[Pki-users] OCSP in a different server from CA
Marc Sauton
msauton at redhat.com
Sat Mar 2 00:41:35 UTC 2019
Make sure in the OCSP's pkispawn config file, the security domain
configured for the CA, and make sure that CA and its LDAP server are up.
Or may be something is missing in that OCSP's pkispawn config file, or
incorrect.
There may be more hints into the /var/log/pki/pki-ocsp/ocsp/debug file,
like may be a private key could not be unlocked (file or hsm)
Thanks,
M.
On Fri, Mar 1, 2019 at 5:24 AM Jonathan Montero <jmrxto at gmail.com> wrote:
> Hi Guys, i have a case that i haven't been able to solve. I'm not too
> experienced in dogtag, but believe me, i'm doing my best. I installed a CA
> in server1 and OSCP in server2. Server1 is working fine as CA. When i
> "pkispawn -s OCSP -vvv" in server 2, things go fine until the last moment.
>
> pkispawn : INFO ....... executing 'systemctl daemon-reload'
> pkispawn : INFO ....... executing 'systemctl start
> pki-tomcatd at testinstance.service'
> pkispawn : DEBUG ........... No connection - server may still be down
> pkispawn : DEBUG ........... No connection - exception thrown:
> ('Connection aborted.', error(111, 'Connection refused'))
> pkispawn : DEBUG ........... No connection - server may still be down
> pkispawn : DEBUG ........... No connection - exception thrown:
> ('Connection aborted.', error(111, 'Connection refused'))
> pkispawn : DEBUG ........... No connection - server may still be down
> pkispawn : DEBUG ........... No connection - exception thrown:
> ('Connection aborted.', error(111, 'Connection refused'))
> pkispawn : DEBUG ........... No connection - server may still be down
> pkispawn : DEBUG ........... No connection - exception thrown: 500
> Server Error: Internal Server Error
> pkispawn : DEBUG ........... No connection - server may still be down
>
>
> *firewalld is down and disabled, same with iptables, same with selinux in
> both servers*
>
>
> I'm using default values (most of them) before going to production.
>
> what am i missing here?
>
> Jonathan Montero
>
> IT Professional | IT Trainer
> M: 809-609-3003
> S: tuxmontero
> E: jmrxto at gmail.com
> A: Santo Domingo, DR
>
> jonathanmontero.com
>
> <https://www.linkedin.com/in/monterojonathan>
> <https://twitter.com/tuxmontero> <https://www.facebook.com/jmrxto>
> <https://github.com/tuxmontero>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20190301/c7a1b5b6/attachment.htm>
More information about the Pki-users
mailing list