Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 631762 Details for
Bug 862437
Cert install errors
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
The INstallation Logs from the Replica Installation
ipareplica-install.log (text/plain), 72.51 KB, created by
Jesse Triplett
on 2012-10-22 22:30:34 UTC
(
hide
)
Description:
The INstallation Logs from the Replica Installation
Filename:
MIME Type:
Creator:
Jesse Triplett
Created:
2012-10-22 22:30:34 UTC
Size:
72.51 KB
patch
obsolete
>2012-10-19 17:02:35,257 DEBUG /usr/sbin/ipa-replica-install was invoked with argument "/var/lib/ipa/replica-info-citinfra1.cbot.citiumadvisors.com.gpg" and options: {'no_forwarders': False, 'ui_redirect': True, 'reverse_zone': None, 'unattended': False, 'no_host_dns': False, 'no_reverse': False, 'setup_dns': False, 'setup_ca': True, 'forwarders': None, 'debug': False, 'conf_ntp': True, 'skip_conncheck': False} >2012-10-19 17:02:35,258 DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' >2012-10-19 17:02:35,258 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2012-10-19 17:02:40,429 DEBUG args=/usr/bin/gpg --batch --homedir /tmp/tmpAyDm57ipa/ipa-lekT7q/.gnupg --passphrase-fd 0 --yes --no-tty -o /tmp/tmpAyDm57ipa/files.tar -d /var/lib/ipa/replica-info-citinfra1.cbot.citiumadvisors.com.gpg >2012-10-19 17:02:40,429 DEBUG stdout= >2012-10-19 17:02:40,429 DEBUG stderr=gpg: WARNING: unsafe permissions on homedir `/tmp/tmpAyDm57ipa/ipa-lekT7q/.gnupg' >gpg: keyring `/tmp/tmpAyDm57ipa/ipa-lekT7q/.gnupg/secring.gpg' created >gpg: keyring `/tmp/tmpAyDm57ipa/ipa-lekT7q/.gnupg/pubring.gpg' created >gpg: 3DES encrypted data >gpg: encrypted with 1 passphrase >gpg: WARNING: message was not integrity protected > >2012-10-19 17:02:40,433 DEBUG args=tar xf /tmp/tmpAyDm57ipa/files.tar -C /tmp/tmpAyDm57ipa >2012-10-19 17:02:40,433 DEBUG stdout= >2012-10-19 17:02:40,433 DEBUG stderr= >2012-10-19 17:02:57,400 DEBUG args=/usr/sbin/ipa-replica-conncheck --master citinfra1.cer.citiumadvisors.com --auto-master-check --realm CITIUMADVISORS.COM --principal admin --hostname citinfra1.cbot --check-ca >2012-10-19 17:02:57,403 DEBUG importing all plugin modules in '/usr/lib/python2.6/site-packages/ipalib/plugins'... >2012-10-19 17:02:57,403 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py' >2012-10-19 17:02:57,410 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py' >2012-10-19 17:02:57,427 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py' >2012-10-19 17:02:57,431 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py' >2012-10-19 17:02:57,431 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py' >2012-10-19 17:02:57,432 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py' >2012-10-19 17:02:57,442 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py' >2012-10-19 17:02:57,446 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py' >2012-10-19 17:02:57,447 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py' >2012-10-19 17:02:57,454 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py' >2012-10-19 17:02:57,457 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py' >2012-10-19 17:02:57,464 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py' >2012-10-19 17:02:57,465 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py' >2012-10-19 17:02:57,466 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py' >2012-10-19 17:02:57,469 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py' >2012-10-19 17:02:57,476 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py' >2012-10-19 17:02:57,477 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py' >2012-10-19 17:02:57,479 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py' >2012-10-19 17:02:57,479 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py' >2012-10-19 17:02:57,480 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py' >2012-10-19 17:02:57,484 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py' >2012-10-19 17:02:57,484 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py' >2012-10-19 17:02:57,488 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py' >2012-10-19 17:02:57,496 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py' >2012-10-19 17:02:57,498 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py' >2012-10-19 17:02:57,498 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py' >2012-10-19 17:02:57,500 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py' >2012-10-19 17:02:57,504 DEBUG args=klist -V >2012-10-19 17:02:57,504 DEBUG stdout=Kerberos 5 version 1.9 > >2012-10-19 17:02:57,505 DEBUG stderr= >2012-10-19 17:02:57,508 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/role.py' >2012-10-19 17:02:57,509 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py' >2012-10-19 17:02:57,511 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/service.py' >2012-10-19 17:02:57,511 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py' >2012-10-19 17:02:57,512 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py' >2012-10-19 17:02:57,514 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py' >2012-10-19 17:02:57,521 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/user.py' >2012-10-19 17:02:57,522 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py' >2012-10-19 17:02:57,522 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py' >2012-10-19 17:02:57,522 DEBUG importing all plugin modules in '/usr/lib/python2.6/site-packages/ipaserver/plugins'... >2012-10-19 17:02:57,522 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/dogtag.py' >2012-10-19 17:02:57,535 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/join.py' >2012-10-19 17:02:57,536 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py' >2012-10-19 17:02:57,536 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/rabase.py' >2012-10-19 17:02:57,536 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/selfsign.py' >2012-10-19 17:02:57,536 DEBUG skipping plugin module ipaserver.plugins.selfsign: selfsign is not selected as RA plugin, it is dogtag >2012-10-19 17:02:57,539 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/xmlserver.py' >2012-10-19 17:02:57,599 DEBUG Mounting ipaserver.rpcserver.jsonserver() at 'json' >2012-10-19 17:02:57,600 DEBUG Mounting ipaserver.rpcserver.xmlserver() at 'xml' >2012-10-19 17:02:58,128 DEBUG ds group dirsrv exists >2012-10-19 17:02:58,128 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2012-10-19 17:02:58,139 DEBUG Created connection context.ldap2_57511312 >2012-10-19 17:02:58,303 DEBUG Destroyed connection context.ldap2_57511312 >2012-10-19 17:02:58,303 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2012-10-19 