From spawn at rloteck.net Thu Jun 1 21:35:36 2017 From: spawn at rloteck.net (Rafael Leiva-Ochoa) Date: Thu, 1 Jun 2017 14:35:36 -0700 Subject: [Pki-users] Pki-users Digest, Vol 110, Issue 1 In-Reply-To: References: Message-ID: Thanks for the update Christina. Where does the Dogtag CA store its certificate for the https://:8443/. I checked the /etc/ssl/certs/ directory, but I found nothing. Thanks again Christina Rafael On Thu, Jun 1, 2017 at 9:00 AM, wrote: > Send Pki-users mailing list submissions to > pki-users at redhat.com > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.redhat.com/mailman/listinfo/pki-users > or, via email, send a message with subject or body 'help' to > pki-users-request at redhat.com > > You can reach the person managing the list at > pki-users-owner at redhat.com > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Pki-users digest..." > > > Today's Topics: > > 1. Re: Dogtag Cert Lauch Page Renewal (Christina Fu) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 31 May 2017 14:31:31 -0700 > From: Christina Fu > To: pki-users at redhat.com > Subject: Re: [Pki-users] Dogtag Cert Lauch Page Renewal > Message-ID: <034773bd-3756-73df-8c77-7dd1ebe93082 at redhat.com> > Content-Type: text/plain; charset="windows-1252"; Format="flowed" > > Hi Rafael, > > I think the following should work for you in theory (Note: I have not > tried it myself). > > If you mean the web server cert, by default it uses the caServerCert > profile. So to add SAN you would want to add Subject Alt Name Default > and possibly constraint to that profile. You can look up how other > default profiles. > > Here is an example policy you could add: > > policyset.serverCertSet.9.constraint.class_id=noConstraintImpl > policyset.serverCertSet.9.constraint.name=No Constraint > policyset.serverCertSet.9.default.class_id=subjectAltNameExtDefaultImpl > policyset.serverCertSet.9.default.name=Subject Alternative Name > Extension Default > policyset.serverCertSet.9.default.params.subjAltExtGNEnable_0=true > policyset.serverCertSet.9.default.params.subjAltExtPattern_0=yourServer > .example.com > policyset.serverCertSet.9.default.params.subjAltExtType_0=DNSName > policyset.serverCertSet.9.default.params.subjAltNameNumGNs=1 > > Make sure you add the set id "9" (if unique..you can change it to > another unique id) to > > policyset.serverCertSet.list= > > It is important that you add that to the profile before you proceed with > the renewal instruction (under the assumption that you wish to reuse > keys), because the instruction I am about to give you will use the same > profile that the original cert was issued through. Restart the CA after > the above config change. > > About renewal, if you want to reuse the same keys of the original web > server certificate, you could try going to the ee page > Enrollment/Renewal tab. Where you would find on the last link of the > page to be > > Renewal: Renew certificate to be manually approved by agents. > > Enter the current (to be replaced) server cert serial number and > submit. Have the CA agent approve the request. Download and update > your server cert, restart the intended web server. > > If you don't want to reuse keys, then simply enroll through the Manual > Server Certificate Enrollment, which uses the profile that you just > modified, but will expect a whole new csr to be the input (rekey). > Incidentally, if you happen to have the original CSR (hence preserving > the same keys), you would end up having the same keys with the new > update profile (with SAN) as well, which would effectively give you the > same result. > > Let us know if that works for you. > > Christina > > > On 05/30/2017 06:29 PM, Rafael Leiva-Ochoa wrote: > > Any takers? > > > > Rafael > > > > On Sat, May 27, 2017 at 10:29 PM, Rafael Leiva-Ochoa > > > wrote: > > > > Hi Everyone, > > > > I am was looking through the Dogtag CA documentation, and I > > was not able to find the process for renewing the Dogtag Web page > > certificate. I wanted to update the cert since all browser now > > required a SAN on the cert. Any help would be great. > > > > Thanks, > > > > Rafael > > > > > > > > > > _______________________________________________ > > Pki-users mailing list > > Pki-users at redhat.com > > https://www.redhat.com/mailman/listinfo/pki-users > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: attachments/20170531/7a1c9f30/attachment.html> > > ------------------------------ > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users > > End of Pki-users Digest, Vol 110, Issue 1 > ***************************************** > -------------- next part -------------- An HTML attachment was scrubbed... URL: From susumu.sai.2013 at gmail.com Wed Jun 28 20:17:52 2017 From: susumu.sai.2013 at gmail.com (Susumu Sai) Date: Wed, 28 Jun 2017 16:17:52 -0400 Subject: [Pki-users] =?utf-8?q?Submit_CSR_failure=3A_your_request_is_not_s?= =?utf-8?q?ubmitted=2C_The_reason_is_=E2=80=9CMissing_credential=3A?= =?utf-8?q?_sessionID=E2=80=9D?= Message-ID: On https://:8443/ca/ee/ca, using profile of ?Manual Certificate Manager Signing Certificate Enrollment?, copy and paste CSR, click Submit, got failure: Sorry, your request is not submitted, The reason is ?Missing credential: sessionID? I used openssl command verified my csr: openssl reg -in csr.CSR -text , I am not getting any error with the command, I guess this says that my CSR is fine. Any comments? suggestions? Thanks. Susumu -------------- next part -------------- An HTML attachment was scrubbed... URL: From dgnatowski at yahoo.com Thu Jun 29 18:27:19 2017 From: dgnatowski at yahoo.com (Dennis Gnatowski) Date: Thu, 29 Jun 2017 18:27:19 +0000 (UTC) Subject: [Pki-users] Invalid chunck header References: <1121496478.1401114.1498760839893.ref@mail.yahoo.com> Message-ID: <1121496478.1401114.1498760839893@mail.yahoo.com> I?m getting an error when attempting to format a new blankcard (sc650).Fresh, new install of CA, KRA, TKS, TPS on single instance.Insert card into reader (3121) and ESC (1.1.0-13 on Windows10) prompts for phone Home URL.Enter TPS phone Home URL then press Format button and geterror (in localhost.log).?I have the same issue on RHCS 9.1 (latest patches) as wellas Dogtag 10.3.x.? Not sure where theissue lies or how to fix.?SEVERE: Servlet.service() for servlet [tps] in context withpath [/tps] threw exceptionjava.io.IOException: Invalid chunk header??????? atorg.apache.coyote.http11.filters.ChunkedInputFilter.throwIOException(ChunkedInputFilter.java:615)??????? atorg.apache.coyote.http11.filters.ChunkedInputFilter.doRead(ChunkedInputFilter.java:192)??????? atorg.apache.coyote.http11.AbstractInputBuffer.doRead(AbstractInputBuffer.java:287)??????? atorg.apache.coyote.Request.doRead(Request.java:438)??????? atorg.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:290)??????? atorg.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:390)??????? atorg.apache.catalina.connector.InputBuffer.readByte(InputBuffer.java:304)??????? atorg.apache.catalina.connector.CoyoteInputStream$1.run(CoyoteInputStream.java:91)??????? atorg.apache.catalina.connector.CoyoteInputStream$1.run(CoyoteInputStream.java:87)??????? atjava.security.AccessController.doPrivileged(Native Method)??????? atorg.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:85)??????? atorg.dogtagpki.tps.TPSConnection.read(TPSConnection.java:55)??????? atorg.dogtagpki.server.tps.TPSSession.read(TPSSession.java:72)??????? atorg.dogtagpki.server.tps.processor.TPSProcessor.handleAPDURequest(TPSProcessor.java:311)??????? atorg.dogtagpki.server.tps.processor.TPSProcessor.selectApplet(TPSProcessor.java:279)??????? atorg.dogtagpki.server.tps.processor.TPSProcessor.selectCardManager(TPSProcessor.java:2968)??????? atorg.dogtagpki.server.tps.processor.TPSProcessor.getAppletInfo(TPSProcessor.java:2900)??????? atorg.dogtagpki.server.tps.processor.TPSProcessor.format(TPSProcessor.java:1831)????? ??atorg.dogtagpki.server.tps.processor.TPSProcessor.process(TPSProcessor.java:2852)??????? atorg.dogtagpki.server.tps.TPSSession.process(TPSSession.java:119)??????? atorg.dogtagpki.server.tps.TPSServlet.service(TPSServlet.java:60)??????? at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)??????? atsun.reflect.GeneratedMethodAccessor48.invoke(Unknown Source)??????? atsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)??????? atjava.lang.reflect.Method.invoke(Method.java:498)??????? atorg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)??????? atorg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)??????? atjava.security.AccessController.doPrivileged(Native Method)??????? atjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)?