Hi: Should you set something like the following so it can find the security domain?
pki_security_domain_hostname=<security domain hostname> ----- Original Message ----- > From: "Nadeera Galagedara" <nadeeragalaged...@yahoo.com> > To: pki-devel@redhat.com > Sent: Wednesday, May 13, 2020 10:30:17 PM > Subject: [Pki-devel] OCSP Configuration Problem > > Dear, > > I have Root CA and Issue CA in my network. The issue CA is signed by the Root > CA. Both these CAs are installed in CentOS 7 and Dogtag Version 10.5. Now I > am going to Install the OCSP for the Issue CA. There is no OCSP for the > CentOS 7, so I installed the OCSP (10.8) in fedora. I tried to connect the > OCSP to Issue CA with both Interactive and Manual configuration method. I > still got an error. > > Error comes while tried to install the OCSP > > INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ocsp/conf/CS.cfg > INFO: Checking existing SSL server cert: Server-Cert cert-pki-tomcat > INFO: Creating temp SSL server cert for ocsp.mycompany.lk > Notice: Trust flag u is set automatically if the private key is present. > INFO: Joining existing domain > INFO: Getting token for installing OCSP on ocsp. mycompany .lk > > Installation failed: > com.netscape.certsrv.base.PKIException: error result > > Please check the OCSP logs in /var/log/pki/pki-tomcat/ocsp. > > > There is no error shows in the log file. If I use the pkispawn it also > generate the same error. > > > > > > > My OCSP configuration > > [DEFAULT] > pki_server_database_password=Secret.123 > > [OCSP] > pki_admin_cert_file=/home/user/Desktop/ca_admin_cert.p12 [ i used the p12 > admin file from issue ca server] > pki_admin_email=ocspad...@example.com > pki_admin_name=ocspadmin > pki_admin_nickname=ocspadmin > pki_admin_password=Secret.123 > pki_admin_uid=ocspadmin > > pki_client_database_password=Secret.123 > pki_client_database_purge=False > pki_client_pkcs12_password=Secret.123 > > pki_ds_base_dn=dc=ocsp,dc= mycompany ,dc=lk > pki_ds_database=ocsp > pki_ds_password=Secret.123 > > pki_clone_pkcs12_password=Secret.123 > > pki_security_domain_name=MYDOMAIN > pki_security_domain_user=caadmin > pki_security_domain_password=Secret.123 > > pki_token_password=Secret.123 > > > pki_security_domain_hostname=issueca. mycompany .lk > > > > > > > My Issue CA configuration. > > [CA] > pki_admin_email=caad...@example.com > pki_admin_name=caadmin > pki_admin_nickname=caadmin > pki_admin_password=Secret.123 > pki_admin_uid=caadmin > > pki_client_database_password=Secret.123 > pki_client_database_purge=False > pki_client_pkcs12_password=Secret.123 > > pki_ds_base_dn=dc=issueca,dc=mycompany,dc=lk > pki_ds_database=ca > pki_ds_password=Secret.123 > > pki_security_domain_name=MYDOMAIN > pki_token_password=Secret.123 > > pki_external=True > pki_external_step_two=True > > pki_ca_signing_csr_path=ca_signing.csr > pki_ca_signing_cert_path=ca_signing.crt > > > _______________________________________________ > Pki-devel mailing list > Pki-devel@redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel _______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel