[Pki-users] pki-ra Authentication error

James "Jim" Kinney James.Kinney at gtri.gatech.edu
Tue Sep 28 21:33:37 UTC 2010 

additional data from the pki-ra/error log (with some cruft snipped out):

[Tue Sep 28 16:23:31 2010] [notice] SELinux policy enabled; httpd 
running as context unconfined_u:system_r:pki_ra_t:s0
[Tue Sep 28 16:23:31 2010] [info] Initializing SSL Session Cache of size 
10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400.
[Tue Sep 28 16:23:31 2010] [info] Init: Initializing (virtual) servers 
for SSL
[Tue Sep 28 16:23:31 2010] [info] Configuring server for SSL protocol
[Tue Sep 28 16:23:31 2010] [error] Unknown cipher ecdhe_ecdsa_aes_256_sha
[Tue Sep 28 16:23:31 2010] [info] Using nickname Server-Cert cert-pki-ra.
[Tue Sep 28 16:23:31 2010] [info] Configuring server for SSL protocol
[Tue Sep 28 16:23:31 2010] [error] Unknown cipher ecdhe_ecdsa_aes_256_sha
[Tue Sep 28 16:23:31 2010] [info] Using nickname Server-Cert cert-pki-ra.
[Tue Sep 28 16:23:31 2010] [info] Server: Apache/2.2.14, Interface: 
mod_nss/2.2.14, Library: NSS/3.12.6.2
[Tue Sep 28 16:23:31 2010] [info] Shutting down SSL Session ID Cache
[Tue Sep 28 16:23:32 2010] [info] Initializing SSL Session Cache of size 
10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400.
[Tue Sep 28 16:23:32 2010] [info] Server: Apache/2.2.14, Interface: 
mod_nss/2.2.14, Library: NSS/3.12.6.2
[Tue Sep 28 16:23:32 2010] [warn] pid file 
/var/lib/pki-ra/run/pki-ra.pid overwritten -- Unclean shutdown of 
previous Apache run?
[Tue Sep 28 16:23:32 2010] [notice] Apache/2.2.15 (Unix) mod_nss/2.2.14 
NSS/3.12.6.2 mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal 
operations
[Tue Sep 28 16:23:32 2010] [info] Server built: Apr 10 2010 15:21:49
[Tue Sep 28 16:23:32 2010] [debug] worker.c(1757): AcceptMutex: sysvsem 
(default: sysvsem)
[Tue Sep 28 16:23:32 2010] [info] Configuring server for SSL protocol
[Tue Sep 28 16:23:32 2010] [error] Unknown cipher ecdhe_ecdsa_aes_256_sha
[Tue Sep 28 16:23:32 2010] [info] Using nickname Server-Cert cert-pki-ra.
[Tue Sep 28 16:23:32 2010] [info] Configuring server for SSL protocol
[Tue Sep 28 16:23:32 2010] [error] Unknown cipher ecdhe_ecdsa_aes_256_sha
[Tue Sep 28 16:23:32 2010] [info] Using nickname Server-Cert cert-pki-ra.
[Tue Sep 28 16:23:50 2010] [info] SSL input filter read failed.
[Tue Sep 28 16:23:50 2010] [error] SSL Library Error: -12271 SSL client 
cannot verify your certificate
GET /ca/admin/ca/getStatus HTTP/1.0

port: 9445
addr='my.host.name'
family='10'
PR_Write wrote 39 bytes from bigBuf
bytes: [GET /ca/admin/ca/getStatus HTTP/1.0

]
do_writes shutting down send socket
do_writes exiting with (failure = 0)
connection 1 read 249 bytes (249 total).
these bytes read:
connection 1 read 249 bytes total. -----------------------------
GET /ca/admin/ca/getStatus HTTP/1.0

port: 9445
addr='my.host.name'
family='10'
PR_Write wrote 39 bytes from bigBuf
bytes: [GET /ca/admin/ca/getStatus HTTP/1.0

]
do_writes shutting down send socket
do_writes exiting with (failure = 0)
connection 1 read 249 bytes (249 total).
these bytes read:
connection 1 read 249 bytes total. -----------------------------
GET /ca/admin/ca/getCertChain HTTP/1.0

port: 9445
addr='my.host.name'
family='10'
PR_Write wrote 42 bytes from bigBuf
bytes: [GET /ca/admin/ca/getCertChain HTTP/1.0

]
do_writes shutting down send socket
do_writes exiting with (failure = 0)
connection 1 read 1637 bytes (1637 total).
these bytes read:
connection 1 read 1637 bytes total. -----------------------------
certutil: function failed: security library: bad database.
GET /ca/admin/ca/getDomainXML HTTP/1.0

port: 9445
addr='my.host.name'
family='10'
-- SSL3: Server Certificate Validated.
PR_Write wrote 42 bytes from bigBuf
bytes: [GET /ca/admin/ca/getDomainXML HTTP/1.0

