca_admin.cert
pki_admin_name=%(pki_admin_uid)s
pki_admin_nickname=PKI Administrator
pki_admin_subject_dn=cn=PKI Administrator,o=%(pki_security_domain_name)s
pki_ds_hostname = <localhost.localdomian>
pki_ds_ldap_port = <port>
pki_ds_bind_dn = cn=<name>
pki_ds_password = <passwd>
pki_ds_base_dn = o=<name>
pki_security_domain_name = <domain name>
pki_security_domain_password = <passwd>
pki_client_pin = <passwd>
pki_clone_pkcs12_password = <passwd>
pki_one_time_pin = <passwd>
pki_pin = <passwd>
pki_token_password = <passwd>
pki_ca_signing_key_algorithm=SHA256withRSA
pki_ca_signing_key_size=2048
pki_ca_signing_key_type=rsa
pki_ca_signing_signing_algorithm=SHA256withRSA
pki_ca_signing_subject_dn=cn=<name>,o=<name>,ou=<name>,L=<name>
pki_ca_signing_token=Internal Key Storage Token
pki_external=True
pki_external_ca_cert_chain_path=/home/fedora/test-root-ca-2048.cer
pki_external_ca_cert_path=/home/fedora/dogtag.cisco.com.cer
pki_external_step_two=True
-------------- next part --------------
-----BEGIN CERTIFICATE-----
MIIEFDCCAvygAwIBAgIKUZIHHgADAAAOXjANBgkqhkiG9w0BAQUFADAuMRYwFAYD
VQQKEw1DaXNjbyBTeXN0ZW1zMRQwEgYDVQQDEwtURVNULVNTTC1DQTAeFw0xNDEw
MTAwOTEzMDNaFw0xNjEwMTAwOTIzMDNaMFMxDzANBgNVBAcTBktyaXRlZTEWMBQG
A1UEChMNQ2lzY28gU3lzdGVtczENMAsGA1UECxMEQ0lCVTEZMBcGA1UEAxMQZG9n
dGFnLmNpc2NvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJi4
HzcInUskeO5MFQDhqK/5BzokyUuanOH7AiTOoEA57Au5V2wul3HWCrUB7PWO/x28
0A4jGTRkv4R0URoevKmXa/6QsUmzjaGzHMzO7YY1EOXK1ICQiNbRtl2jCgUUDLaj
QHyWP0gWlRAaUc6ftAyedQ/qho8iWqtj884/qQiSzED7/60PQUhS6/CbPkBK5+4+
SUMGe5OMJGQqCsHAFYMA80N8QrSnsPjOV4I/Ts5pEIGZNUlYjwS15efIMvrpLgRw
R0l1gGPm9+DfSEJ1ta6M89O93nw/GUoB0GFrI0cQnZ4jr4Hd+4L4sg5TCGjoe/h2
qWI9ZPlQs5ioplOGayUCAwEAAaOCAQ0wggEJMB0GA1UdDgQWBBQLVyuTi45bmeGZ
+tYuLVIktqlw+TAfBgNVHSMEGDAWgBSOyU4uaEbJcL9gdzJhERmzyilLEjBKBgNV
HR8EQzBBMD+gPaA7hjlodHRwOi8vdGVzdC1zc2wtY2EuY2lzY28uY29tL2NlcnRp
ZmljYXRlcy90ZXN0LXNzbC1jYS5jcmwwXAYDVR0gBFUwUzBRBgorBgEEAQkVAQEA
MEMwQQYIKwYBBQUHAgEWNWh0dHA6Ly93d3cuY2lzY28uY29tL3NlY3VyaXR5L3Br
aS9wb2xpY2llcy9pbmRleC5odG1sMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAnaizhTLtuAWk24gQ1eCERmzdRcU4AQux
6LTUV9iSM8UYQGZohtL4YPSq2UUG70zBZrxiXNIsdDgF7HoRte3GmcjAekT4xSL6
27W9emMLIaQARwCMN80y/S81ksDdwRPYuy3t/7QOY5fUeoxJ4OtZyq8V5f+oqmxc
ngiYlnF7B6dhxDldZ7IR4ON0v2jTaXUPQmR/In7OsQiFKpiaSTfuOuEoeFvoieeh
l0H5f32ex0HJOFm66e/GSBKKqFExJaIbzLaZSgCjLojSuqJvUj0SfnqMZDiKsfUa
Wpuv0LrsD/AcOLeD+SDa2TCG7JHrbPT7frZ+Xomx8uKYd8FbK7+zHA==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
51:92:07:1e:00:03:00:00:0e:5e
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=Cisco Systems, CN=TEST-SSL-CA
Validity
Not Before: Oct 10 09:13:03 2014 GMT
Not After : Oct 10 09:23:03 2016 GMT
Subject: L=Kritee, O=Cisco Systems, OU=CIBU, CN=dogtag.cisco.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:98:b8:1f:37:08:9d:4b:24:78:ee:4c:15:00:e1:
a8:af:f9:07:3a:24:c9:4b:9a:9c:e1:fb:02:24:ce:
a0:40:39:ec:0b:b9:57:6c:2e:97:71:d6:0a:b5:01:
ec:f5:8e:ff:1d:bc:d0:0e:23:19:34:64:bf:84:74:
51:1a:1e:bc:a9:97:6b:fe:90:b1:49:b3:8d:a1:b3:
1c:cc:ce:ed:86:35:10:e5:ca:d4:80:90:88:d6:d1:
b6:5d:a3:0a:05:14:0c:b6:a3:40:7c:96:3f:48:16:
95:10:1a:51:ce:9f:b4:0c:9e:75:0f:ea:86:8f:22:
5a:ab:63:f3:ce:3f:a9:08:92:cc:40:fb:ff:ad:0f:
41:48:52:eb:f0:9b:3e:40:4a:e7:ee:3e:49:43:06:
7b:93:8c:24:64:2a:0a:c1:c0:15:83:00:f3:43:7c:
42:b4:a7:b0:f8:ce:57:82:3f:4e:ce:69:10:81:99:
35:49:58:8f:04:b5:e5:e7:c8:32:fa:e9:2e:04:70:
47:49:75:80:63:e6:f7:e0:df:48:42:75:b5:ae:8c:
f3:d3:bd:de:7c:3f:19:4a:01:d0:61:6b:23:47:10:
9d:9e:23:af:81:dd:fb:82:f8:b2:0e:53:08:68:e8:
7b:f8:76:a9:62:3d:64:f9:50:b3:98:a8:a6:53:86:
6b:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:57:2B:93:8B:8E:5B:99:E1:99:FA:D6:2E:2D:52:24:B6:A9:70:F9
X509v3 Authority Key Identifier:
keyid:8E:C9:4E:2E:68:46:C9:70:BF:60:77:32:61:11:19:B3:CA:29:4B:12
X509v3 CRL Distribution Points:
Full Name:
URI:http://test-ssl-ca.cisco.com/certificates/test-ssl-ca.crl
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.9.21.1.1.0
CPS: http://www.cisco.com/security/pki/policies/index.html
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha1WithRSAEncryption
9d:a8:b3:85:32:ed:b8:05:a4:db:88:10:d5:e0:84:46:6c:dd:
45:c5:38:01:0b:b1:e8:b4:d4:57:d8:92:33:c5:18:40:66:68:
86:d2:f8:60:f4:aa:d9:45:06:ef:4c:c1:66:bc:62:5c:d2:2c:
74:38:05:ec:7a:11:b5:ed:c6:99:c8:c0:7a:44:f8:c5:22:fa:
db:b5:bd:7a:63:0b:21:a4:00:47:00:8c:37:cd:32:fd:2f:35:
92:c0:dd:c1:13:d8:bb:2d:ed:ff:b4:0e:63:97:d4:7a:8c:49:
e0:eb:59:ca:af:15:e5:ff:a8:aa:6c:5c:9e:08:98:96:71:7b:
07:a7:61:c4:39:5d:67:b2:11:e0:e3:74:bf:68:d3:69:75:0f:
42:64:7f:22:7e:ce:b1:08:85:2a:98:9a:49:37:ee:3a:e1:28:
78:5b:e8:89:e7:a1:97:41:f9:7f:7d:9e:c7:41:c9:38:59:ba:
e9:ef:c6:48:12:8a:a8:51:31:25:a2:1b:cc:b6:99:4a:00:a3:
2e:88:d2:ba:a2:6f:52:3d:12:7e:7a:8c:64:38:8a:b1:f5:1a:
5a:9b:af:d0:ba:ec:0f:f0:1c:38:b7:83:f9:20:da:d9:30:86:
ec:91:eb:6c:f4:fb:7e:b6:7e:5e:89:b1:f2:e2:98:77:c1:5b:
2b:bf:b3:1c
-------------- next part --------------
[root at dogtag-ext1 fedora]# curl -k --request GET https://localhost:9443/ca/rest/certs
<html><head><title>Apache Tomcat/7.0.47 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - java.lang.NullPointerException</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>java.lang.NullPointerException</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException
org.jboss.resteasy.core.SynchronousDispatcher.handleApplicationException(SynchronousDispatcher.java:340)
org.jboss.resteasy.core.SynchronousDispatcher.handleException(SynchronousDispatcher.java:214)
org.jboss.resteasy.core.SynchronousDispatcher.handleInvokerException(SynchronousDispatcher.java:190)
org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:540)
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:502)
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:119)
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:606)
[root at dogtag-ext1 fedora]# hostname
dogtag-ext1.novalocal
[root at dogtag-ext1 fedora]# curl -k --request GET https://dogtag-ext1.novalocal:9443/ca/rest/certs
<html><head><title>Apache Tomcat/7.0.47 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - java.lang.NullPointerException</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>java.lang.NullPointerException</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException
org.jboss.resteasy.core.SynchronousDispatcher.handleApplicationException(SynchronousDispatcher.java:340)
org.jboss.resteasy.core.SynchronousDispatcher.handleException(SynchronousDispatcher.java:214)
org.jboss.resteasy.core.SynchronousDispatcher.handleInvokerException(SynchronousDispatcher.java:190)
org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:540)
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:502)
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:119)
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:606)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
[DEFAULT]
[root at dogtag-ext1 fedora]# curl -k --request GET https://dogtag-ext1.novalocal:9443/ca/rest/certs
<html><head><title>Apache Tomcat/7.0.47 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - java.lang.NullPointerException</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>java.lang.NullPointerException</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException
org.jboss.resteasy.core.SynchronousDispatcher.handleApplicationException(SynchronousDispatcher.java:340)
org.jboss.resteasy.core.SynchronousDispatcher.handleException(SynchronousDispatcher.java:214)
org.jboss.resteasy.core.SynchronousDispatcher.handleInvokerException(SynchronousDispatcher.java:190)
org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:540)
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:502)
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:119)
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:606)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:536)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:169)
</pre></p><p><b>root cause</b> <pre>java.lang.NullPointerException
com.netscape.cms.servlet.cert.CertService.<init>(CertService.java:92)
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
java.lang.reflect.Constructor.newInstance(Constructor.java:526)
org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:82)
org.jboss.resteasy.plugins.server.resourcefactory.POJOResourceFactory.createResource(POJOResourceFactory.java:43)
org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:210)
org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:525)
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:502)
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:119)
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:606)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:536)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:169)
</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.47 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.47</h3></body></html>
-------------- next part --------------
[root at dogtag-ext1 fedora]# pkispawn -s CA -f deployment.cfg -v
Loading deployment configuration from deployment.cfg.
