[Pki-users] Issues Installing an externally signed CA configuration

Jain, Mahendra Majain at verisign.com
Thu Mar 26 16:03:12 UTC 2015 

Hello All,

I’ve been able to successfully install and test Dogtag Certificate Enrollment and Approval APIs using self signed CA available with standard Dogtag installation.
Also, the java based pkiconsole works perfectly fine without any issues.

However, I’m unable to do so Installing an externally signed CA configuration.
I’ve Dogtag 10.1 version installed.

I followed the exact instructions outlined in the section 'Installing an externally signed CA’ at the link below:
http://man.sourcentral.org/f18/8+pkispawn

While the installation seems to succeed, I’m seeing following errors in logs (/var/lib/pki/pki-tomcat/logs/ca/debug) when I launch pkiconsole (java based console) and provide username/password (caadmin/password123):


---------------------------------------------------------------------------------
[26/Mar/2015:15:54:39][http-bio-8443-exec-9]: AdminServlet:service() uri = /ca/auths
[26/Mar/2015:15:54:39][http-bio-8443-exec-9]: AdminServlet::service() param name='OP_TYPE' value='OP_AUTH'
[26/Mar/2015:15:54:39][http-bio-8443-exec-9]: AdminServlet::service() param name='OP_SCOPE' value='authType'
[26/Mar/2015:15:54:47][http-bio-8443-exec-11]: AdminServlet:service() uri = /ca/auths
[26/Mar/2015:15:54:47][http-bio-8443-exec-11]: AdminServlet::service() param name='OP_TYPE' value='OP_AUTH'
[26/Mar/2015:15:54:47][http-bio-8443-exec-11]: AdminServlet::service() param name='OP_SCOPE' value='auths'
[26/Mar/2015:15:54:47][http-bio-8443-exec-11]: SignedAuditEventFactory: create() message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=passwdUserDBAuthMgr][AttemptedCred=caadmin] authentication failure

[26/Mar/2015:15:54:47][http-bio-8443-exec-11]: SignedAuditEventFactory: create() message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=passwdUserDBAuthMgr][AttemptedCred=caadmin] authentication failure
---------------------------------------------------------------------------------

Any help is greatly appreciated.

Thanks,
Mahendra
“This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed, and may contain information that is non-public, proprietary, privileged, confidential and exempt from disclosure under applicable law or may be constituted as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this message in error, notify sender immediately and delete this message immediately.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20150326/48b4ca83/attachment.htm>

More information about the Pki-users mailing list