-----------------------------------------------------------Dennis Gnatowski?dgnatowski at yahoo.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From jmagne at redhat.com Thu Jun 29 18:41:06 2017 From: jmagne at redhat.com (John Magne) Date: Thu, 29 Jun 2017 14:41:06 -0400 (EDT) Subject: [Pki-users] Invalid chunck header In-Reply-To: <1121496478.1401114.1498760839893@mail.yahoo.com> References: <1121496478.1401114.1498760839893.ref@mail.yahoo.com> <1121496478.1401114.1498760839893@mail.yahoo.com> Message-ID: <788749869.12885629.1498761666326.JavaMail.zimbra@redhat.com> Did the client accept the phone home url you gave it without complaint? ----- Original Message ----- From: "Dennis Gnatowski" To: pki-users at redhat.com Sent: Thursday, June 29, 2017 11:27:19 AM Subject: [Pki-users] Invalid chunck header I?m getting an error when attempting to format a new blank card (sc650). Fresh, new install of CA, KRA, TKS, TPS on single instance. Insert card into reader (3121) and ESC (1.1.0-13 on Windows 10) prompts for phone Home URL. Enter TPS phone Home URL then press Format button and get error (in localhost.log). I have the same issue on RHCS 9.1 (latest patches) as well as Dogtag 10.3.x. Not sure where the issue lies or how to fix. SEVERE: Servlet.service() for servlet [tps] in context with path [/tps] threw exception java.io.IOException: Invalid chunk header at org.apache.coyote.http11.filters.ChunkedInputFilter.throwIOException(ChunkedInputFilter.java:615) at org.apache.coyote.http11.filters.ChunkedInputFilter.doRead(ChunkedInputFilter.java:192) at org.apache.coyote.http11.AbstractInputBuffer.doRead(AbstractInputBuffer.java:287) at org.apache.coyote.Request.doRead(Request.java:438) at org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:290) at org.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:390) at org.apache.catalina.connector.InputBuffer.readByte(InputBuffer.java:304) at org.apache.catalina.connector.CoyoteInputStream$1.run(CoyoteInputStream.java:91) at org.apache.catalina.connector.CoyoteInputStream$1.run(CoyoteInputStream.java:87) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:85) at org.dogtagpki.tps.TPSConnection.read(TPSConnection.java:55) at org.dogtagpki.server.tps.TPSSession.read(TPSSession.java:72) at org.dogtagpki.server.tps.processor.TPSProcessor.handleAPDURequest(TPSProcessor.java:311) at org.dogtagpki.server.tps.processor.TPSProcessor.selectApplet(TPSProcessor.java:279) at org.dogtagpki.server.tps.processor.TPSProcessor.selectCardManager(TPSProcessor.java:2968) at org.dogtagpki.server.tps.processor.TPSProcessor.getAppletInfo(TPSProcessor.java:2900) at org.dogtagpki.server.tps.processor.TPSProcessor.format(TPSProcessor.java:1831) at org.dogtagpki.server.tps.processor.TPSProcessor.process(TPSProcessor.java:2852) at org.dogtagpki.server.tps.TPSSession.process(TPSSession.java:119) at org.dogtagpki.server.tps.TPSServlet.service(TPSServlet.java:60) at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) at sun.reflect.GeneratedMethodAccessor48.