[Pki-users] Installation failed: import_pkcs7
Pavel Ryabikh
pr at postmet.com
Wed Sep 4 06:24:00 UTC 2019
Thank you, Cristina, for trying to help.
I have sorted out an issue - it was incorrect certificate format.
Thanks again.
On Tue, 2019-09-03 at 08:54 -0700, Christina Fu wrote:
> Hi,
> Could you provide the following information?
> platform and Dogtag version
> debug log (can be found in /var/lib/pki/pki-tomcat/ca/logs/debug)
> thanks,
> Christina
>
> On Mon, Aug 19, 2019 at 6:27 AM Pavel Ryabikh <pr at postmet.com> wrote:
> > Hello dear Dogtag PKI users!
> >
> >
> > I am trying to install the system already for some days - it fails:
> >
> > There is a description:
> > [root at ca ~]# pkispawn -f ca-external-step2.cfg -s CA
> > Installation log: /var/log/pki/pki-ca-spawn.20190819144510.log
> > Loading deployment configuration from ca-external-step2.cfg.
> > Installing CA into /var/lib/pki/pki-tomcat.
> > ParsingException: IOException: Sequence tag error 9
> > ERROR : pkispawn CalledProcessError: Command '['pki', '-d',
> > '/var/lib/pki/pki-tomcat/alias', 'pkcs7-cert-export', '--pkcs7-
> > file',
> > '/tmp/tmpgx3puk6p/cert_chain.p7b', '--output-prefix',
> > '/tmp/tmptc7rw5h0/cert', '--output-suffix', '.crt']' returned non-
> > zero
> > exit status 255.
> > File "/usr/lib/python3.7/site-packages/pki/server/pkispawn.py",
> > line
> > 546, in main
> > scriptlet.spawn(deployer)
> > File "/usr/lib/python3.7/site-
> > packages/pki/server/deployment/scriptlets/configuration.py", line
> > 643,
> > in spawn
> > self.import_system_certs(deployer, nssdb, subsystem)
> > File "/usr/lib/python3.7/site-
> > packages/pki/server/deployment/scriptlets/configuration.py", line
> > 199,
> > in import_system_certs
> > self.import_system_cert(deployer, nssdb, subsystem, 'signing',
> > 'CT,C,C')
> > File "/usr/lib/python3.7/site-
> > packages/pki/server/deployment/scriptlets/configuration.py", line
> > 144,
> > in import_system_cert
> > trust_attributes=trust_attributes)
> > File "/usr/lib/python3.7/site-packages/pki/nssdb.py", line 1295,
> > in
> > import_cert_chain
> > trust_attributes=trust_attributes)
> > File "/usr/lib/python3.7/site-packages/pki/nssdb.py", line 1327,
> > in
> > import_pkcs7
> > subprocess.check_call(cmd)
> > File "/usr/lib64/python3.7/subprocess.py", line 347, in
> > check_call
> > raise CalledProcessError(retcode, cmd)
> >
> >
> > Installation failed: Command failed: pki -d /var/lib/pki/pki-
> > tomcat/alias pkcs7-cert-export --pkcs7-file
> > /tmp/tmpgx3puk6p/cert_chain.p7b --output-prefix
> > /tmp/tmptc7rw5h0/cert
> > --output-suffix .crt
> >
> > Please check pkispawn logs in /var/log/pki/pki-ca-
> > spawn.20190819144510.log
> >
> >
> > And these are configs:
> > STEP1:
> > [DEFAULT]
> > pki_server_database_password=121212
> >
> > [CA]
> > pki_admin_email=admin at postmet.com
> > pki_admin_name=caadmin
> > pki_admin_nickname=caadmin
> > pki_admin_password=121212
> > pki_admin_uid=caadmin
> >
> > pki_client_database_password=121212
> > pki_client_database_purge=False
> > pki_client_pkcs12_password=121212
> >
> > pki_ds_base_dn=dc=ca,dc=lvm,dc=postmet,dc=com
> > pki_ds_database=ca
> > pki_ds_password=121212
> >
> > pki_security_domain_name=lvm.postmet.com Security Domain
> >
> > pki_ca_signing_nickname=ca_signing
> > pki_ocsp_signing_nickname=ca_ocsp_signing
> > pki_audit_signing_nickname=ca_audit_signing
> > pki_sslserver_nickname=sslserver
> > pki_subsystem_nickname=subsystem
> >
> > pki_external=True
> > pki_external_step_two=False
> >
> > pki_ca_signing_csr_path=ca_signing.csr
> >
> > STEP2:
> > [DEFAULT]
> > pki_instance_name = pki-tomcat
> > pki_admin_password = 121212
> > pki_backup_password = 121212
> > pki_client_database_password = 121212
> > pki_client_pin = 121212
> > pki_client_pkcs12_password = 121212
> > pki_clone_pkcs12_password = 121212
> > pki_ds_password = 121212
> > pki_external_pkcs12_password = 121212
> > pki_pkcs12_password = 121212
> > pki_replication_password = 121212
> > pki_security_domain_password = 121212
> > pki_server_database_password = 121212
> > pki_server_pkcs12_password = 121212
> > pki_token_password = 121212
> >
> > [CA]
> > pki_admin_email=admin at postmet.com
> > pki_admin_name=caadmin
> > pki_admin_nickname=caadmin
> > pki_admin_password=121212
> > pki_admin_uid=caadmin
> >
> > pki_client_database_password=121212
> > pki_client_database_purge=False
> > pki_client_pkcs12_password=121212
> >
> > pki_ds_base_dn=dc=ca,dc=lvm,dc=postmet,dc=com
> > pki_ds_database=ca
> > pki_ds_password=121212
> >
> > pki_security_domain_name=lvm.postmet.com Security Domain
> >
> > pki_ca_signing_nickname=ca_signing
> > pki_ocsp_signing_nickname=ca_ocsp_signing
> > pki_audit_signing_nickname=ca_audit_signing
> > pki_sslserver_nickname=sslserver
> > pki_subsystem_nickname=subsystem
> >
> > pki_external=True
> > pki_external_step_two=True
> >
> > pki_ca_signing_csr_path=ca_signing.csr
> >
> > pki_ca_signing_cert_path=ca_signing.crt
> > pki_cert_chain_nickname=external
> > pki_cert_chain_path=cert_chain.p7b
> >
> > pki_import_admin_cert = False
> > pki_client_admin_cert = ca_admin.cert
> > pki_admin_subject_dn=cn=PKI
> > Administrator,o=%(pki_security_domain_name)s
> >
> >
> >
> > Please help
> >
--
Pavel Ryabih
PostMet Corporation
http://www.postmet.com
Call to sip:pr at postmet.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3869 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20190904/973965b9/attachment.bin>
More information about the Pki-users
mailing list