[Pki-users] pki-ca-9.0.3-30 setup

Ade Lee alee at redhat.com
Wed Oct 2 13:56:05 UTC 2013


The ipa-pki-ca-theme is a very crippled version of the real theme.
Basically, dogtag 9 is in RHEL6 and hence, Centos 6, to support IPA,
which does not use a UI to interact with the CA.

I would install the dogtag-pki-theme package from fedora 17 --
http://koji.fedoraproject.org/koji/buildinfo?buildID=429792

You would need to recreate your instance because theme files are copied
over to the instance during pkicreate.

Ade

On Wed, 2013-10-02 at 10:03 +0000, Oleg Antonenko wrote:
> Hi there!
> Are there any other suggestions regarding below?
> 
> Many thanks,
> Oleg
> 
> -----Original Message-----
> From: Jindrich Dolezal 
> Sent: 01 October 2013 14:14
> To: Taggart, Michelle
> Cc: Oleg Antonenko; pki-users at redhat.com; Ciaran Bradley
> Subject: Re: [Pki-users] pki-ca-9.0.3-30 setup
> 
> hi,
> there are some themes installed :
> [root at jdrhel2 pki-ca]# rpm -qa | grep pki | grep theme ipa-pki-ca-theme-9.0.3-7.el6.noarch
> ipa-pki-common-theme-9.0.3-7.el6.noarch
> 
> do we need some more themes?
> 
> thanks
> 
> jd
> 
> On 10/01/2013 01:49 PM, Taggart, Michelle wrote:
> > I believe you'll have to also install a theme.  On the CentOS package, themes are not included.
> >
> >
> > Thanks,
> >
> > Michelle T
> >
> > ----- Original Message -----
> > From: Oleg Antonenko <Oleg.Antonenko at adaptivemobile.com>
> > To: pki-users at redhat.com
> > Cc: Jindrich Dolezal <Jindrich.Dolezal at adaptivemobile.com>, Ciaran 
> > Bradley <Ciaran.Bradley at adaptivemobile.com>
> > Sent: Tue, 01 Oct 2013 07:08:38 -0400 (EDT)
> > Subject: [Pki-users] pki-ca-9.0.3-30 setup
> >
> > Hello there!
> > Could you help with the CA setup please?
> >
> > We installed a new machine with CentOS release 6.4 (Final) and installed the pki-ca-9.0.3-30 package.
> > The command we used for creation was:
> >
> > pkicreate -pki_instance_root=/var/lib
> >   -pki_instance_name=pki-ca
> >   -subsystem_type=ca
> >   -agent_secure_port=9443
> >   -ee_secure_port=9444
> >   -ee_secure_client_auth_port=9446
> >   -admin_secure_port=9445
> >   -unsecure_port=9180
> >   -tomcat_server_port=9701
> >   -user=pkiuser
> >   -group=pkiuser
> >   -redirect conf=/etc/pki-ca
> >   -redirect logs=/var/log/pki-ca
> >   -verbose
> >
> > After clicking through the wizard and restarting the service:
> >
> > status:
> > [root at jdrhel2 ~]# /sbin/service pki-cad status pki-ca pki-ca (pid 
> > 4988) is running... [ OK ]
> >   Unsecure Port = http://jdrhel2:9180/ca/ee/ca
> >   Secure Agent Port = https://jdrhel2:9443/ca/agent/ca
> >   Secure EE Port = https://jdrhel2:9444/ca/ee/ca
> >   Secure Admin Port = https://jdrhel2:9445/ca/services
> >   EE Client Auth Port = https://jdrhel2:9446/ca/eeca/ca
> >   PKI Console Port = pkiconsole https://jdrhel2:9445/ca
> >   Tomcat Port = 9701 (for shutdown)
> >
> >   PKI Instance Name: pki-ca
> >   PKI Subsystem Type: Root CA (Security Domain)
> >
> >   Registered PKI Security Domain Information:
> > ==========================================================================
> >   Name: AMSDomain
> >   URL: https://jdrhel2:9445
> > ======================================================================
> > ====
> >
> > Everything seems to be running, but when i connect to the adresses above, i can see firefox is verifying server certificate, uses personal certificate, but then the page is empty.
> > To be precise, there are just two links leading to empty pages:
> >   - link 'SSL End Users Services' pointing at https://jdrhel2:9444/ca/ee/ca and
> >   - link 'Agent Services' pointing at https://jdrhel2:9443/ca/agent/ca
> >
> > Is there anything we did wrong or forgot to configure?
> >
> > Many thanks,
> > Oleg
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Pki-users mailing list
> > Pki-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-users
> >
> 
> 
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users





More information about the Pki-users mailing list