Installing CA into /var/lib/pki/pki-tomcat.
pkispawn : INFO BEGIN spawning subsystem 'CA' of instance 'pki-tomcat' . . .
pkispawn : INFO ... initializing 'pki.deployment.initialization'
pkispawn : INFO ....... adding GID 'pkiuser' for group '17' . . .
pkispawn : INFO ....... adding UID 'pkiuser' for user '17' . . .
pkispawn : ERROR ....... Selinux is disabled. Not checking port contexts
pkispawn : INFO ... populating 'pki.deployment.infrastructure_layout'
pkispawn : INFO ....... mkdir -p /etc/sysconfig/pki
pkispawn : INFO ....... mkdir -p /etc/sysconfig/pki/tomcat
pkispawn : INFO ....... mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat
pkispawn : INFO ....... mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca
pkispawn : INFO ....... cp -p /etc/pki/default.cfg /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg
Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
pkispawn : INFO ....... mkdir -p /var/lib/pki
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/ca
pkispawn : INFO ....... ln -s /etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat/ca/registry
pkispawn : INFO ... populating 'pki.deployment.instance_layout'
pkispawn : INFO ....... mkdir -p /var/log/pki/pki-tomcat
pkispawn : INFO ....... mkdir -p /etc/pki/pki-tomcat
pkispawn : INFO ....... cp -rp /usr/share/pki/server/conf /etc/pki/pki-tomcat
pkispawn : INFO ....... setting ownerships, permissions, and acls on '/etc/pki/pki-tomcat'
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/common
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/common/lib
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/lib
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-i18n-ja.jar /var/lib/pki/pki-tomcat/lib/tomcat-i18n-ja.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-api.jar /var/lib/pki/pki-tomcat/lib/tomcat-api.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/catalina-ant.jar /var/lib/pki/pki-tomcat/lib/catalina-ant.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/commons-collections.jar /var/lib/pki/pki-tomcat/lib/commons-collections.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/catalina-tribes.jar /var/lib/pki/pki-tomcat/lib/catalina-tribes.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/annotations-api.jar /var/lib/pki/pki-tomcat/lib/annotations-api.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-el-2.2-api.jar /var/lib/pki/pki-tomcat/lib/tomcat-el-2.2-api.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/jasper.jar /var/lib/pki/pki-tomcat/lib/jasper.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-i18n-es.jar /var/lib/pki/pki-tomcat/lib/tomcat-i18n-es.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/commons-pool.jar /var/lib/pki/pki-tomcat/lib/commons-pool.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-servlet-3.0-api.jar /var/lib/pki/pki-tomcat/lib/tomcat-servlet-3.0-api.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-juli.jar /var/lib/pki/pki-tomcat/lib/tomcat-juli.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-jdbc.jar /var/lib/pki/pki-tomcat/lib/tomcat-jdbc.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-coyote.jar /var/lib/pki/pki-tomcat/lib/tomcat-coyote.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-jsp-2.2-api.jar /var/lib/pki/pki-tomcat/lib/tomcat-jsp-2.2-api.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/commons-dbcp.jar /var/lib/pki/pki-tomcat/lib/commons-dbcp.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-i18n-fr.jar /var/lib/pki/pki-tomcat/lib/tomcat-i18n-fr.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/log4j.jar /var/lib/pki/pki-tomcat/lib/log4j.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/jasper-el.jar /var/lib/pki/pki-tomcat/lib/jasper-el.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/tomcat-util.jar /var/lib/pki/pki-tomcat/lib/tomcat-util.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/catalina-ha.jar /var/lib/pki/pki-tomcat/lib/catalina-ha.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/catalina.jar /var/lib/pki/pki-tomcat/lib/catalina.jar
