[Pki-users] 回复：回复：回复： "SecurityDomain HTTPSAdmin URL not found "

Thu May 2 09:24:47 UTC 2013

Hi Alee

some update

I try another scep client sscep (https://github.com/certnanny/sscep)

got the same result:

./sscep: server returned status code 500
./sscep: mime_err: HTTP/1.1 500 Internal Server Error
Date: Thu, 02 May 2013 09:13:20 GMT
Server: Apache
Content-Length: 333
Connection: close
Content-Type: text/html; charset=iso-8859-1

<h1>Software error:</h1>
<pre>Could not find pkiclient.xml in /var/lib/pki-ra/docroot/ee/scep/ at /var/lib/pki-ra/docroot/ee/scep/pkiclient.cgi line 81.
</pre>
<p>
For help, please send mail to the webmaster (<a href="mailto:you at example.com">you at example.com</a>), giving this error message 
and the time and date of the error.

</p>

./sscep: wrong (or missing) MIME content type
./sscep: error while sending message

I am not sure what version is stable and recommended.

Thanks
Sbaa

------------------ 原始邮件 ------------------
发件人: "骷髅猫"<sbaa at vip.qq.com>;
发送时间: 2013年4月30日(星期二) 下午2:33
收件人: "alee"<alee at redhat.com>; 
抄送: "Pki-users"<Pki-users at redhat.com>; 
主题: 回复： 回复： 回复： [Pki-users] "SecurityDomain HTTPSAdmin URL not found "

Hi Alee

I used firefox's keymanager plugin to do some simple test. Just connect to RA server and click next and next ,then encontered this error. 
But I did't go through any source about pkiclient.cgi ,so I 'm not sure where introduce the file pkiclient.xml.

another question,
If the client request can choose some file which used by server cgi internally, is there any security risk?

Best Regards
sbaa

------------------ 原始邮件 ------------------
发件人: "alee"<alee at redhat.com>;
发送时间: 2013年4月30日(星期二) 中午1:06
收件人: "骷髅猫"<sbaa at vip.qq.com>; 
抄送: "Pki-users"<Pki-users at redhat.com>; 
主题: Re: 回复： 回复： [Pki-users] "SecurityDomain HTTPSAdmin URL not found "

I don't see anything in the code about pkiclient.xml.

Can you detail exactly what you did to test SCEP?
Thanks, 
Ade

On Sun, 2013-04-28 at 15:13 +0800, 骷髅猫 wrote:
> Hi Alee
> 
> 
> Thank you, I finished the configuration for RA server by disable
> SElinux
> But when I test the SCEP feature, I got such error:
> In error log:
> [Sun Apr 28 03:05:56.891164 2013] [:error] [pid 1822:tid
> 140696560207616] [Sun Apr 28 03:05:56 2013] -e: Could not find
> pkiclient.xml in /var/lib/pki-ra/docroot/ee/scep/
> at /var/lib/pki-ra/docroot/ee/scep/pkiclient.cgi line 81.\n
> 
> 
> on firefox:
> Software error:
> Could not find pkiclient.xml in /var/lib/pki-ra/docroot/ee/scep/ at /var/lib/pki-ra/docroot/ee/scep/pkiclient.cgi line 81.
> 
> For help, please send mail to the webmaster (you at example.com), giving
> this error message and the time and date of the error.  
> 
> 
> 
> 
> Thanks
> sbaa
> ------------------ 原始邮件 ------------------
> 发件人: "alee"<alee at redhat.com>;
> 发送时间: 2013年4月28日(星期天) 下午2:00
> 收件人: "骷髅猫"<sbaa at vip.qq.com>; 
> 抄送: "Pki-users"<Pki-users at redhat.com>; 
> 主题: Re: 回复： [Pki-users] "SecurityDomain HTTPS Admin URL not found
> "
> 
> 
> I ran into the same problem:
> 
> The one you want is https://localhost.domain:8443
> 
> I resolved this by setting selinux in permissive mode.  I will file a
> bug against selinux policy on Monday.
> 
> Ade
> 
> On Sun, 2013-04-28 at 02:27 +0800, 骷髅猫 wrote:
> > Hi alee
> > 
> > 
> > I tried following urls
> > 
> > 
> > https://localhost.localdomain:8443
> > https://localhost.localdomain:8443/ca
> > http://localhost.localdomain:8080
> > http://localhost.localdomain:8080/ca
> > 
> > 
> > but all failed.
> > 
> > 
> > and i found some info in error log (/var/log/pki-ra/error_log )
> > GET /ca/admin/ca/getStatus HTTP/1.0
> > 
> > 
> > port: 8443
> > addr='localhost.localdomain'
> > family='2'
> > IP='127.0.0.1'
> > exit after PR_Connect with error -5985:
> > GET /ca/admin/ca/getStatus HTTP/1.0
> > 
> > 
> > port: 9445
> > addr='localhost.localdomain'
> > family='2'
> > IP='127.0.0.1'
> > exit after PR_Connect with error -5961:
> > 
> > 
> > ------------------ 原始邮件 ------------------
> > 发件人: "Ade Lee"<alee at redhat.com>;
> > 发送时间: 2013年4月28日(星期天) 凌晨1:04
> > 收件人: "骷髅猫"<sbaa at vip.qq.com>; 
> > 抄送: "Pki-users"<Pki-users at redhat.com>; 
> > 主题: Re: [Pki-users] "Security Domain HTTPS Admin URL not found "
> > 
> > 
> > What value are you putting in for your security domain?
> > 
> > Ade
> > On Sat, 2013-04-27 at 23:39 +0800, 骷髅猫 wrote:
> > > Hi All
> > > I'am a new user of dogtag.
> > > I try the latest build 10.0.2.
> > > I install ca server success,but when I configure a ra subsystem, 
> > > 
> > > 
> > > url :
> > > https://localhost.localdomain:12890/ra/admin/console/config/wizard
> > > 
> > > 
> > > it alwarys show error "Security Domain HTTPS Admin URL not found"
> > and
> > > " Create a New Security Domai" cannot be choose.
> > > any ideas?
> > > 
> > > 
> > > thanks
> > > 
> > > 
> > > _______________________________________________
> > > Pki-users mailing list
> > > Pki-users at redhat.com
> > > https://www.redhat.com/mailman/listinfo/pki-users
> > 
> > 
> > .
> > 
> 
> 
> .
> 

.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20130502/4951c9df/attachment.htm>

[Pki-users] 回复： 回复： 回复： "SecurityDomain HTTPSAdmin URL not found "

[Pki-users] 回复：回复：回复： "SecurityDomain HTTPSAdmin URL not found "