17:02:58,303 DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2012-10-19 17:02:58,303 DEBUG Configuring ntpd >2012-10-19 17:02:58,303 DEBUG [1/4]: stopping ntpd >2012-10-19 17:02:58,376 DEBUG args=/sbin/service ntpd status >2012-10-19 17:02:58,376 DEBUG stdout=ntpd is stopped > >2012-10-19 17:02:58,377 DEBUG stderr= >2012-10-19 17:02:58,377 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2012-10-19 17:02:58,419 DEBUG args=/sbin/service ntpd stop >2012-10-19 17:02:58,419 DEBUG stdout=Shutting down ntpd: [60G[[0;31mFAILED[0;39m] > >2012-10-19 17:02:58,419 DEBUG stderr= >2012-10-19 17:02:58,419 DEBUG duration: 0 seconds >2012-10-19 17:02:58,419 DEBUG [2/4]: writing configuration >2012-10-19 17:02:58,419 DEBUG Backing up system configuration file '/etc/ntp.conf' >2012-10-19 17:02:58,420 DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2012-10-19 17:02:58,421 DEBUG Backing up system configuration file '/etc/sysconfig/ntpd' >2012-10-19 17:02:58,421 DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2012-10-19 17:02:58,421 DEBUG duration: 0 seconds >2012-10-19 17:02:58,422 DEBUG [3/4]: configuring ntpd to start on boot >2012-10-19 17:02:58,432 DEBUG args=/sbin/chkconfig ntpd >2012-10-19 17:02:58,433 DEBUG stdout= >2012-10-19 17:02:58,433 DEBUG stderr= >2012-10-19 17:02:58,433 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2012-10-19 17:02:58,479 DEBUG args=/sbin/chkconfig ntpd on >2012-10-19 17:02:58,479 DEBUG stdout= >2012-10-19 17:02:58,479 DEBUG stderr= >2012-10-19 17:02:58,479 DEBUG duration: 0 seconds >2012-10-19 17:02:58,479 DEBUG [4/4]: starting ntpd >2012-10-19 17:02:58,511 DEBUG args=/sbin/service ntpd start >2012-10-19 17:02:58,511 DEBUG stdout=Starting ntpd: [60G[[0;32m OK [0;39m] > >2012-10-19 17:02:58,511 DEBUG stderr= >2012-10-19 17:02:58,511 DEBUG duration: 0 seconds >2012-10-19 17:02:58,511 DEBUG done configuring ntpd. >2012-10-19 17:02:58,512 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2012-10-19 17:02:58,513 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2012-10-19 17:02:58,513 DEBUG Configuring directory server for the CA: Estimated time 30 seconds >2012-10-19 17:02:58,513 DEBUG [1/3]: creating directory server user >2012-10-19 17:02:58,518 DEBUG adding ds user pkisrv >2012-10-19 17:02:58,799 DEBUG args=/usr/sbin/useradd -g dirsrv -c PKI DS System User -d /var/lib/dirsrv -s /sbin/nologin -M -r pkisrv >2012-10-19 17:02:58,799 DEBUG stdout= >2012-10-19 17:02:58,799 DEBUG stderr= >2012-10-19 17:02:58,799 DEBUG done adding user >2012-10-19 17:02:58,799 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2012-10-19 17:02:58,800 DEBUG duration: 0 seconds >2012-10-19 17:02:58,800 DEBUG [2/3]: creating directory server instance >2012-10-19 17:02:58,829 DEBUG args=/sbin/service dirsrv status >2012-10-19 17:02:58,829 DEBUG stdout= *** Error: no dirsrv instances configured > >2012-10-19 17:02:58,829 DEBUG stderr= >2012-10-19 17:02:58,829 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2012-10-19 17:02:58,829 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2012-10-19 17:02:58,831 DEBUG writing inf template >2012-10-19 17:02:58,831 DEBUG >[General] >FullMachineName= citinfra1.cbot >SuiteSpotUserID= pkisrv >SuiteSpotGroup= dirsrv >ServerRoot= /usr/lib64/dirsrv >[slapd] >ServerPort= 7389 >ServerIdentifier= PKI-IPA >Suffix= dc=citiumadvisors,dc=com >RootDN= cn=Directory Manager > >2012-10-19 17:02:58,831 DEBUG calling setup-ds.pl >2012-10-19 17:03:05,213 DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpdEjDHq >2012-10-19 17:03:05,213 DEBUG stdout=[12/10/19:17:03:05] - [Setup] Info Your new DS instance 'PKI-IPA' was successfully created. >Your new DS instance 'PKI-IPA' was successfully created. >[12/10/19:17:03:05] - [Setup] Success Exiting . . . >Log file is '-' > >Exiting . . . >Log file is '-' > > >2012-10-19 17:03:05,213 DEBUG stderr= >2012-10-19 17:03:05,213 DEBUG completed creating ds instance >2012-10-19 17:03:05,214 DEBUG duration: 6 seconds >2012-10-19 17:03:05,214 DEBUG [3/3]: restarting directory server >2012-10-19 17:03:07,428 DEBUG args=/sbin/service dirsrv restart PKI-IPA >2012-10-19 17:03:07,428 DEBUG stdout=Shutting down dirsrv: > PKI-IPA...[60G[[0;32m OK [0;39m] >Starting dirsrv: > PKI-IPA...[60G[[0;32m OK [0;39m] > >2012-10-19 17:03:07,428 DEBUG stderr= >2012-10-19 17:03:07,459 DEBUG args=/sbin/service dirsrv status >2012-10-19 17:03:07,459 DEBUG stdout=dirsrv PKI-IPA (pid 15106) is running... > >2012-10-19 17:03:07,459 DEBUG stderr= >2012-10-19 17:03:07,459 DEBUG duration: 2 seconds >2012-10-19 17:03:07,460 DEBUG done configuring pkids. >2012-10-19 17:03:07,460 DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2012-10-19 17:03:07,473 DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-PKI-IPA/ -N -f /etc/dirsrv/slapd-PKI-IPA//pwdfile.txt >2012-10-19 17:03:07,473 DEBUG stdout= >2012-10-19 17:03:07,473 DEBUG stderr= >2012-10-19 17:03:07,483 DEBUG args=/usr/bin/pk12util -d /etc/dirsrv/slapd-PKI-IPA/ -i /tmp/tmpAyDm57ipa/realm_info/dogtagcert.p12 -k /etc/dirsrv/slapd-PKI-IPA//pwdfile.txt -w /tmp/tmpAyDm57ipa/realm_info/dirsrv_pin.txt >2012-10-19 17:03:07,483 DEBUG stdout=pk12util: PKCS12 IMPORT SUCCESSFUL > >2012-10-19 17:03:07,483 DEBUG stderr= >2012-10-19 17:03:07,495 DEBUG args=/usr/bin/pk12util -d /etc/dirsrv/slapd-PKI-IPA/ -l /tmp/tmpAyDm57ipa/realm_info/dogtagcert.p12 -k /tmp/tmpAyDm57ipa/realm_info/dirsrv_pin.txt -w /tmp/tmpAyDm57ipa/realm_info/dirsrv_pin.txt >2012-10-19 17:03:07,495 DEBUG stdout=Key(shrouded): > Friendly Name: Server-Cert > > Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC > Parameters: > Salt: > c2:3f:e3:af:02:b4:86:bd:e2:6a:52:3a:bb:83:ad:5a > Iteration Count: 1 (0x1) >Certificate: > Data: > Version: 3 (0x2) > Serial Number: 1 (0x1) > Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption > Issuer: "CN=Certificate Authority,O=CITIUMADVISORS.COM" > Validity: > Not Before: Thu Dec 08 23:58:09 2011 > Not After : Sun Dec 08 23:58:09 2019 > Subject: "CN=Certificate Authority,O=CITIUMADVISORS.COM" > Subject Public Key Info: > Public Key Algorithm: PKCS #1 RSA Encryption > RSA Public Key: > Modulus: > cf:d5:17:bd:65:70:9d:2b:ea:eb:3b:2f:e4:07:9f:33: > 47:e7:63:25:32:4e:4e:bc:d3:90:2a:f2:4b:d1:ba:20: > 56:ec:60:5f:30:2f:13:a3:d6:52:bb:9b:b1:c3:89:0b: > 4e:93:67:f4:21:0f:df:b8:7e:eb:e2:d3:8e:b5:37:f8: > 0c:19:d1:9e:ef:a7:39:71:b0:18:cb:4c:d3:4c:0e:fc: > 70:cb:4b:e5:72:f9:9b:a6:af:6d:4a:22:1d:8b:c8:51: > 2a:2e:64:e5:4e:42:18:db:e8:c4:08:40:e5:69:f2:a5: > 8e:a9:49:f4:6c:ee:7f:ab:9a:83:09:e7:05:96:8a:83: > c2:ae:97:0b:21:7d:64:0f:d7:76:cd:0c:64:8c:7a:5f: > 5b:5d:f7:01:b3:4d:d9:2c:3e:a3:9d:f8:08:75:dc:5d: > ea:1b:f4:de:88:83:8e:e9:94:6d:0e:75:26:63:74:ce: > 95:2e:7a:9f:06:d8:e9:ce:af:e2:46:64:8d:bc:d6:45: > d0:f9:5c:35:cd:de:45:15:71:b6:58:2f:b1:7c:40:e7: > 17:b0:55:fc:3d:57:b2:92:c9:a3:9a:a1:ae:b6:8e:15: > d1:c0:58:2c:eb:c3:af:92:24:a6:b6:71:e0:da:2e:ac: > 2c:c2:58:79:0b:c9:32:b9:ef:ed:7a:b0:77:60:fa:61 > Exponent: 65537 (0x10001) > Signed Extensions: > Name: Certificate Authority Key Identifier > Key ID: > d2:71:ee:ca:c3:18:c1:5a:d6:2f:ee:f9:52:fa:18:61: > 7f:ec:5b:f7 > > Name: Certificate Basic Constraints > Critical: True > Data: Is a CA with no maximum path length. > > Name: Certificate Key Usage > Critical: True > Usages: Digital Signature > Non-Repudiation > Certificate Signing > CRL Signing > > Name: Certificate Subject Key ID > Data: > d2:71:ee:ca:c3:18:c1:5a:d6:2f:ee:f9:52:fa:18:61: > 7f:ec:5b:f7 > > Name: Authority Information Access > Method: PKIX Online Certificate Status Protocol > Location: > URI: "http://citinfra1.cer.citiumadvisors.com:80/ca/ocsp" > > Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption > Signature: > 74:d8:2f:bd:99:ab:56:7c:87:1c:30:a8:a8:04:7c:9c: > 23:bb:ab:10:d7:5d:52:bf:cf:1b:00:ef:0d:81:83:e5: > a7:a7:49:58:b8:0e:6e:ab:07:96:e4:59:08:29:de:33: > 8f:bf:4e:57:00:dc:0c:e2:03:52:e8:e0:4d:f4:c4:ce: > f3:c0:f4:0b:e0:c6:02:0f:c1:12:5a:24:76:4c:a6:10: > a6:c9:b8:19:6b:e9:63:fc:8a:1c:00:13:64:0c:73:9f: > bb:49:2d:26:1a:8c:73:b4:65:2e:13:03:1d:19:31:89: > bf:3b:f4:ce:72:11:f7:09:d6:88:e5:ce:94:b5:36:7f: > 61:fe:5e:65:e4:be:59:d5:91:f5:17:9c:0f:c7:da:75: > 1e:35:3e:55:7b:a5:dc:a0:55:d0:1b:75:14:72:d5:de: > 4c:16:92:46:7c:71:e2:9d:55:a4:24:99:1a:df:e7:5f: > 90:7e:44:d4:62:7e:5c:2b:af:bf:67:5f:43:e8:e3:44: > a5:e7:61:e1:d7:2b:70:aa:78:e1:5e:7e:aa:39:71:9f: > 87:ad:e7:d1:0e:48:d0:6a:03:37:fa:95:68:5e:01:96: > 6a:82:45:ba:f7:cc:14:e2:d0:e0:0a:1f:8e:d8:2e:90: > ab:fa:d3:64:fb:91:8f:b5:a0:e5:23:bd:fe:e9:ab:f0 > Fingerprint (MD5): > CF:98:70:D5:1B:B8:A3:D4:B0:E0:CD:94:5F:6E:EF:23 > Fingerprint (SHA1): > 3E:77:A6:AF:43:22:F9:F2:B6:FA:13:34:63:6E:DE:8D:DC:D6:4E:50 > > Friendly Name: CITIUMADVISORS.COM IPA CA > >Certificate(has private key): > Data: > Version: 3 (0x2) > Serial Number: 30 (0x1e) > Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption > Issuer: "CN=Certificate Authority,O=CITIUMADVISORS.COM" > Validity: > Not Before: Fri Oct 12 22:16:52 2012 > Not After : Mon Oct 13 22:16:52 2014 > Subject: "CN=citinfra1.cbot.citiumadvisors.com,O=CITIUMADVISORS.COM" > Subject Public Key Info: > Public Key Algorithm: PKCS #1 RSA Encryption > RSA Public Key: > Modulus: > b7:e4:2a:e8:05:e8:2b:ad:0d:e4:48:35:17:f1:92:0c: > c7:48:99:3c:c5:2d:18:8c:b9:a8:8b:e3:3b:cc:39:9b: > 01:5d:39:d9:d9:fe:19:13:e5:1e:a1:64:5f:b9:83:97: > 1a:0d:48:b8:02:33:e5:31:6e:39:8e:f9:30:73:71:6a: > 5a:53:4a:20:84:13:41:6c:cb:a1:21:92:c0:47:62:2b: > bf:cd:f7:84:f6:de:81:01:76:c0:bb:c4:20:18:ec:26: > f6:3d:64:ba:6d:1c:e8:31:32:d9:a4:35:46:a7:f5:81: > dc:34:a0:cd:09:50:13:6d:80:98:dd:57:4d:a4:c0:f2: > 50:08:bd:fc:00:a6:8a:2f:8e:3e:77:94:2b:0a:5f:f7: > 31:83:58:72:e0:1b:87:a7:36:40:58:15:29:13:8f:78: > a3:6e:c3:10:a4:af:fd:8f:cb:cd:1a:d9:e1:cb:d8:c2: > b5:61:71:c9:69:77:94:72:3d:5f:72:dc:09:12:20:37: > 1e:da:39:65:79:08:45:a8:59:a7:3a:3d:d8:e2:48:d1: > 8f:61:84:7a:91:e0:74:d5:c8:70:d2:9b:09:65:04:75: > 8b:23:ff:51:77:53:ab:a6:9a:67:5c:c6:07:bc:e0:b7: > 67:e2:86:7e:16:cc:a2:97:7b:9e:7e:51:d6:db:b6:8d > Exponent: 65537 (0x10001) > Signed Extensions: > Name: Certificate Authority Key Identifier > Key ID: > d2:71:ee:ca:c3:18:c1:5a:d6:2f:ee:f9:52:fa:18:61: > 7f:ec:5b:f7 > > Name: Authority Information Access > Method: PKIX Online Certificate Status Protocol > Location: > URI: "http://citinfra1.cer.citiumadvisors.com:80/ca/ocsp" > > Name: Certificate Key Usage > Critical: True > Usages: Digital Signature > Non-Repudiation > Key Encipherment > Data Encipherment > > Name: Extended Key Usage > TLS Web Server Authentication Certificate > TLS Web Client Authentication Certificate > > Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption > Signature: > 33:b4:2c:99:9d:72:27:c7:80:0a:e4:4d:b5:6a:7f:9a: > 35:7e:5e:0c:fc:8f:27:ab:4a:4e:d5:48:8c:a4:3e:b0: > 85:ea:30:d3:40:ab:20:a0:27:78:db:de:55:52:a4:f4: > ca:86:e9:54:c4:f2:ae:85:b1:fe:40:2e:7f:35:03:a7: > 00:17:95:54:04:b8:aa:70:67:fd:f4:64:15:aa:be:06: > 76:6a:3d:4f:50:e0:c0:88:cd:96:fd:f8:7e:70:ae:d5: > bf:9f:43:3e:6d:cd:8d:e4:b4:c3:62:91:7e:19:4b:ed: > 56:e3:20:42:8c:2a:a4:fd:ed:16:ed:3e:b5:c6:bd:e8: > 52:3d:16:2e:3d:52:5e:cf:c7:f7:d3:af:74:01:ea:7c: > 01:5c:9d:f0:4d:e0:7e:5f:3f:21:04:44:e4:76:92:ed: > 2e:56:64:ae:bc:7f:77:f4:c3:c6:d4:4b:24:1f:18:8b: > 8b:bb:5c:5a:38:e6:3e:45:47:37:66:fb:b9:04:55:8f: > 5f:47:34:3f:77:ee:16:eb:19:0a:35:01:bc:08:24:16: > 29:f4:8d:7d:96:92:08:f0:69:bf:42:9f:07:27:de:23: > cf:0a:48:fc:04:3c:b3:08:3d:5d:7a:f3:13:1b:66:08: > 8a:dd:4c:26:3e:4f:8d:c1:29:14:00:0d:08:28:c3:84 > Fingerprint (MD5): > C1:D8:88:97:0E:7F:25:E6:5F:3C:74:70:F6:51:A8:81 > Fingerprint (SHA1): > 0A:DB:5D:14:98:C2:B3:E7:62:5E:CC:CE:EB:0D:67:B4:E1:CD:85:13 > > Friendly Name: Server-Cert > > >2012-10-19 17:03:07,495 DEBUG stderr= >2012-10-19 17:03:07,502 DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-PKI-IPA/ -M -n CITIUMADVISORS.COM IPA CA -t CT,CT, >2012-10-19 17:03:07,502 DEBUG stdout= >2012-10-19 17:03:07,502 DEBUG stderr= >2012-10-19 17:03:07,515 DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-PKI-IPA/ -L -n CITIUMADVISORS.COM IPA CA -a >2012-10-19 17:03:07,515 DEBUG stdout=-----BEGIN CERTIFICATE----- >MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADA9MRswGQYDVQQKExJDSVRJ >VU1BRFZJU09SUy5DT00xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe >Fw0xMTEyMDgyMzU4MDlaFw0xOTEyMDgyMzU4MDlaMD0xGzAZBgNVBAoTEkNJVElV >TUFEVklTT1JTLkNPTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIIB >IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9UXvWVwnSvq6zsv5AefM0fn >YyUyTk6805Aq8kvRuiBW7GBfMC8To9ZSu5uxw4kLTpNn9CEP37h+6+LTjrU3+AwZ >0Z7vpzlxsBjLTNNMDvxwy0vlcvmbpq9tSiIdi8hRKi5k5U5CGNvoxAhA5WnypY6p >SfRs7n+rmoMJ5wWWioPCrpcLIX1kD9d2zQxkjHpfW133AbNN2Sw+o534CHXcXeob >9N6Ig47plG0OdSZjdM6VLnqfBtjpzq/iRmSNvNZF0PlcNc3eRRVxtlgvsXxA5xew >Vfw9V7KSyaOaoa62jhXRwFgs68OvkiSmtnHg2i6sLMJYeQvJMrnv7Xqwd2D6YQID >AQABo4G0MIGxMB8GA1UdIwQYMBaAFNJx7srDGMFa1i/u+VL6GGF/7Fv3MA8GA1Ud >EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBTSce7KwxjBWtYv >7vlS+hhhf+xb9zBOBggrBgEFBQcBAQRCMEAwPgYIKwYBBQUHMAGGMmh0dHA6Ly9j >aXRpbmZyYTEuY2VyLmNpdGl1bWFkdmlzb3JzLmNvbTo4MC9jYS9vY3NwMA0GCSqG >SIb3DQEBCwUAA4IBAQB02C+9matWfIccMKioBHycI7urENddUr/PGwDvDYGD5aen >SVi4Dm6rB5bkWQgp3jOPv05XANwM4gNS6OBN9MTO88D0C+DGAg/BElokdkymEKbJ >uBlr6WP8ihwAE2QMc5+7SS0mGoxztGUuEwMdGTGJvzv0znIR9wnWiOXOlLU2f2H+ >XmXkvlnVkfUXnA/H2nUeNT5Ve6XcoFXQG3UUctXeTBaSRnxx4p1VpCSZGt/nX5B+ >RNRiflwrr79nX0Po40Sl52Hh1ytwqnjhXn6qOXGfh63n0Q5I0GoDN/qVaF4BlmqC >Rbr3zBTi0OAKH47YLpCr+tNk+5GPtaDlI73+6avw >-----END CERTIFICATE----- > >2012-10-19 17:03:07,515 DEBUG stderr= >2012-10-19 17:03:07,527 DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-PKI-IPA/ -L -n Server-Cert -a >2012-10-19 17:03:07,527 DEBUG stdout=-----BEGIN CERTIFICATE----- >MIIDpTCCAo2gAwIBAgIBHjANBgkqhkiG9w0BAQsFADA9MRswGQYDVQQKExJDSVRJ >VU1BRFZJU09SUy5DT00xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe >Fw0xMjEwMTIyMjE2NTJaFw0xNDEwMTMyMjE2NTJaMEkxGzAZBgNVBAoTEkNJVElV >TUFEVklTT1JTLkNPTTEqMCgGA1UEAxMhY2l0aW5mcmExLmNib3QuY2l0aXVtYWR2 >aXNvcnMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+Qq6AXo >K60N5Eg1F/GSDMdImTzFLRiMuaiL4zvMOZsBXTnZ2f4ZE+UeoWRfuYOXGg1IuAIz >5TFuOY75MHNxalpTSiCEE0Fsy6EhksBHYiu/zfeE9t6BAXbAu8QgGOwm9j1kum0c >6DEy2aQ1Rqf1gdw0oM0JUBNtgJjdV02kwPJQCL38AKaKL44+d5QrCl/3MYNYcuAb >h6c2QFgVKROPeKNuwxCkr/2Py80a2eHL2MK1YXHJaXeUcj1fctwJEiA3Hto5ZXkI >RahZpzo92OJI0Y9hhHqR4HTVyHDSmwllBHWLI/9Rd1OrpppnXMYHvOC3Z+KGfhbM >opd7nn5R1tu2jQIDAQABo4GjMIGgMB8GA1UdIwQYMBaAFNJx7srDGMFa1i/u+VL6 >GGF/7Fv3ME4GCCsGAQUFBwEBBEIwQDA+BggrBgEFBQcwAYYyaHR0cDovL2NpdGlu >ZnJhMS5jZXIuY2l0aXVtYWR2aXNvcnMuY29tOjgwL2NhL29jc3AwDgYDVR0PAQH/ >BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B >AQsFAAOCAQEAM7QsmZ1yJ8eACuRNtWp/mjV+Xgz8jyerSk7VSIykPrCF6jDTQKsg >oCd4295VUqT0yobpVMTyroWx/kAufzUDpwAXlVQEuKpwZ/30ZBWqvgZ2aj1PUODA >iM2W/fh+cK7Vv59DPm3NjeS0w2KRfhlL7VbjIEKMKqT97RbtPrXGvehSPRYuPVJe >z8f30690Aep8AVyd8E3gfl8/IQRE5HaS7S5WZK68f3f0w8bUSyQfGIuLu1xaOOY+ >RUc3Zvu5BFWPX0c0P3fuFusZCjUBvAgkFin0jX2Wkgjwab9Cnwcn3iPPCkj8BDyz >CD1devMTG2YIit1MJj5PjcEpFAANCCjDhA== >-----END CERTIFICATE----- > >2012-10-19 17:03:07,527 DEBUG stderr= >2012-10-19 17:03:07,574 DEBUG args=/sbin/chkconfig certmonger on >2012-10-19 17:03:07,575 DEBUG stdout= >2012-10-19 17:03:07,575 DEBUG stderr= >2012-10-19 17:03:07,598 DEBUG args=/sbin/service messagebus start >2012-10-19 17:03:07,598 DEBUG stdout=Starting system message bus: > >2012-10-19 17:03:07,598 DEBUG stderr= >2012-10-19 17:03:07,619 DEBUG args=/sbin/service certmonger start >2012-10-19 17:03:07,619 DEBUG stdout= >2012-10-19 17:03:07,619 DEBUG stderr= >2012-10-19 17:03:07,626 DEBUG args=/usr/bin/certutil -L -d /etc/dirsrv/slapd-PKI-IPA/ -n Server-Cert >2012-10-19 17:03:07,626 DEBUG stdout=Certificate: > Data: > Version: 3 (0x2) > Serial Number: 30 (0x1e) > Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption > Issuer: "CN=Certificate Authority,O=CITIUMADVISORS.COM" > Validity: > Not Before: Fri Oct 12 22:16:52 2012 > Not After : Mon Oct 13 22:16:52 2014 > Subject: "CN=citinfra1.cbot.citiumadvisors.com,O=CITIUMADVISORS.COM" > Subject Public Key Info: > Public Key Algorithm: PKCS #1 RSA Encryption > RSA Public Key: > Modulus: > b7:e4:2a:e8:05:e8:2b:ad:0d:e4:48:35:17:f1:92:0c: > c7:48:99:3c:c5:2d:18:8c:b9:a8:8b:e3:3b:cc:39:9b: > 01:5d:39:d9:d9:fe:19:13:e5:1e:a1:64:5f:b9:83:97: > 1a:0d:48:b8:02:33:e5:31:6e:39:8e:f9:30:73:71:6a: > 5a:53:4a:20:84:13:41:6c:cb:a1:21:92:c0:47:62:2b: > bf:cd:f7:84:f6:de:81:01:76:c0:bb:c4:20:18:ec:26: > f6:3d:64:ba:6d:1c:e8:31:32:d9:a4:35:46:a7:f5:81: > dc:34:a0:cd:09:50:13:6d:80:98:dd:57:4d:a4:c0:f2: > 50:08:bd:fc:00:a6:8a:2f:8e:3e:77:94:2b:0a:5f:f7: > 31:83:58:72:e0:1b:87:a7:36:40:58:15:29:13:8f:78: > a3:6e:c3:10:a4:af:fd:8f:cb:cd:1a:d9:e1:cb:d8:c2: > b5:61:71:c9:69:77:94:72:3d:5f:72:dc:09:12:20:37: > 1e:da:39:65:79:08:45:a8:59:a7:3a:3d:d8:e2:48:d1: > 8f:61:84:7a:91:e0:74:d5:c8:70:d2:9b:09:65:04:75: > 8b:23:ff:51:77:53:ab:a6:9a:67:5c:c6:07:bc:e0:b7: > 67:e2:86:7e:16:cc:a2:97:7b:9e:7e:51:d6:db:b6:8d > Exponent: 65537 (0x10001) > Signed Extensions: > Name: Certificate Authority Key Identifier > Key ID: > d2:71:ee:ca:c3:18:c1:5a:d6:2f:ee:f9:52:fa:18:61: > 7f:ec:5b:f7 > > Name: Authority Information Access > Method: PKIX Online Certificate Status Protocol > Location: > URI: "http://citinfra1.cer.citiumadvisors.com:80/ca/ocsp" > > Name: Certificate Key Usage > Critical: True > Usages: Digital Signature > Non-Repudiation > Key Encipherment > Data Encipherment > > Name: Extended Key Usage > TLS Web Server Authentication Certificate > TLS Web Client Authentication Certificate > > Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption > Signature: > 33:b4:2c:99:9d:72:27:c7:80:0a:e4:4d:b5:6a:7f:9a: > 35:7e:5e:0c:fc:8f:27:ab:4a:4e:d5:48:8c:a4:3e:b0: > 85:ea:30:d3:40:ab:20:a0:27:78:db:de:55:52:a4:f4: > ca:86:e9:54:c4:f2:ae:85:b1:fe:40:2e:7f:35:03:a7: > 00:17:95:54:04:b8:aa:70:67:fd:f4:64:15:aa:be:06: > 76:6a:3d:4f:50:e0:c0:88:cd:96:fd:f8:7e:70:ae:d5: > bf:9f:43:3e:6d:cd:8d:e4:b4:c3:62:91:7e:19:4b:ed: > 56:e3:20:42:8c:2a:a4:fd:ed:16:ed:3e:b5:c6:bd:e8: > 52:3d:16:2e:3d:52:5e:cf:c7:f7:d3:af:74:01:ea:7c: > 01:5c:9d:f0:4d:e0:7e:5f:3f:21:04:44:e4:76:92:ed: > 2e:56:64:ae:bc:7f:77:f4:c3:c6:d4:4b:24:1f:18:8b: > 8b:bb:5c:5a:38:e6:3e:45:47:37:66:fb:b9:04:55:8f: > 5f:47:34:3f:77:ee:16:eb:19:0a:35:01:bc:08:24:16: > 29:f4:8d:7d:96:92:08:f0:69:bf:42:9f:07:27:de:23: > cf:0a:48:fc:04:3c:b3:08:3d:5d:7a:f3:13:1b:66:08: > 8a:dd:4c:26:3e:4f:8d:c1:29:14:00:0d:08:28:c3:84 > Fingerprint (MD5): > C1:D8:88:97:0E:7F:25:E6:5F:3C:74:70:F6:51:A8:81 > Fingerprint (SHA1): > 0A:DB:5D:14:98:C2:B3:E7:62:5E:CC:CE:EB:0D:67:B4:E1:CD:85:13 > > Certificate Trust Flags: > SSL Flags: > User > Email Flags: > User > Object Signing Flags: > User > > >2012-10-19 17:03:07,626 DEBUG stderr= >2012-10-19 17:03:07,650 DEBUG args=/usr/bin/ipa-getcert start-tracking -d /etc/dirsrv/slapd-PKI-IPA/ -n Server-Cert -p /etc/dirsrv/slapd-PKI-IPA//pwdfile.txt >2012-10-19 17:03:07,650 DEBUG stdout=New tracking request "20121019220307" added. > >2012-10-19 17:03:07,650 DEBUG stderr= >2012-10-19 17:03:07,779 DEBUG args=/sbin/service certmonger stop >2012-10-19 17:03:07,779 DEBUG stdout=Stopping certmonger: [60G[[0;32m OK [0;39m] > >2012-10-19 17:03:07,779 DEBUG stderr= >2012-10-19 17:03:07,786 DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-PKI-IPA/ -L -n Server-Cert -a >2012-10-19 17:03:07,787 DEBUG stdout=-----BEGIN CERTIFICATE----- >MIIDpTCCAo2gAwIBAgIBHjANBgkqhkiG9w0BAQsFADA9MRswGQYDVQQKExJDSVRJ >VU1BRFZJU09SUy5DT00xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe >Fw0xMjEwMTIyMjE2NTJaFw0xNDEwMTMyMjE2NTJaMEkxGzAZBgNVBAoTEkNJVElV >TUFEVklTT1JTLkNPTTEqMCgGA1UEAxMhY2l0aW5mcmExLmNib3QuY2l0aXVtYWR2 >aXNvcnMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+Qq6AXo >K60N5Eg1F/GSDMdImTzFLRiMuaiL4zvMOZsBXTnZ2f4ZE+UeoWRfuYOXGg1IuAIz >5TFuOY75MHNxalpTSiCEE0Fsy6EhksBHYiu/zfeE9t6BAXbAu8QgGOwm9j1kum0c >6DEy2aQ1Rqf1gdw0oM0JUBNtgJjdV02kwPJQCL38AKaKL44+d5QrCl/3MYNYcuAb >h6c2QFgVKROPeKNuwxCkr/2Py80a2eHL2MK1YXHJaXeUcj1fctwJEiA3Hto5ZXkI >RahZpzo92OJI0Y9hhHqR4HTVyHDSmwllBHWLI/9Rd1OrpppnXMYHvOC3Z+KGfhbM >opd7nn5R1tu2jQIDAQABo4GjMIGgMB8GA1UdIwQYMBaAFNJx7srDGMFa1i/u+VL6 >GGF/7Fv3ME4GCCsGAQUFBwEBBEIwQDA+BggrBgEFBQcwAYYyaHR0cDovL2NpdGlu >ZnJhMS5jZXIuY2l0aXVtYWR2aXNvcnMuY29tOjgwL2NhL29jc3AwDgYDVR0PAQH/ >BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B >AQsFAAOCAQEAM7QsmZ1yJ8eACuRNtWp/mjV+Xgz8jyerSk7VSIykPrCF6jDTQKsg >oCd4295VUqT0yobpVMTyroWx/kAufzUDpwAXlVQEuKpwZ/30ZBWqvgZ2aj1PUODA >iM2W/fh+cK7Vv59DPm3NjeS0w2KRfhlL7VbjIEKMKqT97RbtPrXGvehSPRYuPVJe >z8f30690Aep8AVyd8E3gfl8/IQRE5HaS7S5WZK68f3f0w8bUSyQfGIuLu1xaOOY+ >RUc3Zvu5BFWPX0c0P3fuFusZCjUBvAgkFin0jX2Wkgjwab9Cnwcn3iPPCkj8BDyz >CD1devMTG2YIit1MJj5PjcEpFAANCCjDhA== >-----END CERTIFICATE----- > >2012-10-19 17:03:07,787 DEBUG stderr= >2012-10-19 17:03:15,909 DEBUG args=/sbin/service certmonger start >2012-10-19 17:03:15,910 DEBUG stdout=Starting certmonger: [60G[[0;32m OK [0;39m] > >2012-10-19 17:03:15,910 DEBUG stderr= >2012-10-19 17:03:19,234 DEBUG args=/sbin/service dirsrv restart PKI-IPA >2012-10-19 17:03:19,234 DEBUG stdout=Shutting down dirsrv: > PKI-IPA...[60G[[0;32m OK [0;39m] >Starting dirsrv: > PKI-IPA...[60G[[0;32m OK [0;39m] > >2012-10-19 17:03:19,234 DEBUG stderr= >2012-10-19 17:03:19,263 DEBUG args=/sbin/service dirsrv status >2012-10-19 17:03:19,263 DEBUG stdout=dirsrv PKI-IPA (pid 15285) is running... > >2012-10-19 17:03:19,263 DEBUG stderr= >2012-10-19 17:03:19,263 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2012-10-19 17:03:19,265 DEBUG Configuring certificate server: Estimated time 3 minutes 30 seconds >2012-10-19 17:03:19,265 DEBUG [1/12]: creating certificate server user >2012-10-19 17:03:19,267 DEBUG adding ca user pkiuser >2012-10-19 17:03:19,718 DEBUG args=/usr/sbin/useradd -c CA System User -d /var/lib -s /sbin/nologin -M -r pkiuser >2012-10-19 17:03:19,718 DEBUG stdout= >2012-10-19 17:03:19,718 DEBUG stderr= >2012-10-19 17:03:19,718 DEBUG done adding user >2012-10-19 17:03:19,719 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2012-10-19 17:03:19,719 DEBUG duration: 0 seconds >2012-10-19 17:03:19,719 DEBUG [2/12]: creating pki-ca instance >2012-10-19 17:03:25,736 DEBUG args=/usr/bin/pkicreate -pki_instance_root /var/lib -pki_instance_name pki-ca -subsystem_type ca -agent_secure_port 9443 -ee_secure_port 9444 -admin_secure_port 9445 -ee_secure_client_auth_port 9446 -unsecure_port 9180 -tomcat_server_port 9701 -redirect conf=/etc/pki-ca -redirect logs=/var/log/pki-ca -enable_proxy >2012-10-19 17:03:25,736 DEBUG stdout=PKI instance creation Utility ... > >Capturing installation information in /var/log/pki-ca-install.log > >PKI instance creation completed ... > >Installation information recorded in /var/log/pki-ca-install.log. >Before proceeding with the configuration, make sure >the firewall settings of this machine permit proper >access to this subsystem. > >Please start the configuration by accessing: > >https://citinfra1.cbot:9445/ca/admin/console/config/login?pin=PI9vTkwI75VfpabVTSsY > >After configuration, the server can be operated by the command: > > /sbin/service pki-cad restart pki-ca > > >2012-10-19 17:03:25,736 DEBUG stderr= >2012-10-19 17:03:25,736 DEBUG duration: 6 seconds >2012-10-19 17:03:25,736 DEBUG [3/12]: configuring certificate server instance >2012-10-19 17:03:29,881 DEBUG args=/usr/bin/perl /usr/bin/pkisilent 'ConfigureCA' '-cs_hostname' 'citinfra1.cbot' '-cs_port' '9445' '-client_certdb_dir' '/tmp/tmp-97hH6A' '-client_certdb_pwd' XXXXXXXX '-preop_pin' 'PI9vTkwI75VfpabVTSsY' '-domain_name' 'IPA' '-admin_user' 'admin' '-admin_email' 'root@localhost' '-admin_password' XXXXXXXX '-agent_name' 'ipa-ca-agent' '-agent_key_size' '2048' '-agent_key_type' 'rsa' '-agent_cert_subject' 'CN=ipa-ca-agent,O=CITIUMADVISORS.COM' '-ldap_host' 'citinfra1.cbot' '-ldap_port' '7389' '-bind_dn' 'cn=Directory Manager' '-bind_password' XXXXXXXX '-base_dn' 'o=ipaca' '-db_name' 'ipaca' '-key_size' '2048' '-key_type' 'rsa' '-key_algorithm' 'SHA256withRSA' '-save_p12' 'true' '-backup_pwd' XXXXXXXX '-subsystem_name' 'pki-cad' '-token_name' 'internal' '-ca_subsystem_cert_subject_name' 'CN=CA Subsystem,O=CITIUMADVISORS.COM' '-ca_ocsp_cert_subject_name' 'CN=OCSP Subsystem,O=CITIUMADVISORS.COM' '-ca_server_cert_subject_name' 'CN=citinfra1.cbot,O=CITIUMADVISORS.COM' '-ca_audit_signing_cert_subject_name' 'CN=CA Audit,O=CITIUMADVISORS.COM' '-ca_sign_cert_subject_name' 'CN=Certificate Authority,O=CITIUMADVISORS.COM' '-external' 'false' '-clone' 'true' '-clone_p12_file' 'ca.p12' '-clone_p12_password' XXXXXXXX '-sd_hostname' 'citinfra1.cer.XXXXXXXX.com' '-sd_admin_port' '443' '-sd_admin_name' 'admin' '-sd_admin_password' XXXXXXXX '-clone_start_tls' 'true' '-clone_uri' 'https://citinfra1.cer.XXXXXXXX.com:443' >2012-10-19 17:03:29,882 DEBUG stdout=libpath=/usr/lib64 >####################################################################### >CRYPTO INIT WITH CERTDB:/tmp/tmp-97hH6A >tokenpwd:XXXXXXXX >############################################# >Attempting to connect to: citinfra1.cbot:9445 >in TestCertApprovalCallback.approve() >Peer cert details: > subject: CN=citinfra1.cbot,O=2012-10-19 17:03:19 > issuer: CN=citinfra1.cbot,O=2012-10-19 17:03:19 > serial: 0 >item 1 reason=-8156 depth=1 > cert details: > subject: CN=citinfra1.cbot,O=2012-10-19 17:03:19 > issuer: CN=citinfra1.cbot,O=2012-10-19 17:03:19 > serial: 0 >item 2 reason=-8172 depth=1 > cert details: > subject: CN=citinfra1.cbot,O=2012-10-19 17:03:19 > issuer: CN=citinfra1.cbot,O=2012-10-19 17:03:19 > serial: 0 >importing certificate. >Connected. >Posting Query = https://citinfra1.cbot:9445//ca/admin/console/config/login?pin=PI9vTkwI75VfpabVTSsY&xml=true >RESPONSE STATUS: HTTP/1.1 302 Moved Temporarily >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Set-Cookie: JSESSIONID=0413CDC04AFA20FAFDE48944C91E0C4B; Path=/ca; Secure >RESPONSE HEADER: Location: https://citinfra1.cbot:9445/ca/admin/console/config/wizard >RESPONSE HEADER: Content-Type: text/html;charset=UTF-8 >RESPONSE HEADER: Content-Length: 0 >RESPONSE HEADER: Date: Fri, 19 Oct 2012 22:03:26 GMT >RESPONSE HEADER: Connection: keep-alive >xml returned: >cookie list: JSESSIONID=0413CDC04AFA20FAFDE48944C91E0C4B; Path=/ca; Secure >############################################# >Attempting to connect to: citinfra1.cbot:9445 >Connected. >Posting Query = https://citinfra1.cbot:9445//ca/admin/console/config/wizard?p=0&op=next&xml=true >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Fri, 19 Oct 2012 22:03:26 