[Pki-users] pki=kra configuration hangs on Administration

Ade Lee alee at redhat.com
Thu Mar 28 14:59:17 UTC 2013 

Can you try using Firefox to do the configuration of the KRA?
Up to now, we have supported only firefox for the installation servlets.

If that still does not work, we'd need to see some server logs - say
everything under /var/log/pki-kra, as well as logs for the CA.

The status says that it still needs to be configured because the
configuration did not complete.  As you say, it looks like its failing
to generate an administrator cert.  That may be a problem in the client
(Chrome), in the KRA/OCSP, or on the CA (which would be receiving the
cert request and issuing the cert).  We'd need to look at logs to see
where its failing.

Ade

On Wed, 2013-03-27 at 17:39 -0500, Chris Grijalva wrote:
> Hi all, new to the list.
> 
>  
> 
> Installed the following packages on CentOS 6.4
> 
>  
> 
>                   [root at devops-cert tmp]# yum list | grep pki
> 
>                   dogtag-pki-ca-theme.noarch
> 9.0.6-1.fc15
> @/dogtag-pki-ca-theme-9.0.6-1.fc15.noarch
> 
>                   dogtag-pki-common-theme.noarch
> 9.0.6-1.fc15
> @/dogtag-pki-common-theme-9.0.6-1.fc15.noarch
> 
>                   dogtag-pki-console-theme.noarch
> 9.0.6-1.fc15
> @/dogtag-pki-console-theme-9.0.6-1.fc15.noarch
> 
>                   dogtag-pki-kra-theme.noarch
> 9.0.6-1.fc15
> @/dogtag-pki-kra-theme-9.0.6-1.fc15.noarch
> 
>                   dogtag-pki-ocsp-theme.noarch
>           9.0.6-1.fc15
> @/dogtag-pki-ocsp-theme-9.0.6-1.fc15.noarch
> 
>                   pki-ca.noarch
> 9.0.3-30.el6                   @base
> 
>                   pki-common.noarch
> 9.0.3-30.el6                   @base
> 
>                   pki-common-javadoc.noarch
> 9.0.3-30.el6                   @base
> 
>                   pki-console.noarch
> 9.0.3-1.fc15                   @/pki-console-9.0.3-1.fc15.noarch
> 
>                   pki-java-tools.noarch
> 9.0.3-30.el6                   @base
> 
>                   pki-java-tools-javadoc.noarch
> 9.0.3-30.el6                   @base
> 
>                   pki-kra.noarch
> 9.0.4-1.fc15                   @/pki-kra-9.0.4-1.fc15.noarch
> 
>                   pki-native-tools.x86_64
> 9.0.3-30.el6                   @base
> 
>                   pki-ocsp.noarch
> 9.0.3-1.fc15                   @/pki-ocsp-9.0.3-1.fc15.noarch
> 
>                   pki-selinux.noarch
> 9.0.3-30.el6                   @base
> 
>                   pki-setup.noarch
>  9.0.3-30.el6                   @base
> 
>                   pki-silent.noarch
> 9.0.3-30.el6                   @base
> 
>                   pki-symkey.x86_64
> 9.0.3-30.el6                   @base
> 
>                   pki-util.noarch
> 9.0.3-30.el6                   @base
> 
>                   pki-util-javadoc.noarch
> 9.0.3-30.el6                   @base
> 
>                   ipa-pki-ca-theme.noarch                  9.0.3-7.el6
> base
> 
>                   ipa-pki-common-theme.noarch
> 9.0.3-7.el6                    base
> 
>                   krb5-pkinit-openssl.x86_64
> 1.10.3-10.el6_4.1              updates
> 
>  
> 
>                   jss.x86_64
> 4.2.6-24.el6                   @base
> 
>                   tomcatjss.noarch                         2.1.0-2.el6
> @base
> 
>                   osutil.x86_64                            2.0.1-1.el6
> @base
> 
>  
> 
> Configured pki-ca cleanly and then proceeded to configure pki-kra,
> which hangs on the Administrator panel.
> 
> Debug doesn't show errors, only logging status.
> 
>  
> 
> [27/Mar/2013:12:59:49][http-10445-3]: AdminPanel: display
> 
> [27/Mar/2013:12:59:49][http-10445-3]: panel no=13
> 
> [27/Mar/2013:12:59:49][http-10445-3]: panel name=adminpanel
> 
> [27/Mar/2013:12:59:49][http-10445-3]: total number of panels=16
> 
>  
> 
> I’ve bounced pki-krad, used a new instance of Chrome as admin when
> running the pki-kra admin console config.
> 
> Used the pki-ca Administrator cert listed below, as a template for
> pki-kra and still no joy.
> 
>  
> 
> The Dogtag Certificate Manager shows 5 pki-kra DRM certificates, but
> no admin cert.  pki-krad status shows it's
> 
> running, but must still be CONFIGURED!
> 
>  
> 
> JXplorer shows,
> 
> 2;4;CN=Certificate Authority,OU=pki-ca,O=Pfi Domain;CN=CA Subsystem
> Certificate,OU=pki-ca,O=Pfi Domain
> 
> 2;10;CN=Certificate Authority,OU=pki-ca,O=Pfi Domain;CN=DRM Subsystem
> Certificate,OU=pki-kra,O=Pfi Domain
> 
> 2;14;CN=Certificate Authority,OU=pki-ca,O=Pfi Domain;CN=OCSP Subsystem
> Certificate,OU=pki-ocsp,O=Pfi Domain
> 
>  
> 
> 2;6;CN=Certificate Authority,OU=pki-ca,O=Pfi Domain;CN=CA
> Administrator of Instance
> pki-ca,UID=admin,E=Chris.Grijalva at soteradefense.com,O=Pfi Domain
> 
>  
> 
> Any idea what I’m doing wrong and why this configuration doesn’t
> generate a pki-kra or pki-ocspd CA Administrator cert to complete the
> configuration?
> 
>  
> 
>  
> 
> Cheers,
> 
> Chris Grijalva
> 
> 
> 
>  
> 
> 
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users

More information about the Pki-users mailing list