pkispawn : INFO ....... ln -s /usr/share/tomcat/lib/jasper-jdt.jar /var/lib/pki/pki-tomcat/lib/jasper-jdt.jar
pkispawn : INFO ....... ln -s /etc/pki/pki-tomcat/log4j.properties /var/lib/pki/pki-tomcat/lib/log4j.properties
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/temp
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work/Catalina
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/_
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca
pkispawn : INFO ....... ln -s /usr/share/tomcat/bin /var/lib/pki/pki-tomcat/bin
pkispawn : INFO ....... ln -s /usr/sbin/tomcat-sysd /var/lib/pki/pki-tomcat/pki-tomcat
pkispawn : INFO ....... ln -s /usr/share/java/apache-commons-collections.jar /var/lib/pki/pki-tomcat/common/lib/apache-commons-collections.jar
pkispawn : INFO ....... ln -s /usr/share/java/apache-commons-io.jar /var/lib/pki/pki-tomcat/common/lib/apache-commons-io.jar
pkispawn : INFO ....... ln -s /usr/share/java/apache-commons-lang.jar /var/lib/pki/pki-tomcat/common/lib/apache-commons-lang.jar
pkispawn : INFO ....... ln -s /usr/share/java/apache-commons-logging.jar /var/lib/pki/pki-tomcat/common/lib/apache-commons-logging.jar
pkispawn : INFO ....... ln -s /usr/share/java/commons-codec.jar /var/lib/pki/pki-tomcat/common/lib/apache-commons-codec.jar
pkispawn : INFO ....... ln -s /usr/share/java/httpcomponents/httpclient.jar /var/lib/pki/pki-tomcat/common/lib/httpclient.jar
pkispawn : INFO ....... ln -s /usr/share/java/httpcomponents/httpcore.jar /var/lib/pki/pki-tomcat/common/lib/httpcore.jar
pkispawn : INFO ....... ln -s /usr/share/java/javassist.jar /var/lib/pki/pki-tomcat/common/lib/javassist.jar
pkispawn : INFO ....... ln -s /usr/share/java/resteasy/jaxrs-api.jar /var/lib/pki/pki-tomcat/common/lib/jaxrs-api.jar
pkispawn : INFO ....... ln -s /usr/share/java/jettison.jar /var/lib/pki/pki-tomcat/common/lib/jettison.jar
pkispawn : INFO ....... ln -s /usr/lib/java/jss4.jar /var/lib/pki/pki-tomcat/common/lib/jss4.jar
pkispawn : INFO ....... ln -s /usr/share/java/ldapjdk.jar /var/lib/pki/pki-tomcat/common/lib/ldapjdk.jar
pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-tomcat.jar /var/lib/pki/pki-tomcat/common/lib/pki-tomcat.jar
pkispawn : INFO ....... ln -s /usr/share/java/resteasy/resteasy-atom-provider.jar /var/lib/pki/pki-tomcat/common/lib/resteasy-atom-provider.jar
pkispawn : INFO ....... ln -s /usr/share/java/resteasy/resteasy-jaxb-provider.jar /var/lib/pki/pki-tomcat/common/lib/resteasy-jaxb-provider.jar
pkispawn : INFO ....... ln -s /usr/share/java/resteasy/resteasy-jaxrs.jar /var/lib/pki/pki-tomcat/common/lib/resteasy-jaxrs.jar
pkispawn : INFO ....... ln -s /usr/share/java/resteasy/resteasy-jettison-provider.jar /var/lib/pki/pki-tomcat/common/lib/resteasy-jettison-provider.jar
pkispawn : INFO ....... ln -s /usr/share/java/scannotation.jar /var/lib/pki/pki-tomcat/common/lib/scannotation.jar
pkispawn : INFO ....... ln -s /usr/share/java/tomcatjss.jar /var/lib/pki/pki-tomcat/common/lib/tomcatjss.jar
pkispawn : INFO ....... ln -s /usr/share/java/velocity.jar /var/lib/pki/pki-tomcat/common/lib/velocity.jar
pkispawn : INFO ....... ln -s /usr/share/java/xerces-j2.jar /var/lib/pki/pki-tomcat/common/lib/xerces-j2.jar
pkispawn : INFO ....... ln -s /usr/share/java/xml-commons-apis.jar /var/lib/pki/pki-tomcat/common/lib/xml-commons-apis.jar
pkispawn : INFO ....... ln -s /usr/share/java/xml-commons-resolver.jar /var/lib/pki/pki-tomcat/common/lib/xml-commons-resolver.jar
pkispawn : INFO ....... mkdir -p /etc/pki/pki-tomcat/alias
pkispawn : INFO ....... ln -s /etc/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/alias
pkispawn : INFO ....... ln -s /etc/pki/pki-tomcat /var/lib/pki/pki-tomcat/conf
pkispawn : INFO ....... ln -s /var/log/pki/pki-tomcat /var/lib/pki/pki-tomcat/logs
pkispawn : INFO ... populating 'pki.deployment.subsystem_layout'
pkispawn : INFO ....... mkdir -p /var/log/pki/pki-tomcat/ca
pkispawn : INFO ....... mkdir -p /var/log/pki/pki-tomcat/ca/archive