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <panel>admin/console/config/modulepanel.vm</panel> > <res/> > <showApplyButton/> > <status>display</status> > <subpanelno>2</subpanelno> > <sms> > <Vector> > <Module> > <CommonName>NSS Internal PKCS #11 Module</CommonName> > <UserFriendlyName>NSS Internal PKCS #11 Module</UserFriendlyName> > <ImagePath>../img/clearpixel.gif</ImagePath> > </Module> > <Module> > <CommonName>nfast</CommonName> > <UserFriendlyName>nCipher's nFast Token Hardware Module</UserFriendlyName> > <ImagePath>../img/clearpixel.gif</ImagePath> > </Module> > <Module> > <CommonName>lunasa</CommonName> > <UserFriendlyName>SafeNet's LunaSA Token Hardware Module</UserFriendlyName> > <ImagePath>../img/clearpixel.gif</ImagePath> > </Module> > </Vector> > </sms> > <errorString/> > <size>19</size> > <title>Key Store</title> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <p>1</p> > <name>CA Setup Wizard</name> > <oms> > <Vector/> > </oms> > <defTok>Internal Key Storage Token</defTok> > <req/> > <panelname>module</panelname> ></response> >############################################# >Attempting to connect to: citinfra1.cbot:9445 >Connected. >Posting Query = https://citinfra1.cbot:9445//ca/admin/console/config/wizard?p=1&op=next&xml=true&choice=Internal+Key+Storage+Token >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Fri, 19 Oct 2012 22:03:26 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <machineName>citinfra1.cbot</machineName> > <panel>admin/console/config/securitydomainpanel.vm</panel> > <res/> > <showApplyButton/> > <initCommand>/sbin/service pki-cad</initCommand> > <sdomainName> Domain</sdomainName> > <sdomainURL>https://citinfra1.cbot:9445</sdomainURL> > <http_ee_port>80</http_ee_port> > <systemname>CA</systemname> > <title>Security Domain</title> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <sdomainAdminURL>https://citinfra1.cbot:9445</sdomainAdminURL> > <check_existingdomain/> > <name>CA Setup Wizard</name> > <https_ee_port>443</https_ee_port> > <https_admin_port>443</https_admin_port> > <panelname>securitydomain</panelname> > <https_agent_port>443</https_agent_port> > <cstype>CA</cstype> > <instanceId><security_domain_instance_name></instanceId> > <updateStatus>success</updateStatus> > <errorString/> > <size>19</size> > <p>3</p> > <check_newdomain>checked</check_newdomain> > <req/> > <wizardname>CA Setup Wizard</wizardname> ></response> >############################################# >Attempting to connect to: citinfra1.cbot:9445 >Connected. >Posting Query = https://citinfra1.cbot:9445//ca/admin/console/config/wizard?sdomainURL=https%3A%2F%2Fcitinfra1.cer.XXXXXXXX.com%3A443&sdomainName=&choice=existingdomain&p=3&op=next&xml=true >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Fri, 19 Oct 2012 22:03:26 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <panel>admin/console/config/displaycertchainpanel.vm</panel> > <res/> > <cstype>CA</cstype> > <showApplyButton/> > <updateStatus>success</updateStatus> > <sdomainURL>https://citinfra1.cer.XXXXXXXX.com:443</sdomainURL> > <errorString/> > <size>19</size> > <systemname>CA</systemname> > <certchain> > <Vector> Certificate: > Data: > Version: v3 > Serial Number: 0x1 > Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 > Issuer: CN=Certificate Authority,O=CITIUMADVISORS.COM > Validity: > Not Before: Thursday, December 8, 2011 5:58:09 PM CST America/Chicago > Not After: Sunday, December 8, 2019 5:58:09 PM CST America/Chicago > Subject: CN=Certificate Authority,O=CITIUMADVISORS.COM > Subject Public Key Info: > Algorithm: RSA - 1.2.840.113549.1.1.1 > Public Key: > Exponent: 65537 > Public Key Modulus: (2048 bits) : > CF:D5:17:BD:65:70:9D:2B:EA:EB:3B:2F:E4:07:9F:33: > 47:E7:63:25:32:4E:4E:BC:D3:90:2A:F2:4B:D1:BA:20: > 56:EC:60:5F:30:2F:13:A3:D6:52:BB:9B:B1:C3:89:0B: > 4E:93:67:F4:21:0F:DF:B8:7E:EB:E2:D3:8E:B5:37:F8: > 0C:19:D1:9E:EF:A7:39:71:B0:18:CB:4C:D3:4C:0E:FC: > 70:CB:4B:E5:72:F9:9B:A6:AF:6D:4A:22:1D:8B:C8:51: > 2A:2E:64:E5:4E:42:18:DB:E8:C4:08:40:E5:69:F2:A5: > 8E:A9:49:F4:6C:EE:7F:AB:9A:83:09:E7:05:96:8A:83: > C2:AE:97:0B:21:7D:64:0F:D7:76:CD:0C:64:8C:7A:5F: > 5B:5D:F7:01:B3:4D:D9:2C:3E:A3:9D:F8:08:75:DC:5D: > EA:1B:F4:DE:88:83:8E:E9:94:6D:0E:75:26:63:74:CE: > 95:2E:7A:9F:06:D8:E9:CE:AF:E2:46:64:8D:BC:D6:45: > D0:F9:5C:35:CD:DE:45:15:71:B6:58:2F:B1:7C:40:E7: > 17:B0:55:FC:3D:57:B2:92:C9:A3:9A:A1:AE:B6:8E:15: > D1:C0:58:2C:EB:C3:AF:92:24:A6:B6:71:E0:DA:2E:AC: > 2C:C2:58:79:0B:C9:32:B9:EF:ED:7A:B0:77:60:FA:61 > Extensions: > Identifier: Authority Key Identifier - 2.5.29.35 > Critical: no > Key Identifier: > D2:71:EE:CA:C3:18:C1:5A:D6:2F:EE:F9:52:FA:18:61: > 7F:EC:5B:F7 > Identifier: Basic Constraints - 2.5.29.19 > Critical: yes > Is CA: yes > Path Length Constraint: UNLIMITED > Identifier: Key Usage: - 2.5.29.15 > Critical: yes > Key Usage: > Digital Signature > Non Repudiation > Key CertSign > Crl Sign > Identifier: Subject Key Identifier - 2.5.29.14 > Critical: no > Key Identifier: > D2:71:EE:CA:C3:18:C1:5A:D6:2F:EE:F9:52:FA:18:61: > 7F:EC:5B:F7 > Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1 > Critical: no > Access Description: > Method #0: ocsp > Location #0: URIName: http://citinfra1.cer.XXXXXXXX.com:80/ca/ocsp > Signature: > Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 > Signature: > 74:D8:2F:BD:99:AB:56:7C:87:1C:30:A8:A8:04:7C:9C: > 23:BB:AB:10:D7:5D:52:BF:CF:1B:00:EF:0D:81:83:E5: > A7:A7:49:58:B8:0E:6E:AB:07:96:E4:59:08:29:DE:33: > 8F:BF:4E:57:00:DC:0C:E2:03:52:E8:E0:4D:F4:C4:CE: > F3:C0:F4:0B:E0:C6:02:0F:C1:12:5A:24:76:4C:A6:10: > A6:C9:B8:19:6B:E9:63:FC:8A:1C:00:13:64:0C:73:9F: > BB:49:2D:26:1A:8C:73:B4:65:2E:13:03:1D:19:31:89: > BF:3B:F4:CE:72:11:F7:09:D6:88:E5:CE:94:B5:36:7F: > 61:FE:5E:65:E4:BE:59:D5:91:F5:17:9C:0F:C7:DA:75: > 1E:35:3E:55:7B:A5:DC:A0:55:D0:1B:75:14:72:D5:DE: > 4C:16:92:46:7C:71:E2:9D:55:A4:24:99:1A:DF:E7:5F: > 90:7E:44:D4:62:7E:5C:2B:AF:BF:67:5F:43:E8:E3:44: > A5:E7:61:E1:D7:2B:70:AA:78:E1:5E:7E:AA:39:71:9F: > 87:AD:E7:D1:0E:48:D0:6A:03:37:FA:95:68:5E:01:96: > 6A:82:45:BA:F7:CC:14:E2:D0:E0:0A:1F:8E:D8:2E:90: > AB:FA:D3:64:FB:91:8F:B5:A0:E5:23:BD:FE:E9:AB:F0 > FingerPrint > MD2: > 0C:78:86:39:E5:C2:AF:B1:F9:F3:D2:11:99:F5:86:34 > MD5: > CF:98:70:D5:1B:B8:A3:D4:B0:E0:CD:94:5F:6E:EF:23 > SHA1: > 3E:77:A6:AF:43:22:F9:F2:B6:FA:13:34:63:6E:DE:8D: > DC:D6:4E:50 > SHA256: > 3C:3E:47:DA:D6:68:A8:F9:DD:B9:47:67:8E:2B:5C:2D: > 24:1F:F3:7F:55:E2:EF:E0:2E:04:B2:2B:30:4E:65:49 > SHA512: > C8:1C:EC:90:7B:26:8D:19:04:F8:CA:B5:78:26:A2:1B: > 30:76:35:81:4F:47:BB:6F:16:0C:23:C7:2A:FA:94:9C: > F5:8F:5C:B7:53:C2:69:6D:89:91:BF:D5:76:1D:5C:6D: > 6B:96:96:0E:F6:8E:C6:CF:7F:E9:25:56:54:16:E6:B4 ></Vector> > </certchain> > <title>Display Certificate