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) ----------------------------------------------------------- Dennis Gnatowski dgnatowski at yahoo.com _______________________________________________ Pki-users mailing list Pki-users at redhat.com https://www.redhat.com/mailman/listinfo/pki-users From dgnatowski at yahoo.com Thu Jun 29 18:43:58 2017 From: dgnatowski at yahoo.com (Dennis Gnatowski) Date: Thu, 29 Jun 2017 18:43:58 +0000 (UTC) Subject: [Pki-users] Invalid chunck header In-Reply-To: <788749869.12885629.1498761666326.JavaMail.zimbra@redhat.com> References: <1121496478.1401114.1498760839893.ref@mail.yahoo.com> <1121496478.1401114.1498760839893@mail.yahoo.com> <788749869.12885629.1498761666326.JavaMail.zimbra@redhat.com> Message-ID: <920424302.1379876.1498761838619@mail.yahoo.com> Yes, and it shows up in TPS debug log.? I'm using blank SC650 cards and ESC v1.1.0-10 on Windows 10. ?-----------------------------------------------------------Dennis Gnatowski?dgnatowski at yahoo.com From: John Magne To: Dennis Gnatowski Cc: pki-users at redhat.com Sent: Thursday, June 29, 2017 2:41 PM Subject: Re: [Pki-users] Invalid chunck header Did the client accept the phone home url you gave it without complaint? ----- Original Message ----- From: "Dennis Gnatowski" To: pki-users at redhat.com Sent: Thursday, June 29, 2017 11:27:19 AM Subject: [Pki-users] Invalid chunck header I?m getting an error when attempting to format a new blank card (sc650). Fresh, new install of CA, KRA, TKS, TPS on single instance. Insert card into reader (3121) and ESC (1.1.0-13 on Windows 10) prompts for phone Home URL. Enter TPS phone Home URL then press Format button and get error (in localhost.log). I have the same issue on RHCS 9.1 (latest patches) as well as Dogtag 10.3.x. Not sure where the issue lies or how to fix. SEVERE: Servlet.service() for servlet [tps] in context with path [/tps] threw exception java.io.IOException: Invalid chunk header at org.apache.coyote.http11.filters.ChunkedInputFilter.throwIOException(ChunkedInputFilter.java:615) at org.apache.coyote.http11.filters.ChunkedInputFilter.doRead(ChunkedInputFilter.java:192) at org.apache.coyote.http11.AbstractInputBuffer.doRead(AbstractInputBuffer.java:287) at org.apache.coyote.Request.doRead(Request.java:438) at org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:290) at org.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:390) at org.apache.catalina.connector.InputBuffer.readByte(InputBuffer.java:304) at org.apache.catalina.connector.CoyoteInputStream$1.run(CoyoteInputStream.java:91) at org.apache.catalina.connector.CoyoteInputStream$1.run(CoyoteInputStream.java:87) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:85) at org.dogtagpki.tps.TPSConnection.read(TPSConnection.java:55) at org.dogtagpki.server.tps.TPSSession.read(TPSSession.java:72) at org.dogtagpki.server.tps.processor.TPSProcessor.handleAPDURequest(TPSProcessor.java:311) at org.dogtagpki.server.tps.processor.TPSProcessor.selectApplet(TPSProcessor.java:279) at org.dogtagpki.server.tps.processor.TPSProcessor.selectCardManager(TPSProcessor.java:2968) at org.dogtagpki.server.tps.processor.TPSProcessor.getAppletInfo(TPSProcessor.java:2900) at org.dogtagpki.server.tps.processor.TPSProcessor.format(TPSProcessor.java:1831) at org.dogtagpki.server.tps.processor.TPSProcessor.process(TPSProcessor.java:2852) at org.dogtagpki.server.tps.TPSSession.process(TPSSession.java:119) at org.dogtagpki.server.tps.TPSServlet.service(TPSServlet.java:60) at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) at sun.reflect.GeneratedMethodAccessor48.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) ----------------------------------------------------------- Dennis Gnatowski dgnatowski at yahoo.com _______________________________________________ Pki-users mailing list Pki-users at redhat.com https://www.redhat.com/mailman/listinfo/pki-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From jmagne at redhat.com Thu Jun 29 20:35:41 2017 From: jmagne at redhat.com (John Magne) Date: Thu, 29 Jun 2017 16:35:41 -0400 (EDT) Subject: [Pki-users] Invalid chunck header In-Reply-To: <920424302.1379876.1498761838619@mail.yahoo.com> References: <1121496478.1401114.1498760839893.ref@mail.yahoo.com> <1121496478.1401114.1498760839893@mail.yahoo.com> <788749869.12885629.1498761666326.JavaMail.zimbra@redhat.com> <920424302.1379876.1498761838619@mail.yahoo.com> Message-ID: <1498628187.12903580.1498768541936.JavaMail.zimbra@redhat.com> OK: Not sure if I've seen anything like this for quite some time... First of all, we dropped support for that windows client a while back, although it could possibly work anyway. You might try the client on rhel and see if the problem goes away. thanks, jack ----- Original Message ----- From: "Dennis Gnatowski" To: "John Magne" Cc: pki-users at redhat.com Sent: Thursday, June 29, 2017 11:43:58 AM Subject: Re: [Pki-users] Invalid chunck header Yes, and it shows up in TPS debug log.? I'm using blank SC650 cards and ESC v1.1.0-10 on Windows 10. ?-----------------------------------------------------------Dennis Gnatowski?dgnatowski at yahoo.com From: John Magne To: Dennis Gnatowski Cc: pki-users at redhat.com Sent: Thursday, June 29, 2017 2:41 PM Subject: Re: [Pki-users] Invalid chunck header Did the client accept the phone home url you gave it without complaint? ----- Original Message ----- From: "Dennis Gnatowski" To: pki-users at redhat.com Sent: Thursday, June 29, 2017 11:27:19 AM Subject: [Pki-users] Invalid chunck header I?m getting an error when attempting to format a new blank card (sc650). Fresh, new install of CA, KRA, TKS, TPS on single instance. Insert card into reader (3121) and ESC (1.1.0-13 on Windows 10) prompts for phone Home URL. Enter TPS phone Home URL then press Format button and get error (in localhost.log). I have the same issue on RHCS 9.1 (latest patches) as well as Dogtag 10.3.x. Not sure where the issue lies or how to fix. SEVERE: Servlet.service() for servlet [tps] in context with path [/tps] threw exception java.io.IOException: Invalid chunk header at org.apache.coyote.http11.filters.ChunkedInputFilter.throwIOException(ChunkedInputFilter.java:615) at org.apache.coyote.http11.filters.ChunkedInputFilter.doRead(ChunkedInputFilter.java:192) at org.apache.coyote.http11.AbstractInputBuffer.doRead(AbstractInputBuffer.java:287) at org.apache.coyote.Request.doRead(Request.java:438) at org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:290) at org.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:390) at org.apache.catalina.connector.InputBuffer.readByte(InputBuffer.java:304) at org.apache.catalina.connector.CoyoteInputStream$1.run(CoyoteInputStream.java:91) at org.apache.catalina.connector.CoyoteInputStream$1.run(CoyoteInputStream.java:87) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:85) at org.dogtagpki.tps.TPSConnection.read(TPSConnection.java:55) at org.dogtagpki.server.tps.TPSSession.read(TPSSession.java:72) at org.dogtagpki.server.tps.processor.TPSProcessor.handleAPDURequest(TPSProcessor.java:311) at org.dogtagpki.server.tps.processor.TPSProcessor.selectApplet(TPSProcessor.java:279) at org.dogtagpki.server.tps.processor.TPSProcessor.selectCardManager(TPSProcessor.java:2968) at org.dogtagpki.server.tps.processor.TPSProcessor.getAppletInfo(TPSProcessor.java:2900) at org.dogtagpki.server.tps.processor.TPSProcessor.format(TPSProcessor.java:1831) at org.dogtagpki.server.tps.processor.TPSProcessor.process(TPSProcessor.java:2852) at org.dogtagpki.server.tps.TPSSession.process(TPSSession.java:119) at org.dogtagpki.server.tps.TPSServlet.service(TPSServlet.java:60) at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) at sun.reflect.GeneratedMethodAccessor48.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) ----------------------------------------------------------- Dennis Gnatowski dgnatowski at yahoo.com _______________________________________________ Pki-users mailing list Pki-users at redhat.com https://www.redhat.com/mailman/listinfo/pki-users From hgraham at redhat.com Thu Jun 8 13:30:35 2017 From: hgraham at redhat.com (Henry Graham) Date: Thu, 08 Jun 2017 13:30:35 -0000 Subject: [Pki-users] pki api question with RHCS 9 Message-ID: Hello, I'm trying to setup a script using the API mentioned here: http://pki.fedoraproject.org/wiki/Dogtag_10_Python_Cert_Client_API#Python_Cert_Client_API Is there anyway to return the requestor_name and requestor_email when you know the cert CN or serial number (or some other info unique to the signed