Re: [Pki-devel] OCSP Configuration Problem

Thu, 14 May 2020 17:45:24 -0700 

Hi:

Should you set something like the following so it can find the security domain?


pki_security_domain_hostname=<security domain hostname>


----- Original Message -----
> From: "Nadeera Galagedara" <nadeeragalaged...@yahoo.com>
> To: pki-devel@redhat.com
> Sent: Wednesday, May 13, 2020 10:30:17 PM
> Subject: [Pki-devel] OCSP Configuration Problem
> 
> Dear,
> 
> I have Root CA and Issue CA in my network. The issue CA is signed by the Root
> CA. Both these CAs are installed in CentOS 7 and Dogtag Version 10.5. Now I
> am going to Install the OCSP for the Issue CA. There is no OCSP for the
> CentOS 7, so I installed the OCSP (10.8) in fedora. I tried to connect the
> OCSP to Issue CA with both Interactive and Manual configuration method. I
> still got an error.
> 
> Error comes while tried to install the OCSP
> 
> INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ocsp/conf/CS.cfg
> INFO: Checking existing SSL server cert: Server-Cert cert-pki-tomcat
> INFO: Creating temp SSL server cert for ocsp.mycompany.lk
> Notice: Trust flag u is set automatically if the private key is present.
> INFO: Joining existing domain
> INFO: Getting token for installing OCSP on ocsp. mycompany .lk
> 
> Installation failed:
> com.netscape.certsrv.base.PKIException: error result
> 
> Please check the OCSP logs in /var/log/pki/pki-tomcat/ocsp.
> 
> 
> There is no error shows in the log file. If I use the pkispawn it also
> generate the same error.
> 
> 
> 
> 
> 
> 
> My OCSP configuration
> 
> [DEFAULT]
> pki_server_database_password=Secret.123
> 
> [OCSP]
> pki_admin_cert_file=/home/user/Desktop/ca_admin_cert.p12 [ i used the p12
> admin file from issue ca server]
> pki_admin_email=ocspad...@example.com
> pki_admin_name=ocspadmin
> pki_admin_nickname=ocspadmin
> pki_admin_password=Secret.123
> pki_admin_uid=ocspadmin
> 
> pki_client_database_password=Secret.123
> pki_client_database_purge=False
> pki_client_pkcs12_password=Secret.123
> 
> pki_ds_base_dn=dc=ocsp,dc= mycompany ,dc=lk
> pki_ds_database=ocsp
> pki_ds_password=Secret.123
> 
> pki_clone_pkcs12_password=Secret.123
> 
> pki_security_domain_name=MYDOMAIN
> pki_security_domain_user=caadmin
> pki_security_domain_password=Secret.123
> 
> pki_token_password=Secret.123
> 
> 
> pki_security_domain_hostname=issueca. mycompany .lk
> 
> 
> 
> 
> 
> 
> My Issue CA configuration.
> 
> [CA]
> pki_admin_email=caad...@example.com
> pki_admin_name=caadmin
> pki_admin_nickname=caadmin
> pki_admin_password=Secret.123
> pki_admin_uid=caadmin
> 
> pki_client_database_password=Secret.123
> pki_client_database_purge=False
> pki_client_pkcs12_password=Secret.123
> 
> pki_ds_base_dn=dc=issueca,dc=mycompany,dc=lk
> pki_ds_database=ca
> pki_ds_password=Secret.123
> 
> pki_security_domain_name=MYDOMAIN
> pki_token_password=Secret.123
> 
> pki_external=True
> pki_external_step_two=True
> 
> pki_ca_signing_csr_path=ca_signing.csr
> pki_ca_signing_cert_path=ca_signing.crt
> 
> 
> _______________________________________________
> Pki-devel mailing list
> Pki-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Reply via email to