Chain</title> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <p>4</p> > <panelid>securitydomain</panelid> > <name>CA Setup Wizard</name> > <req/> > <wizardname>CA Setup Wizard</wizardname> > <panelname>securitydomain</panelname> ></response> >############################################# >Attempting to connect to: citinfra1.cbot:9445 >Connected. >Posting Query = https://citinfra1.cbot:9445//ca/admin/console/config/wizard?p=4&op=next&xml=true >RESPONSE STATUS: HTTP/1.1 302 Moved Temporarily >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Location: https://citinfra1.cer.XXXXXXXX.com:443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fcitinfra1.cbot%3A9445%2Fca%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DCA >RESPONSE HEADER: Content-Type: text/html;charset=UTF-8 >RESPONSE HEADER: Content-Length: 0 >RESPONSE HEADER: Date: Fri, 19 Oct 2012 22:03:28 GMT >RESPONSE HEADER: Connection: keep-alive >############################################# >Attempting to connect to: citinfra1.cer.XXXXXXXX.com:443 >in TestCertApprovalCallback.approve() >Peer cert details: > subject: CN=citinfra1.cer.XXXXXXXX.com,O=CITIUMADVISORS.COM > issuer: CN=Certificate Authority,O=CITIUMADVISORS.COM > serial: 10 >item 1 reason=-8172 depth=1 > cert details: > subject: CN=Certificate Authority,O=CITIUMADVISORS.COM > issuer: CN=Certificate Authority,O=CITIUMADVISORS.COM > serial: 1 >importing certificate. >Connected. >Posting Query = https://citinfra1.cer.XXXXXXXX.com:443//ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fcitinfra1.cbot%3A9445%2Fca%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DCA >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Date: Fri, 19 Oct 2012 22:03:32 GMT >RESPONSE HEADER: Content-Type: text/html;charset=UTF-8 >RESPONSE HEADER: Connection: close >############################################# >Attempting to connect to: citinfra1.cer.XXXXXXXX.com:443 >Connected. >Posting Query = https://citinfra1.cer.XXXXXXXX.com:443//ca/admin/ca/getCookie?uid=admin&pwd=XXXXXXXX&url=https%3A%2F%2Fcitinfra1.cbot%3A9445%2Fca%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DCA >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Date: Fri, 19 Oct 2012 22:03:32 GMT >RESPONSE HEADER: Content-Type: text/html; charset=UTF-8 >RESPONSE HEADER: Connection: close >SUBCA_SESSION_ID=6563473587693418875 >SUBCA_URL=https://citinfra1.cbot:9445/ca/admin/console/config/wizard?p=5&subsystem=CA >############################################# >Attempting to connect to: citinfra1.cbot:9445 >Connected. >Posting Query = https://citinfra1.cbot:9445//ca/admin/console/config/wizard?p=5&subsystem=CA&session_id=6563473587693418875&xml=true >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: text/html;charset=UTF-8 >RESPONSE HEADER: Date: Fri, 19 Oct 2012 22:03:28 GMT >RESPONSE HEADER: Connection: close >urls =0 >############################################# >Attempting to connect to: citinfra1.cbot:9445 >Connected. >Posting Query = https://citinfra1.cbot:9445//ca/admin/console/config/wizard?p=5&op=next&xml=true&choice=clonesubsystem&subsystemName=pki-cad&urls=0 >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Fri, 19 Oct 2012 22:03:29 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <panel>admin/console/config/displaycertchainpanel.vm</panel> > <res/> > <showApplyButton/> > <updateStatus>success</updateStatus> > <errorString/> > <size>19</size> > <title>Display Certificate Chain</title> > <certchain> > <Vector> Certificate: > Data: > Version: v3 > Serial Number: 0x1 > Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 > Issuer: CN=Certificate Authority,O=CITIUMADVISORS.COM > Validity: > Not Before: Thursday, December 8, 2011 5:58:09 PM CST America/Chicago > Not After: Sunday, December 8, 2019 5:58:09 PM CST America/Chicago > Subject: CN=Certificate Authority,O=CITIUMADVISORS.COM > Subject Public Key Info: > Algorithm: RSA - 1.2.840.113549.1.1.1 > Public Key: > Exponent: 65537 > Public Key Modulus: (2048 bits) : > CF:D5:17:BD:65:70:9D:2B:EA:EB:3B:2F:E4:07:9F:33: > 47:E7:63:25:32:4E:4E:BC:D3:90:2A:F2:4B:D1:BA:20: > 56:EC:60:5F:30:2F:13:A3:D6:52:BB:9B:B1:C3:89:0B: > 4E:93:67:F4:21:0F:DF:B8:7E:EB:E2:D3:8E:B5:37:F8: > 0C:19:D1:9E:EF:A7:39:71:B0:18:CB:4C:D3:4C:0E:FC: > 70:CB:4B:E5:72:F9:9B:A6:AF:6D:4A:22:1D:8B:C8:51: > 2A:2E:64:E5:4E:42:18:DB:E8:C4:08:40:E5:69:F2:A5: > 8E:A9:49:F4:6C:EE:7F:AB:9A:83:09:E7:05:96:8A:83: > C2:AE:97:0B:21:7D:64:0F:D7:76:CD:0C:64:8C:7A:5F: > 5B:5D:F7:01:B3:4D:D9:2C:3E:A3:9D:F8:08:75:DC:5D: > EA:1B:F4:DE:88:83:8E:E9:94:6D:0E:75:26:63:74:CE: > 95:2E:7A:9F:06:D8:E9:CE:AF:E2:46:64:8D:BC:D6:45: > D0:F9:5C:35:CD:DE:45:15:71:B6:58:2F:B1:7C:40:E7: > 17:B0:55:FC:3D:57:B2:92:C9:A3:9A:A1:AE:B6:8E:15: > D1:C0:58:2C:EB:C3:AF:92:24:A6:B6:71:E0:DA:2E:AC: > 2C:C2:58:79:0B:C9:32:B9:EF:ED:7A:B0:77:60:FA:61 > Extensions: > Identifier: Authority Key Identifier - 2.5.29.35 > Critical: no > Key Identifier: > D2:71:EE:CA:C3:18:C1:5A:D6:2F:EE:F9:52:FA:18:61: > 7F:EC:5B:F7 > Identifier: Basic Constraints - 2.5.29.19 > Critical: yes > Is CA: yes > Path Length Constraint: UNLIMITED > Identifier: Key Usage: - 2.5.29.15 > Critical: yes > Key Usage: > Digital Signature > Non Repudiation > Key CertSign > Crl Sign > Identifier: Subject Key Identifier - 2.5.29.14 > Critical: no > Key Identifier: > D2:71:EE:CA:C3:18:C1:5A:D6:2F:EE:F9:52:FA:18:61: > 7F:EC:5B:F7 > Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1 > Critical: no > Access Description: > Method #0: ocsp > Location #0: URIName: http://citinfra1.cer.XXXXXXXX.com:80/ca/ocsp > Signature: > Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 > Signature: > 74:D8:2F:BD:99:AB:56:7C:87:1C:30:A8:A8:04:7C:9C: > 23:BB:AB:10:D7:5D:52:BF:CF:1B:00:EF:0D:81:83:E5: > A7:A7:49:58:B8:0E:6E:AB:07:96:E4:59:08:29:DE:33: > 8F:BF:4E:57:00:DC:0C:E2:03:52:E8:E0:4D:F4:C4:CE: > F3:C0:F4:0B:E0:C6:02:0F:C1:12:5A:24:76:4C:A6:10: > A6:C9:B8:19:6B:E9:63:FC:8A:1C:00:13:64:0C:73:9F: > BB:49:2D:26:1A:8C:73:B4:65:2E:13:03:1D:19:31:89: > BF:3B:F4:CE:72:11:F7:09:D6:88:E5:CE:94:B5:36:7F: > 61:FE:5E:65:E4:BE:59:D5:91:F5:17:9C:0F:C7:DA:75: > 1E:35:3E:55:7B:A5:DC:A0:55:D0:1B:75:14:72:D5:DE: > 4C:16:92:46:7C:71:E2:9D:55:A4:24:99:1A:DF:E7:5F: > 90:7E:44:D4:62:7E:5C:2B:AF:BF:67:5F:43:E8:E3:44: > A5:E7:61:E1:D7:2B:70:AA:78:E1:5E:7E:AA:39:71:9F: > 87:AD:E7:D1:0E:48:D0:6A:03:37:FA:95:68:5E:01:96: > 6A:82:45:BA:F7:CC:14:E2:D0:E0:0A:1F:8E:D8:2E:90: > AB:FA:D3:64:FB:91:8F:B5:A0:E5:23:BD:FE:E9:AB:F0 > FingerPrint > MD2: > 0C:78:86:39:E5:C2:AF:B1:F9:F3:D2:11:99:F5:86:34 > MD5: > CF:98:70:D5:1B:B8:A3:D4:B0:E0:CD:94:5F:6E:EF:23 > SHA1: > 3E:77:A6:AF:43:22:F9:F2:B6:FA:13:34:63:6E:DE:8D: > DC:D6:4E:50 > SHA256: > 3C:3E:47:DA:D6:68:A8:F9:DD:B9:47:67:8E:2B:5C:2D: > 24:1F:F3:7F:55:E2:EF:E0:2E:04:B2:2B:30:4E:65:49 > SHA512: > C8:1C:EC:90:7B:26:8D:19:04:F8:CA:B5:78:26:A2:1B: > 30:76:35:81:4F:47:BB:6F:16:0C:23:C7:2A:FA:94:9C: > F5:8F:5C:B7:53:C2:69:6D:89:91:BF:D5:76:1D:5C:6D: > 6B:96:96:0E:F6:8E:C6:CF:7F:E9:25:56:54:16:E6:B4 ></Vector> > </certchain> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <p>6</p> > <name>CA Setup Wizard</name> > <panelid>other</panelid> > <req/> > <panelname>clone</panelname> ></response> >############################################# >Attempting to connect to: citinfra1.cbot:9445 >Connected. >Posting Query = https://citinfra1.cbot:9445//ca/admin/console/config/wizard?p=6&op=next&xml=true >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Fri, 19 Oct 2012 22:03:29 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <panel>admin/console/config/restorekeycertpanel.vm</panel> > <res/> > <showApplyButton/> > <updateStatus>success</updateStatus> > <password/> > <errorString/> > <size>19</size> > <title>Import Keys and Certificates</title> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <name>CA Setup Wizard</name> > <p>7</p> > <path/> > <req/> > <panelname>restorekeys</panelname> ></response> >############################################# >Attempting to connect to: citinfra1.cbot:9445 >Connected. >Posting Query = https://citinfra1.cbot:9445//ca/admin/console/config/wizard?p=7&op=next&xml=true&__password=XXXXXXXX&path=ca.p12 >RESPONSE STATUS: HTTP/1.1 200 OK >RESPONSE HEADER: Server: Apache-Coyote/1.1 >RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8 >RESPONSE HEADER: Date: Fri, 19 Oct 2012 22:03:29 GMT >RESPONSE HEADER: Connection: close ><?xml version="1.0" encoding="UTF-8"?> ><!-- BEGIN COPYRIGHT BLOCK > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; version 2 of the License. > > This program is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License along > with this program; if not, write to the Free Software Foundation, Inc., > 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > > Copyright (C) 2007 Red Hat, Inc. > All rights reserved. > END COPYRIGHT BLOCK --> ><response> > <panel>admin/console/config/restorekeycertpanel.vm</panel> > <res/> > <updateStatus>failure</updateStatus> > <password/> > <errorString>The pkcs12 file is not correct.</errorString> > <size>19</size> > <title>Import Keys and Certificates</title> > <panels> > <Vector> > <Panel> > <Id>welcome</Id> > <Name>Welcome</Name> > </Panel> > <Panel> > <Id>module</Id> > <Name>Key Store</Name> > </Panel> > <Panel> > <Id>confighsmlogin</Id> > <Name>ConfigHSMLogin</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Security Domain</Name> > </Panel> > <Panel> > <Id>securitydomain</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>subsystem</Id> > <Name>Subsystem Type</Name> > </Panel> > <Panel> > <Id>clone</Id> > <Name>Display Certificate Chain</Name> > </Panel> > <Panel> > <Id>restorekeys</Id> > <Name>Import Keys and Certificates</Name> > </Panel> > <Panel> > <Id>cahierarchy</Id> > <Name>PKI Hierarchy</Name> > </Panel> > <Panel> > <Id>database</Id> > <Name>Internal Database</Name> > </Panel> > <Panel> > <Id>size</Id> > <Name>Key Pairs</Name> > </Panel> > <Panel> > <Id>subjectname</Id> > <Name>Subject Names</Name> > </Panel> > <Panel> > <Id>certrequest</Id> > <Name>Requests and Certificates</Name> > </Panel> > <Panel> > <Id>backupkeys</Id> > <Name>Export Keys and Certificates</Name> > </Panel> > <Panel> > <Id>savepk12</Id> > <Name>Save Keys and Certificates</Name> > </Panel> > <Panel> > <Id>importcachain</Id> > <Name>Import CA's Certificate Chain</Name> > </Panel> > <Panel> > <Id>admin</Id> > <Name>Administrator</Name> > </Panel> > <Panel> > <Id>importadmincert</Id> > <Name>Import Administrator's Certificate</Name> > </Panel> > <Panel> > <Id>done</Id> > <Name>Done</Name> > </Panel> > </Vector> > </panels> > <name>CA Setup Wizard</name> > <p>7</p> > <path/> > <req/> > <panelname>restorekeys</panelname> ></response> >Error in RestoreKeyCertPanel(): updateStatus returns failure >ERROR: ConfigureCA: RestoreKeyCertPanel() failure >ERROR: unable to create CA > >####################################################################### > >2012-10-19 17:03:29,882 DEBUG stderr= >2012-10-19 17:03:29,882 CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent 'ConfigureCA' '-cs_hostname' 'citinfra1.cbot' '-cs_port' '9445' '-client_certdb_dir' '/tmp/tmp-97hH6A' '-client_certdb_pwd' XXXXXXXX '-preop_pin' 'PI9vTkwI75VfpabVTSsY' '-domain_name' 'IPA' '-admin_user' 'admin' '-admin_email' 'root@localhost' '-admin_password' XXXXXXXX '-agent_name' 'ipa-ca-agent' '-agent_key_size' '2048' '-agent_key_type' 'rsa' '-agent_cert_subject' 'CN=ipa-ca-agent,O=CITIUMADVISORS.COM' '-ldap_host' 'citinfra1.cbot' '-ldap_port' '7389' '-bind_dn' 'cn=Directory Manager' '-bind_password' XXXXXXXX '-base_dn' 'o=ipaca' '-db_name' 'ipaca' '-key_size' '2048' '-key_type' 'rsa' '-key_algorithm' 'SHA256withRSA' '-save_p12' 'true' '-backup_pwd' XXXXXXXX '-subsystem_name' 'pki-cad' '-token_name' 'internal' '-ca_subsystem_cert_subject_name' 'CN=CA Subsystem,O=CITIUMADVISORS.COM' '-ca_ocsp_cert_subject_name' 'CN=OCSP Subsystem,O=CITIUMADVISORS.COM' '-ca_server_cert_subject_name' 'CN=citinfra1.cbot,O=CITIUMADVISORS.COM' '-ca_audit_signing_cert_subject_name' 'CN=CA Audit,O=CITIUMADVISORS.COM' '-ca_sign_cert_subject_name' 'CN=Certificate Authority,O=CITIUMADVISORS.COM' '-external' 'false' '-clone' 'true' '-clone_p12_file' 'ca.p12' '-clone_p12_password' XXXXXXXX '-sd_hostname' 'citinfra1.cer.XXXXXXXX.com' '-sd_admin_port' '443' '-sd_admin_name' 'admin' '-sd_admin_password' XXXXXXXX '-clone_start_tls' 'true' '-clone_uri' 'https://citinfra1.cer.XXXXXXXX.com:443'' returned non-zero exit status 255 >2012-10-19 17:03:29,883 DEBUG Configuration of CA failed > File "/usr/sbin/ipa-replica-install", line 482, in <module> > main() > > File "/usr/sbin/ipa-replica-install", line 427, in main > (CA, cs) = cainstance.install_replica_ca(config) > > File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 1136, in install_replica_ca > subject_base=config.subject_base) > > File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 537, in configure_instance > self.start_creation("Configuring certificate server", 210) > > File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 248, in start_creation > method() > > File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 680, in __configure_instance > raise RuntimeError('Configuration of CA failed') >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=631762">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 862437
:
631761
| 631762