[Pki-users] Installation failed: import_pkcs7

Christina Fu cfu at redhat.com
Tue Sep 3 15:54:40 UTC 2019 

Hi,
Could you provide the following information?

   - platform and Dogtag version
   - debug log (can be found in /var/lib/pki/pki-tomcat/ca/logs/debug)

thanks,
Christina

On Mon, Aug 19, 2019 at 6:27 AM Pavel Ryabikh <pr at postmet.com> wrote:

> Hello dear Dogtag PKI users!
>
>
> I am trying to install the system already for some days - it fails:
>
> There is a description:
> [root at ca ~]# pkispawn -f ca-external-step2.cfg -s CA
> Installation log: /var/log/pki/pki-ca-spawn.20190819144510.log
> Loading deployment configuration from ca-external-step2.cfg.
> Installing CA into /var/lib/pki/pki-tomcat.
> ParsingException: IOException: Sequence tag error 9
> ERROR   : pkispawn       CalledProcessError: Command '['pki', '-d',
> '/var/lib/pki/pki-tomcat/alias', 'pkcs7-cert-export', '--pkcs7-file',
> '/tmp/tmpgx3puk6p/cert_chain.p7b', '--output-prefix',
> '/tmp/tmptc7rw5h0/cert', '--output-suffix', '.crt']' returned non-zero
> exit status 255.
>   File "/usr/lib/python3.7/site-packages/pki/server/pkispawn.py", line
> 546, in main
>     scriptlet.spawn(deployer)
>   File "/usr/lib/python3.7/site-
> packages/pki/server/deployment/scriptlets/configuration.py", line 643,
> in spawn
>     self.import_system_certs(deployer, nssdb, subsystem)
>   File "/usr/lib/python3.7/site-
> packages/pki/server/deployment/scriptlets/configuration.py", line 199,
> in import_system_certs
>     self.import_system_cert(deployer, nssdb, subsystem, 'signing',
> 'CT,C,C')
>   File "/usr/lib/python3.7/site-
> packages/pki/server/deployment/scriptlets/configuration.py", line 144,
> in import_system_cert
>     trust_attributes=trust_attributes)
>   File "/usr/lib/python3.7/site-packages/pki/nssdb.py", line 1295, in
> import_cert_chain
>     trust_attributes=trust_attributes)
>   File "/usr/lib/python3.7/site-packages/pki/nssdb.py", line 1327, in
> import_pkcs7
>     subprocess.check_call(cmd)
>   File "/usr/lib64/python3.7/subprocess.py", line 347, in check_call
>     raise CalledProcessError(retcode, cmd)
>
>
> Installation failed: Command failed: pki -d /var/lib/pki/pki-
> tomcat/alias pkcs7-cert-export --pkcs7-file
> /tmp/tmpgx3puk6p/cert_chain.p7b --output-prefix /tmp/tmptc7rw5h0/cert
> --output-suffix .crt
>
> Please check pkispawn logs in /var/log/pki/pki-ca-
> spawn.20190819144510.log
>
>
> And these are configs:
> STEP1:
> [DEFAULT]
> pki_server_database_password=121212
>
> [CA]
> pki_admin_email=admin at postmet.com
> pki_admin_name=caadmin
> pki_admin_nickname=caadmin
> pki_admin_password=121212
> pki_admin_uid=caadmin
>
> pki_client_database_password=121212
> pki_client_database_purge=False
> pki_client_pkcs12_password=121212
>
> pki_ds_base_dn=dc=ca,dc=lvm,dc=postmet,dc=com
> pki_ds_database=ca
> pki_ds_password=121212
>
> pki_security_domain_name=lvm.postmet.com Security Domain
>
> pki_ca_signing_nickname=ca_signing
> pki_ocsp_signing_nickname=ca_ocsp_signing
> pki_audit_signing_nickname=ca_audit_signing
> pki_sslserver_nickname=sslserver
> pki_subsystem_nickname=subsystem
>
> pki_external=True
> pki_external_step_two=False
>
> pki_ca_signing_csr_path=ca_signing.csr
>
> STEP2:
> [DEFAULT]
> pki_instance_name = pki-tomcat
> pki_admin_password = 121212
> pki_backup_password = 121212
> pki_client_database_password = 121212
> pki_client_pin = 121212
> pki_client_pkcs12_password = 121212
> pki_clone_pkcs12_password = 121212
> pki_ds_password = 121212
> pki_external_pkcs12_password = 121212
> pki_pkcs12_password = 121212
> pki_replication_password = 121212
> pki_security_domain_password = 121212
> pki_server_database_password = 121212
> pki_server_pkcs12_password = 121212
> pki_token_password = 121212
>
> [CA]
> pki_admin_email=admin at postmet.com
> pki_admin_name=caadmin
> pki_admin_nickname=caadmin
> pki_admin_password=121212
> pki_admin_uid=caadmin
>
> pki_client_database_password=121212
> pki_client_database_purge=False
> pki_client_pkcs12_password=121212
>
> pki_ds_base_dn=dc=ca,dc=lvm,dc=postmet,dc=com
> pki_ds_database=ca
> pki_ds_password=121212
>
> pki_security_domain_name=lvm.postmet.com Security Domain
>
> pki_ca_signing_nickname=ca_signing
> pki_ocsp_signing_nickname=ca_ocsp_signing
> pki_audit_signing_nickname=ca_audit_signing
> pki_sslserver_nickname=sslserver
> pki_subsystem_nickname=subsystem
>
> pki_external=True
> pki_external_step_two=True
>
> pki_ca_signing_csr_path=ca_signing.csr
>
> pki_ca_signing_cert_path=ca_signing.crt
> pki_cert_chain_nickname=external
> pki_cert_chain_path=cert_chain.p7b
>
> pki_import_admin_cert = False
> pki_client_admin_cert = ca_admin.cert
> pki_admin_subject_dn=cn=PKI
> Administrator,o=%(pki_security_domain_name)s
>
>
>
> Please help
>
> --
> Pavel Ryabih
>
> PostMet Corporation
> http://www.postmet.com
>
> Call to sip:pr at postmet.com
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20190903/7c264ee1/attachment.htm>

More information about the Pki-users mailing list