[Pki-users] DogTag Response to CMC Request from SLCS Server ..
Graham Jenkins
graham at vpac.org
Fri Nov 14 03:57:40 UTC 2008
On Thu, 2008-11-13 at 17:46 -0800, Marc Sauton wrote:
> Graham Jenkins wrote:
> > We're using Dogtag pki-ca-1.0.0-1.fc8 as an Online CA to provide
> > certificates in response to requests from a SLCS server.
> > ..
> What are the DogTag logs like?
> I would try /ca/ee/ca/profileSubmitCMCSimple ..
> There is a profileSubmitCMCFull if using client auth ..
Thanks Marc. Both of these give a similar response, with the DogTag logs
showing something like:
--
14/Nov/2008:13:19:07][http-9443-Processor23]: ProfileSubmitServlet: profileId caSimpleCMCUserCert
[14/Nov/2008:13:19:07][http-9443-Processor23]: ProfileSubmitServlet: authenticator not found
[14/Nov/2008:13:19:07][http-9443-Processor23]: ProfileSubmistServlet: set Inputs into Context
[14/Nov/2008:13:19:07][http-9443-Processor23]: ProfileSubmitServlet: set sslClientCertProvider
[14/Nov/2008:13:19:07][http-9443-Processor23]: xx Start parsePKCS10 LS12VWxXZHZWNHAxT
..
ZFlCODANCi0tdlVsV2R2VjRwMU1vdGlmQTg2OHE5dzZ5eXk2TTRvLS0NCg==
[14/Nov/2008:13:19:07][http-9443-Processor23]: EnrollProfile: parsePKCS10: signature verification enabled
[14/Nov/2008:13:19:07][http-9443-Processor23]: EnrollProfile: parsePKCS10 setting thread token
[14/Nov/2008:13:19:07][http-9443-Processor23]: EnrollProfile: parsePKCS10 java.io.IOException: Sequence tag error 45
Any ideas from this?
> There is also a tool called HttpClient for tests:
> http://www.redhat.com/docs/manuals/cert-system/7.3/html/Command_Line_Tools_Guide/HTTP_Client.html
Trying to make sense of this now, not getting very far. :(
--
Graham Jenkins
Australian Research Collaboration Service
Victorian Partnership for Advanced Computing
(+613) 9925-4862
More information about the Pki-users
mailing list