pkispawn : INFO ....... mkdir -p /var/log/pki/pki-tomcat/ca/signedAudit
pkispawn : INFO ....... mkdir -p /etc/pki/pki-tomcat/ca
pkispawn : INFO ....... cp -rp /usr/share/pki/ca/emails /var/lib/pki/pki-tomcat/ca/emails
pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/ca/emails'
pkispawn : INFO ....... cp -rp /usr/share/pki/ca/profiles /var/lib/pki/pki-tomcat/ca/profiles
pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/ca/profiles'
pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/flatfile.txt /etc/pki/pki-tomcat/ca/flatfile.txt
pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/registry.cfg /etc/pki/pki-tomcat/ca/registry.cfg
pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/adminCert.profile /etc/pki/pki-tomcat/ca/adminCert.profile
pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/caAuditSigningCert.profile /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile
pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/caCert.profile /etc/pki/pki-tomcat/ca/caCert.profile
pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/caOCSPCert.profile /etc/pki/pki-tomcat/ca/caOCSPCert.profile
pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/serverCert.profile /etc/pki/pki-tomcat/ca/serverCert.profile
pkispawn : INFO ....... cp -p /usr/share/pki/ca/conf/subsystemCert.profile /etc/pki/pki-tomcat/ca/subsystemCert.profile
pkispawn : INFO ....... ln -s /var/lib/pki/pki-tomcat/webapps /var/lib/pki/pki-tomcat/ca/webapps
pkispawn : INFO ....... ln -s /var/lib/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/ca/alias
pkispawn : INFO ....... ln -s /etc/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/conf
pkispawn : INFO ....... ln -s /var/log/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/logs
pkispawn : INFO ... selinux disabled. skipping labelling 'pki.deployment.selinux_setup'
pkispawn : INFO ... deploying 'pki.deployment.webapp_deployment'
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/ROOT
pkispawn : INFO ....... cp -rp /usr/share/pki/server/webapps/ROOT /var/lib/pki/pki-tomcat/webapps/ROOT
pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/ROOT'
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/pki
pkispawn : INFO ....... cp -rp /usr/share/pki/server/webapps/pki/js /var/lib/pki/pki-tomcat/webapps/pki/js
pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/pki/js'
pkispawn : INFO ....... cp -rp /usr/share/pki/server/webapps/pki/META-INF /var/lib/pki/pki-tomcat/webapps/pki/META-INF
pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/pki/META-INF'
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/ca
pkispawn : INFO ....... cp -rp /usr/share/pki/server/webapps/pki/admin /var/lib/pki/pki-tomcat/webapps/ca/admin
pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/ca/admin'
pkispawn : INFO ....... cp -rp /usr/share/pki/ca/webapps/ca /var/lib/pki/pki-tomcat/webapps/ca
pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/ca'
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/classes
pkispawn : INFO ....... mkdir -p /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib
pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-certsrv.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-certsrv.jar
pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-cmsbundle.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-cmsbundle.jar
pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-cmscore.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-cmscore.jar
pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-cms.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-cms.jar
pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-cmsutil.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-cmsutil.jar
pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-nsutil.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-nsutil.jar
pkispawn : INFO ....... ln -s /usr/share/java/pki/pki-ca.jar /var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/lib/pki-ca.jar
