[Pki-users] Problem with install RA (pki-ra)

Ade Lee alee at redhat.com
Thu Dec 17 02:40:06 UTC 2009 

Hmm, 

I was hoping something obvious would stand out, but thats not the case.
I tried installing the RA on a FC11 system I have here - and had no
problems.  Of course, I'm using the latest versions of all the pki-*
components.

The port you are using is fine.  It should be the one for the security
domain which is on the secure admin port.  You can also see this in the
section at the end of the status display - which looks something like:  

    Registered PKI Security Domain Information:

==========================================================================
    Name:  foo domain
    URL:   https://host:19145

==========================================================================

So, its time to look at the logs.

In the /var/lib/<ra instance name>/logs/debug logfile, you should see
something like the following for this panel in the installation:

Tue Dec 15 09:31:06 EST 2009 - RA wizard: setting up test objects
Tue Dec 15 09:31:06 EST 2009 - RA wizard: found 2 certtags
Tue Dec 15 09:31:06 EST 2009 - DisplayCertChainPanel: update
Tue Dec 15 09:31:06 EST 2009 - content = <XMLResponse><DomainInfo><?xml version="1.0" encoding="UTF-8"?><DomainInfo><Name>workpc domain 1 093009</Name><CAList><CA><Host>dhcp231-70.rdu.redhat.com</Host><SecurePort>9544</SecurePort><SecureAgentPort>9543</SecureAgentPort><SecureAdminPort>9545</SecureAdminPort><UnSecurePort>9580</UnSecurePort><Clone>false</Clone><SubsystemName>Certificate Authority pki-ca1</SubsystemName><DomainManager>true</DomainManager></CA><SubsystemCount>1</SubsystemCount></CAList><OCSPList><SubsystemCount>0</SubsystemCount></OCSPList><KRAList><SubsystemCount>0</SubsystemCount></KRAList><RAList><SubsystemCount>0</SubsystemCount></RAList><TKSList><SubsystemCount>0</SubsystemCount></TKSList><TPSList><SubsystemCount>0</SubsystemCount></TPSList></DomainInfo></DomainInfo><Status>0</Status></XMLResponse>
Tue Dec 15 09:31:06 EST 2009 - DisplayCertChainPanel: security domain 'workpc domain 1 093009'
Tue Dec 15 09:31:06 EST 2009 - DisplayCertChainPanel: Found CA 'Certificate Authority pki-ca1'

We're particularly interested in what content is displaying ..

What do you see?  

In fact, please open a bugzilla against dogtag, attach the debug and
error_log, and let me know the bug number.

Thanks, 
Ade Lee

On Tue, 2009-12-15 at 09:33 +0100, Rafał Kamiński wrote:
> Hi,
> 
> Thanks for your answer.
> 
> > What version of Fedora are you using?
> 
> Fedora release 11 (Leonidas)
> 
> > Do you have selinux in enforcing mode?
> 
> I had enforcing mode on Selinux. Now I diabled selinux and first:
> 
> - Join an Existing Security Domain - and I use https://domain:9545 <- I 
> not using default port 9445 but 9545 port
> 
> Because I have that status on CA:
> 
> -bash-4.0# /etc/init.d/pki-ca status
> pki-ca (pid 5892) is running ...
> 
>      Unsecure Port     = http://domain:9580/ca/ee/ca
>      Secure Agent Port = https://domain:9543/ca/agent/ca
>      Secure EE Port    = https://domain:9544/ca/ee/ca
>      Secure Admin Port = https://domain:9545/ca/services
>      PKI Console Port  = pkiconsole https://domain:9545/ca
>      Tomcat Port       = 9801 (for shutdown)
> 
> Maybe this is problem?
> 
> - After that I see: Display Certificate Chain
> 
> - Click Next
> 
> - And:
> 
> Internal Server Error
> 
> The server encountered an internal error or misconfiguration and was 
> unable to complete your request.
> 
> Please contact the server administrator, you at example.com and inform them 
> of the time the error occurred, and anything you might have done that 
> may have caused the error.
> 
> More information about this error may be available in the server error log.
> 
> :(
> 
> > What is the output of :
> > rpm -qa |grep pki
> 
> bash-4.0# rpm -qa |grep pki
> 
> pki-setup-1.2.0-1.fc11.noarch
> pki-ra-1.2.0-2.fc11.noarch
> dogtag-pki-common-ui-1.2.0-1.fc11.noarch
> pki-util-1.2.0-1.fc11.noarch
> pki-selinux-1.2.0-2.fc11.noarch
> pki-common-1.2.0-1.fc11.noarch
> pki-native-tools-1.2.0-2.fc11.i586
> dogtag-pki-ra-ui-1.2.0-1.fc11.noarch
> pki-java-tools-1.2.0-1.fc11.noarch
> pki-silent-1.2.0-1.fc11.noarch
> 
> BR,
> 
> Thanks for your help.
> 
> Rafal Kaminski
> 
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users

More information about the Pki-users mailing list