]
do_writes shutting down send socket
do_writes exiting with (failure = 0)
connection 1 read 2147 bytes (2147 total).
these bytes read:
connection 1 read 2147 bytes total. -----------------------------
[Tue Sep 28 16:24:29 2010] -e: Use of uninitialized value $host in 
string eq at /var/lib/pki-ra/lib/perl/PKI/RA/SubsystemTypePanel.pm line 122.
[Tue Sep 28 16:24:33 2010] -e: Use of uninitialized value $host in 
string eq at /var/lib/pki-ra/lib/perl/PKI/RA/CAInfoPanel.pm line 186.
GET /ca/ee/ca/getCertChain HTTP/1.0

port: 9444
addr='my.host.name'
family='10'
-- SSL3: Server Certificate Validated.
PR_Write wrote 39 bytes from bigBuf
bytes: [GET /ca/ee/ca/getCertChain HTTP/1.0

]
do_writes shutting down send socket
do_writes exiting with (failure = 0)
connection 1 read 1637 bytes (1637 total).
these bytes read:
connection 1 read 1637 bytes total. -----------------------------
certutil: could not find certificate named "Trusted CA c2cert0": 
security library: bad database.
[Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $pwd in string 
ne at /var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 148.
[Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $pwd in string 
ne at /var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 148.
[Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $file in 
concatenation (.) or string at 
/var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 214.
[Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $name in 
concatenation (.) or string at 
/var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 231.
[Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $file in 
concatenation (.) or string at 
/var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 214.
[Tue Sep 28 16:24:41 2010] -e: Use of uninitialized value $name in 
concatenation (.) or string at 
/var/lib/pki-ra/lib/perl/PKI/RA/ModulePanel.pm line 231.
[Tue Sep 28 16:24:47 2010] -e: Use of uninitialized value $done in 
concatenation (.) or string at 
/var/lib/pki-ra/lib/perl/PKI/RA/SizePanel.pm line 172.
[Tue Sep 28 16:24:47 2010] -e: Use of uninitialized value $done in 
string eq at /var/lib/pki-ra/lib/perl/PKI/RA/SizePanel.pm line 173.
[Tue Sep 28 16:24:53 2010] -e: Use of uninitialized value $genKeyPair in 
concatenation (.) or string at 
/var/lib/pki-ra/lib/perl/PKI/RA/SizePanel.pm line 80.
[Tue Sep 28 16:24:53 2010] -e: Use of uninitialized value $done in 
string eq at /var/lib/pki-ra/lib/perl/PKI/RA/SizePanel.pm line 81.
[Tue Sep 28 16:24:54 2010] -e: Use of uninitialized value $host in 
string eq at /var/lib/pki-ra/lib/perl/PKI/RA/NamePanel.pm line 480.
rm: cannot remove `/var/lib/pki-ra/conf/sslserver_cert.txt': No such 
file or directory
256+0 records in
256+0 records out
256 bytes (256 B) copied, 0.00106719 s, 240 kB/s


Generating key.  This may take a few moments...

POST /ca/ee/ca/profileSubmit HTTP/1.0
Content-Length: 1171
Content-Type: application/x-www-form-urlencoded

profileId=caInternalAuthServerCert&cert_request_type=pkcs10&requestor_name=RA-my.host.name-12889&cert_request=bigsnip&xmlOutput=true&sessionID=9216515598699103255&auth_hostname=my.host.name&auth_port=9444port: 
9444
addr='sis-jpk-vm22.stl.gtri.gatech.edu'
family='10'
-- SSL3: Server Certificate Validated.
PR_Write wrote 1283 bytes from bigBuf
bytes: [POST /ca/ee/ca/profileSubmit HTTP/1.0
Content-Length: 1171
Content-Type: application/x-www-form-urlencoded

profileId=caInternalAuthServerCert&cert_request_type=pkcs10&requestor_name=RA-sis-jpk-vm22.stl.gtri.gatech.edu-12889&cert_request=bigsnip&xmlOutput=true&sessionID=9216515598699103255&auth_hostname=my.host.name&auth_port=9444]
do_writes shutting down send socket
do_writes exiting with (failure = 0)
connection 1 read 272 bytes (272 total).
these bytes read:
connection 1 read 272 bytes total. -----------------------------
[Tue Sep 28 16:25:12 2010] -e: Use of uninitialized value $host in 
string eq at /var/lib/pki-ra/lib/perl/PKI/RA/NamePanel.pm line 480.


-- 
James "Jim" Kinney
(404) 407-7967
GTRI

More information about the Pki-users mailing list