[Pki-users] 10.0.2 CA Instllation failed on LDAP and CA chain

pkiadmin at nym.hush.com pkiadmin at nym.hush.com
Sun May 5 10:46:35 UTC 2013


Hello list memebers,

I have been trying to get Dogtag 10.0.2 on fc18 running but 
pkispawn concludes with Installation Failed.

Here is what I see:
pkispawn -s CA -f /home/pkiadmin/CA.cfg 
Loading deployment configuration from /home/pkiadmin/CA.cfg.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-
tomcat/ca/deployment.cfg.
Installation failed.

The interactive pkispawn was also tried but this gives the same 
fail results.

In /var/log/pki/pki-tomcat/ca/system I see the following:
6650.localhost-startStop-1 - [05/May/2013:10:33:53 CEST] [3] [3] 
Cannot build CA chain. Error 
java.security.cert.CertificateException: Certificate is not a 
PKCS#11 certificate

6650.localhost-startStop-1 - [05/May/2013:10:33:53 CEST] [13] [3] 
authz instance DirAclAuthz initialization failed and skipped, 
error=Property internaldb.ldapconn.port missing value

In /var/log/pki/pki-tomcat/catalina.out I see the above 2 errors 
preceded by CMS WARNING: FAILURE:

In /etc/pki/default.cfg I put pki_ds_hostname=hostname and made 
sure the pki_ds_port was correct. Oh yes, the remote DS389 was 
running and accessible.

When I look at services there is a pki-tomcatd at pki-tomcat running 
and I can restart it without problems. I can alo get to the "End 
USer Services" page on 8080. None of the other ports connect.

Thanks in advance.








More information about the Pki-users mailing list