pkispawn : INFO ....... setting ownerships, permissions, and acls on '/var/lib/pki/pki-tomcat/webapps/ca'
pkispawn : INFO ... assigning slots for 'pki.deployment.slot_substitution'
pkispawn : INFO ....... copying '/usr/share/pki/ca/conf/CS.cfg' --> '/etc/pki/pki-tomcat/ca/CS.cfg' with slot substitution
pkispawn : INFO ....... copying '/usr/share/pki/setup/pkidaemon_registry' --> '/etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat' with slot substitution
pkispawn : INFO ....... copying '/usr/share/pki/server/conf/catalina.properties' --> '/etc/pki/pki-tomcat/catalina.properties' with slot substitution
pkispawn : INFO ....... copying '/usr/share/pki/server/conf/serverCertNick.conf' --> '/etc/pki/pki-tomcat/serverCertNick.conf' with slot substitution
pkispawn : INFO ....... copying '/usr/share/pki/server/conf/server.xml' --> '/etc/pki/pki-tomcat/server.xml' with slot substitution
pkispawn : INFO ....... copying '/usr/share/pki/server/conf/context.xml' --> '/etc/pki/pki-tomcat/context.xml' with slot substitution
pkispawn : INFO ....... copying '/usr/share/pki/server/conf/tomcat.conf' --> '/etc/sysconfig/pki-tomcat' with slot substitution
pkispawn : INFO ....... copying '/usr/share/pki/server/conf/tomcat.conf' --> '/etc/pki/pki-tomcat/tomcat.conf' with slot substitution
pkispawn : INFO ....... applying in-place slot substitutions on '/var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/velocity.properties'
pkispawn : INFO ....... applying in-place slot substitutions on '/var/lib/pki/pki-tomcat/webapps/ca/WEB-INF/web.xml'
pkispawn : INFO ....... copying '/usr/share/pki/ca/conf/proxy.conf' --> '/etc/pki/pki-tomcat/ca/proxy.conf' with slot substitution
pkispawn : INFO ....... applying in-place slot substitutions on '/var/lib/pki/pki-tomcat/webapps/ca/ee/ca/ProfileSelect.template'
pkispawn : INFO ... generating 'pki.deployment.security_databases'
pkispawn : INFO ....... generating '/etc/pki/pki-tomcat/password.conf'
pkispawn : INFO ....... generating '/etc/pki/pki-tomcat/pfile'
pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/password.conf'
pkispawn : INFO ....... executing 'certutil -N -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile'
pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/alias/cert8.db'
pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/alias/key3.db'
pkispawn : INFO ....... modifying '/etc/pki/pki-tomcat/alias/secmod.db'
pkispawn : INFO ....... generating noise file called '/etc/pki/pki-tomcat/ca/noise' and filling it with '1024' random bytes
pkispawn : INFO ....... executing 'certutil -S -d /etc/pki/pki-tomcat/alias -h 'internal' -n 'Server-Cert cert-pki-tomcat' -s 'cn=dogtag-ext1.novalocal,o=2014-10-10 09:20:58' -m 0 -v 12 -c 'cn=dogtag-ext1.novalocal,o=2014-10-10 09:20:58' -t 'CTu,CTu,CTu' -z /etc/pki/pki-tomcat/ca/noise -f /etc/pki/pki-tomcat/pfile -x > /dev/null 2>&1'
pkispawn : INFO ....... rm -f /etc/pki/pki-tomcat/ca/noise
pkispawn : INFO ....... rm -f /etc/pki/pki-tomcat/pfile
pkispawn : INFO ... configuring 'pki.deployment.configuration'
pkispawn : INFO ....... mkdir -p /root/.dogtag/pki-tomcat/ca
pkispawn : INFO ....... generating '/root/.dogtag/pki-tomcat/ca/password.conf'
pkispawn : INFO ....... modifying '/root/.dogtag/pki-tomcat/ca/password.conf'
pkispawn : INFO ....... generating '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf'
pkispawn : INFO ....... modifying '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf'
pkispawn : INFO ....... mkdir -p /root/.dogtag/pki-tomcat/ca/alias
pkispawn : INFO ....... executing 'certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf'
pkispawn : INFO ....... ln -s /lib/systemd/system/pki-tomcatd at .service /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd at pki-tomcat.service
pkispawn : INFO ....... executing 'systemctl daemon-reload'
pkispawn : INFO ....... executing 'systemctl start pki-tomcatd at pki-tomcat.service'
pkispawn : INFO ....... constructing PKI configuration data.
pkispawn : INFO ....... generating noise file called '/root/.dogtag/pki-tomcat/ca/alias/noise' and filling it with '2048' random bytes
pkispawn : INFO ....... executing '['certutil', '-R', '-d', '/root/.dogtag/pki-tomcat/ca/alias', '-s', 'cn=PKI Administrator,o=cisco.com', '-g', '2048', '-z', '/root/.dogtag/pki-tomcat/ca/alias/noise', '-f', '/root/.dogtag/pki-tomcat/ca/password.conf', '-o', '/root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin']'
pkispawn : INFO ....... ['BtoA', '/root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin', '/root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin.asc']
pkispawn : INFO ....... configuring PKI configuration data.
pkispawn : INFO ....... request: -----BEGIN CERTIFICATE REQUEST-----
MIICmDCCAYACAQAwUzEPMA0GA1UEBxMGS3JpdGVlMQ0wCwYDVQQLEwRDSUJVMRYwFAYDVQQKEw1D
aXNjbyBTeXN0ZW1zMRkwFwYDVQQDExBkb2d0YWcuY2lzY28uY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAmLgfNwidSyR47kwVAOGor/kHOiTJS5qc4fsCJM6gQDnsC7lXbC6XcdYK
tQHs9Y7/HbzQDiMZNGS/hHRRGh68qZdr/pCxSbONobMczM7thjUQ5crUgJCI1tG2XaMKBRQMtqNA
fJY/SBaVEBpRzp+0DJ51D+qGjyJaq2Pzzj+pCJLMQPv/rQ9BSFLr8Js+QErn7j5JQwZ7k4wkZCoK
wcAVgwDzQ3xCtKew+M5Xgj9OzmkQgZk1SViPBLXl58gy+ukuBHBHSXWAY+b34N9IQnW1rozz073e
fD8ZSgHQYWsjRxCdniOvgd37gviyDlMIaOh7+HapYj1k+VCzmKimU4ZrJQIDAQABoAAwDQYJKoZI
hvcNAQELBQADggEBAFI5HrchG9WxTzgtCf6v21V8PFsWHEPVBr1gM+ihgiSXSp7sSmvjBvEUN+Ik
mHbo4ssq+KpHWeQZmKc1tlmiF5IBoP6yiAvkHelphdqRM+DkrkMYnR8cabx4amFOEfmPBE38hLHA
+eaFiVxHSorbkoZsBnSrYDz1/+5xD+4/VJrMvQiP9eRp1hG0sXjH5sLoV70LoHhO94yga0w26Gpj
xkzxSrxFVFH7walY0J09rqvtGOfJ7y4Pg4hy24L0WLDux063uUjNVmRs8zmYHB5AgX2Ke1YI2XYP
AHPTL9m3+wdVUuPCYVrf6njZS7CFygcG5c4W6prdu5ZcJ7cqYdSgiho=
-----END CERTIFICATE REQUEST-----
pkispawn : INFO ....... saving CA Signing CSR to file: '/home/fedora/ca_signing.csr'
pkispawn : INFO ... finalizing 'pki.deployment.finalization'
pkispawn : INFO ....... cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20141010092058
pkispawn : INFO ....... generating manifest file called '/etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest'
pkispawn : INFO ....... cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20141010092058
pkispawn : INFO ....... executing 'systemctl daemon-reload'
pkispawn : INFO ....... executing 'systemctl restart pki-tomcatd at pki-tomcat.service'
pkispawn : INFO ....... rm -rf /root/.dogtag/pki-tomcat/ca
pkispawn : INFO END spawning subsystem 'CA' of instance 'pki-tomcat'
==========================================================================
INSTALLATION SUMMARY
==========================================================================
Administrator's username: caadmin
To check the status of the subsystem:
systemctl status pki-tomcatd\@pki-tomcat.service
To restart the subsystem:
systemctl restart pki-tomcatd\@pki-tomcat.service
The URL for the subsystem is:
https://dogtag-ext1.novalocal:9443/ca
==========================================================================
More information about the Pki-users
mailing list