cert) using the PKI api? This information is saved, I can see it in the "Agent Services" UI when I: "Search for Certificates" -> click "Details" for the returned cert -> then scroll down to "Certificate request info" and click the "Request ID" These are then both displayed on the page: requestor_name requestor_email So far I can get the pki.cert.CertClient.list_certs() to return a "CertDataInfoCollection" object just fine. This doesn't provide the information and neither does the "CertRequestInfo" object. Our use case is we are building an automation script that will notify requestor's team if a cert is going to expire and the requestor_name and requestor_email returned via api will make this job much easier. Thanks, Henry From dgnatowski at yahoo.com Tue Jun 27 21:05:29 2017 From: dgnatowski at yahoo.com (Dennis Gnatowski) Date: Tue, 27 Jun 2017 21:05:29 -0000 Subject: [Pki-users] Invalid chunk header References: <1027652427.3552018.1498597283445.ref@mail.yahoo.com> Message-ID: <1027652427.3552018.1498597283445@mail.yahoo.com> I?m getting an error when attempting to format a new blankcard (sc650).Fresh, new install of CA, KRA, TKS, TPS on single instance.Insert card into reader (3121) and ESC (1.1.0-13 on Windows10) prompts for phone Home URL.Enter TPS phone Home URL then press Format button and geterror (in localhost.log).?I have the same issue on RHCS 9.1 (latest patches) as wellas Dogtag 10.3.x.? Not sure where theissue lies or how to fix.?SEVERE: Servlet.service() for servlet [tps] in context withpath [/tps] threw exceptionjava.io.IOException: Invalid chunk header??????? atorg.apache.coyote.http11.filters.ChunkedInputFilter.throwIOException(ChunkedInputFilter.java:615)??????? atorg.apache.coyote.http11.filters.ChunkedInputFilter.doRead(ChunkedInputFilter.java:192)??????? atorg.apache.coyote.http11.AbstractInputBuffer.doRead(AbstractInputBuffer.java:287)??????? atorg.apache.coyote.Request.doRead(Request.java:438)??????? atorg.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:290)??????? atorg.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:390)??????? atorg.apache.catalina.connector.InputBuffer.readByte(InputBuffer.java:304)??????? atorg.apache.catalina.connector.CoyoteInputStream$1.run(CoyoteInputStream.java:91)??????? atorg.apache.catalina.connector.CoyoteInputStream$1.run(CoyoteInputStream.java:87)??????? atjava.security.AccessController.doPrivileged(Native Method)??????? atorg.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:85)??????? atorg.dogtagpki.tps.TPSConnection.read(TPSConnection.java:55)??????? atorg.dogtagpki.server.tps.TPSSession.read(TPSSession.java:72)??????? atorg.dogtagpki.server.tps.processor.TPSProcessor.handleAPDURequest(TPSProcessor.java:311)??????? atorg.dogtagpki.server.tps.processor.TPSProcessor.selectApplet(TPSProcessor.java:279)??????? atorg.dogtagpki.server.tps.processor.TPSProcessor.selectCardManager(TPSProcessor.java:2968)??????? atorg.dogtagpki.server.tps.processor.TPSProcessor.getAppletInfo(TPSProcessor.java:2900)??????? atorg.dogtagpki.server.tps.processor.TPSProcessor.format(TPSProcessor.java:1831)????? ??atorg.dogtagpki.server.tps.processor.TPSProcessor.process(TPSProcessor.java:2852)??????? atorg.dogtagpki.server.tps.TPSSession.process(TPSSession.java:119)??????? atorg.dogtagpki.server.tps.TPSServlet.service(TPSServlet.java:60)??????? at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)??????? atsun.reflect.GeneratedMethodAccessor48.invoke(Unknown Source)??????? atsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)??????? atjava.lang.reflect.Method.invoke(Method.java:498)??????? atorg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)??????? atorg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)??????? atjava.security.AccessController.doPrivileged(Native Method)??????? atjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)?-----------------------------------------------------------Dennis Gnatowski?dgnatowski at yahoo.com -------------- next part -------------- An HTML attachment was scrubbed... URL: