Hi, Could you provide the following information? - platform and Dogtag version - debug log (can be found in /var/lib/pki/pki-tomcat/ca/logs/debug)
thanks, Christina On Mon, Aug 19, 2019 at 6:27 AM Pavel Ryabikh <[email protected]> wrote: > Hello dear Dogtag PKI users! > > > I am trying to install the system already for some days - it fails: > > There is a description: > [root@ca ~]# pkispawn -f ca-external-step2.cfg -s CA > Installation log: /var/log/pki/pki-ca-spawn.20190819144510.log > Loading deployment configuration from ca-external-step2.cfg. > Installing CA into /var/lib/pki/pki-tomcat. > ParsingException: IOException: Sequence tag error 9 > ERROR : pkispawn CalledProcessError: Command '['pki', '-d', > '/var/lib/pki/pki-tomcat/alias', 'pkcs7-cert-export', '--pkcs7-file', > '/tmp/tmpgx3puk6p/cert_chain.p7b', '--output-prefix', > '/tmp/tmptc7rw5h0/cert', '--output-suffix', '.crt']' returned non-zero > exit status 255. > File "/usr/lib/python3.7/site-packages/pki/server/pkispawn.py", line > 546, in main > scriptlet.spawn(deployer) > File "/usr/lib/python3.7/site- > packages/pki/server/deployment/scriptlets/configuration.py", line 643, > in spawn > self.import_system_certs(deployer, nssdb, subsystem) > File "/usr/lib/python3.7/site- > packages/pki/server/deployment/scriptlets/configuration.py", line 199, > in import_system_certs > self.import_system_cert(deployer, nssdb, subsystem, 'signing', > 'CT,C,C') > File "/usr/lib/python3.7/site- > packages/pki/server/deployment/scriptlets/configuration.py", line 144, > in import_system_cert > trust_attributes=trust_attributes) > File "/usr/lib/python3.7/site-packages/pki/nssdb.py", line 1295, in > import_cert_chain > trust_attributes=trust_attributes) > File "/usr/lib/python3.7/site-packages/pki/nssdb.py", line 1327, in > import_pkcs7 > subprocess.check_call(cmd) > File "/usr/lib64/python3.7/subprocess.py", line 347, in check_call > raise CalledProcessError(retcode, cmd) > > > Installation failed: Command failed: pki -d /var/lib/pki/pki- > tomcat/alias pkcs7-cert-export --pkcs7-file > /tmp/tmpgx3puk6p/cert_chain.p7b --output-prefix /tmp/tmptc7rw5h0/cert > --output-suffix .crt > > Please check pkispawn logs in /var/log/pki/pki-ca- > spawn.20190819144510.log > > > And these are configs: > STEP1: > [DEFAULT] > pki_server_database_password=121212 > > [CA] > [email protected] > pki_admin_name=caadmin > pki_admin_nickname=caadmin > pki_admin_password=121212 > pki_admin_uid=caadmin > > pki_client_database_password=121212 > pki_client_database_purge=False > pki_client_pkcs12_password=121212 > > pki_ds_base_dn=dc=ca,dc=lvm,dc=postmet,dc=com > pki_ds_database=ca > pki_ds_password=121212 > > pki_security_domain_name=lvm.postmet.com Security Domain > > pki_ca_signing_nickname=ca_signing > pki_ocsp_signing_nickname=ca_ocsp_signing > pki_audit_signing_nickname=ca_audit_signing > pki_sslserver_nickname=sslserver > pki_subsystem_nickname=subsystem > > pki_external=True > pki_external_step_two=False > > pki_ca_signing_csr_path=ca_signing.csr > > STEP2: > [DEFAULT] > pki_instance_name = pki-tomcat > pki_admin_password = 121212 > pki_backup_password = 121212 > pki_client_database_password = 121212 > pki_client_pin = 121212 > pki_client_pkcs12_password = 121212 > pki_clone_pkcs12_password = 121212 > pki_ds_password = 121212 > pki_external_pkcs12_password = 121212 > pki_pkcs12_password = 121212 > pki_replication_password = 121212 > pki_security_domain_password = 121212 > pki_server_database_password = 121212 > pki_server_pkcs12_password = 121212 > pki_token_password = 121212 > > [CA] > [email protected] > pki_admin_name=caadmin > pki_admin_nickname=caadmin > pki_admin_password=121212 > pki_admin_uid=caadmin > > pki_client_database_password=121212 > pki_client_database_purge=False > pki_client_pkcs12_password=121212 > > pki_ds_base_dn=dc=ca,dc=lvm,dc=postmet,dc=com > pki_ds_database=ca > pki_ds_password=121212 > > pki_security_domain_name=lvm.postmet.com Security Domain > > pki_ca_signing_nickname=ca_signing > pki_ocsp_signing_nickname=ca_ocsp_signing > pki_audit_signing_nickname=ca_audit_signing > pki_sslserver_nickname=sslserver > pki_subsystem_nickname=subsystem > > pki_external=True > pki_external_step_two=True > > pki_ca_signing_csr_path=ca_signing.csr > > pki_ca_signing_cert_path=ca_signing.crt > pki_cert_chain_nickname=external > pki_cert_chain_path=cert_chain.p7b > > pki_import_admin_cert = False > pki_client_admin_cert = ca_admin.cert > pki_admin_subject_dn=cn=PKI > Administrator,o=%(pki_security_domain_name)s > > > > Please help > > -- > Pavel Ryabih > > PostMet Corporation > http://www.postmet.com > > Call to sip:[email protected] > _______________________________________________ > Pki-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/pki-users
_______________________________________________ Pki-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-users
