Thank you, Cristina, for trying to help. I have sorted out an issue - it was incorrect certificate format.
Thanks again. On Tue, 2019-09-03 at 08:54 -0700, Christina Fu wrote: > Hi, > Could you provide the following information? > platform and Dogtag version > debug log (can be found in /var/lib/pki/pki-tomcat/ca/logs/debug) > thanks, > Christina > > On Mon, Aug 19, 2019 at 6:27 AM Pavel Ryabikh <[email protected]> wrote: > > Hello dear Dogtag PKI users! > > > > > > I am trying to install the system already for some days - it fails: > > > > There is a description: > > [root@ca ~]# pkispawn -f ca-external-step2.cfg -s CA > > Installation log: /var/log/pki/pki-ca-spawn.20190819144510.log > > Loading deployment configuration from ca-external-step2.cfg. > > Installing CA into /var/lib/pki/pki-tomcat. > > ParsingException: IOException: Sequence tag error 9 > > ERROR : pkispawn CalledProcessError: Command '['pki', '-d', > > '/var/lib/pki/pki-tomcat/alias', 'pkcs7-cert-export', '--pkcs7- > > file', > > '/tmp/tmpgx3puk6p/cert_chain.p7b', '--output-prefix', > > '/tmp/tmptc7rw5h0/cert', '--output-suffix', '.crt']' returned non- > > zero > > exit status 255. > > File "/usr/lib/python3.7/site-packages/pki/server/pkispawn.py", > > line > > 546, in main > > scriptlet.spawn(deployer) > > File "/usr/lib/python3.7/site- > > packages/pki/server/deployment/scriptlets/configuration.py", line > > 643, > > in spawn > > self.import_system_certs(deployer, nssdb, subsystem) > > File "/usr/lib/python3.7/site- > > packages/pki/server/deployment/scriptlets/configuration.py", line > > 199, > > in import_system_certs > > self.import_system_cert(deployer, nssdb, subsystem, 'signing', > > 'CT,C,C') > > File "/usr/lib/python3.7/site- > > packages/pki/server/deployment/scriptlets/configuration.py", line > > 144, > > in import_system_cert > > trust_attributes=trust_attributes) > > File "/usr/lib/python3.7/site-packages/pki/nssdb.py", line 1295, > > in > > import_cert_chain > > trust_attributes=trust_attributes) > > File "/usr/lib/python3.7/site-packages/pki/nssdb.py", line 1327, > > in > > import_pkcs7 > > subprocess.check_call(cmd) > > File "/usr/lib64/python3.7/subprocess.py", line 347, in > > check_call > > raise CalledProcessError(retcode, cmd) > > > > > > Installation failed: Command failed: pki -d /var/lib/pki/pki- > > tomcat/alias pkcs7-cert-export --pkcs7-file > > /tmp/tmpgx3puk6p/cert_chain.p7b --output-prefix > > /tmp/tmptc7rw5h0/cert > > --output-suffix .crt > > > > Please check pkispawn logs in /var/log/pki/pki-ca- > > spawn.20190819144510.log > > > > > > And these are configs: > > STEP1: > > [DEFAULT] > > pki_server_database_password=121212 > > > > [CA] > > [email protected] > > pki_admin_name=caadmin > > pki_admin_nickname=caadmin > > pki_admin_password=121212 > > pki_admin_uid=caadmin > > > > pki_client_database_password=121212 > > pki_client_database_purge=False > > pki_client_pkcs12_password=121212 > > > > pki_ds_base_dn=dc=ca,dc=lvm,dc=postmet,dc=com > > pki_ds_database=ca > > pki_ds_password=121212 > > > > pki_security_domain_name=lvm.postmet.com Security Domain > > > > pki_ca_signing_nickname=ca_signing > > pki_ocsp_signing_nickname=ca_ocsp_signing > > pki_audit_signing_nickname=ca_audit_signing > > pki_sslserver_nickname=sslserver > > pki_subsystem_nickname=subsystem > > > > pki_external=True > > pki_external_step_two=False > > > > pki_ca_signing_csr_path=ca_signing.csr > > > > STEP2: > > [DEFAULT] > > pki_instance_name = pki-tomcat > > pki_admin_password = 121212 > > pki_backup_password = 121212 > > pki_client_database_password = 121212 > > pki_client_pin = 121212 > > pki_client_pkcs12_password = 121212 > > pki_clone_pkcs12_password = 121212 > > pki_ds_password = 121212 > > pki_external_pkcs12_password = 121212 > > pki_pkcs12_password = 121212 > > pki_replication_password = 121212 > > pki_security_domain_password = 121212 > > pki_server_database_password = 121212 > > pki_server_pkcs12_password = 121212 > > pki_token_password = 121212 > > > > [CA] > > [email protected] > > pki_admin_name=caadmin > > pki_admin_nickname=caadmin > > pki_admin_password=121212 > > pki_admin_uid=caadmin > > > > pki_client_database_password=121212 > > pki_client_database_purge=False > > pki_client_pkcs12_password=121212 > > > > pki_ds_base_dn=dc=ca,dc=lvm,dc=postmet,dc=com > > pki_ds_database=ca > > pki_ds_password=121212 > > > > pki_security_domain_name=lvm.postmet.com Security Domain > > > > pki_ca_signing_nickname=ca_signing > > pki_ocsp_signing_nickname=ca_ocsp_signing > > pki_audit_signing_nickname=ca_audit_signing > > pki_sslserver_nickname=sslserver > > pki_subsystem_nickname=subsystem > > > > pki_external=True > > pki_external_step_two=True > > > > pki_ca_signing_csr_path=ca_signing.csr > > > > pki_ca_signing_cert_path=ca_signing.crt > > pki_cert_chain_nickname=external > > pki_cert_chain_path=cert_chain.p7b > > > > pki_import_admin_cert = False > > pki_client_admin_cert = ca_admin.cert > > pki_admin_subject_dn=cn=PKI > > Administrator,o=%(pki_security_domain_name)s > > > > > > > > Please help > > -- Pavel Ryabih PostMet Corporation http://www.postmet.com Call to sip:[email protected]
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Pki-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-users
