Bug 490645

Created attachment 335524 [details]
sos report tarball

Looks like a small typo.

Index: ../../base/silent/src/drm/ConfigureDRM.java
===================================================================
--- ../../base/silent/src/drm/ConfigureDRM.java (revision 296)
+++ ../../base/silent/src/drm/ConfigureDRM.java (working copy)
@@ -510,7 +510,7 @@
                                "&sslserver=" + 
                                URLEncoder.encode(drm_server_cert_subject_name) + 
                                 "&audit_signing=" +
-                                URLEncoder.encode(drm_audit_signing_cert_name) + 
+                                URLEncoder.encode(drm_audit_signing_cert_subject_name) + 
                                "&urls=" + 
                                URLEncoder.encode(domain_url) + 
                                ""; 


Index: ../../base/silent/src/drm/ConfigureDRM.java
===================================================================
--- ../../base/silent/src/drm/ConfigureDRM.java (revision 296)
+++ ../../base/silent/src/drm/ConfigureDRM.java (working copy)
@@ -510,7 +510,7 @@
                                "&sslserver=" + 
                                URLEncoder.encode(drm_server_cert_subject_name) + 
                                 "&audit_signing=" +
-                                URLEncoder.encode(drm_audit_signing_cert_name) + 
+                                URLEncoder.encode(drm_audit_signing_cert_subject_name) + 
                                "&urls=" + 
                                URLEncoder.encode(domain_url) + 
                                ""; 
[builder@dhcp231-124 silent]$ vi 
build_dogtag     config/          config-ext/      pki-silent.spec  .svn/            
[builder@dhcp231-124 silent]$ vi pki-silent.spec 
[builder@dhcp231-124 silent]$ svn diff
Index: pki-silent.spec
===================================================================
--- pki-silent.spec     (revision 296)
+++ pki-silent.spec     (working copy)
@@ -33,7 +33,7 @@
 ## Package Header Definitions
 %define base_name         %{base_prefix}-%{base_component}
 %define base_version      1.0.0
-%define base_release      9
+%define base_release      10
 %define base_group        System Environment/Shells
 %define base_vendor       Red Hat, Inc.
 %define base_license      GPLv2 with exceptions
@@ -234,6 +234,8 @@
 ###############################################################################
 
 %changelog
+* Tue Mar 17 2009 Ade Lee <alee> 1.0.0-10
+- Bugzilla Bug #490645 - DRM fails to configure
 * Tue Mar 10 2009 Ade Lee <alee> 1.0.0-9
 - Bugzilla Bug #489057 - Add audit_signing cert to drm, ocsp, tks 
 * Fri Feb 20 2009 Ade Lee <alee> 1.0.0-8

[builder@dhcp231-124 silent]$ svn ci -m "BZ490645: DRM fails to install" ../../base/silent pki-silent.spec 
Sending        base/silent/src/drm/ConfigureDRM.java
Sending        dogtag/silent/pki-silent.spec
Transmitting file data ..
Committed revision 300.

incidentally, Chandra - I noticed one thing that was different from my invocations and yours .. you provide token_pwd as an option (and I do not)
 and I provide backup_pwd (and you do not).

Probably not related to your issue ...

tested with today's 2nd build - 20090317 around 4pm PST.

Still seeing the same problem.

CA's debug log has this...

[17/Mar/2009:19:20:53][http-9444-Processor25]: xx Start parsePKCS10 MIICbjCCAVYCAQAwKTEPMA0GA1UEChMGcmVkaGF0MRYwFAYDVQQDEw1wa2kta3JhLWF1ZGl0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvVkQ6m06JnQYEKKs+O9Ljlumk827Gv4bkbpQ1fIoMaSO39O/5WWmv5+r8ySAEF7eWpbFeYZmQcLsM9hecsuWQ9+IaoIcbhkEcNblBQShzOJ/C6rWkMA+NQapM1NwlOxFDQUDDeHha8tOuNF5gvPOW9IkOS9EXI7Ek2aXaIzh+YmytXCBe6xb+FY0dgfBxpcCQJgR4zUVLpL2qwTj65tTDJdc6eE88zCDG6fdMJVyNuRA+XhmMzyPkqU4U4nOMUQ25+TubQiPHel1IGl3hdmSKx7A3PqArZqtkrspf4sLjjwJSw+XSCD23La1YjyD3zGoRGDqX2nIiKqYWQUTzyBPQIDAQABoAAwDQYJKoZIhvcNAQEEBQADggEBAEv3gdsX36LW8VvEN6abfmmFVPysMaElBVeq59fEFhklSoXX8bqvkxLyajep/e6lB6y9zDW9e2c2Eo+hz2T1csnfD2+ji4zEz9UKfiMV2MW1e4Wm8KDp6F5uVmdSpjb2QEtOAGZlQOwzRFVyBqWcWYEWmdT4QkEHgrbZrqQ8mpcHIDAuhJbdRvYnorMoVfvE+5yJ/rBoLCAYtD3HT1/zVr8lsXmualS/37ivnQ+yrscLAe1rUzLAaMf7ngV9v0X/afh1x7EgVrulNXxC//WVyu2ulpSM3LAOgga6Ls6vXFwPIOfOx+k4akHelrL0nzPQ88xGRDYCX6flOKuNp+Mk2z4=
[17/Mar/2009:19:20:53][http-9444-Processor25]: EnrollProfile: parsePKCS10: signature verification enabled
[17/Mar/2009:19:20:53][http-9444-Processor25]: EnrollProfile: parsePKCS10 setting thread token
[17/Mar/2009:19:20:53][http-9444-Processor25]: EnrollProfile: parsePKCS10 restoring thread token
java.lang.NullPointerException
        at com.netscape.cms.profile.common.EnrollProfile.createEnrollmentRequest(EnrollProfile.java:182)
        at com.netscape.cms.profile.common.EnrollProfile.createRequests(EnrollProfile.java:120)
        at com.netscape.cms.servlet.profile.ProfileSubmitServlet.process(ProfileSubmitServlet.java:983)
        at com.netscape.cms.servlet.base.CMSServlet.service(CMSServlet.java:500)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:542)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
        at java.lang.Thread.run(Thread.java:636)
[17/Mar/2009:19:20:53][http-9444-Processor25]: ProfileSubmitServlet: createRequests java.lang.NullPointerException


+ pkisilent ConfigureDRM -cs_hostname sterope.idm.lab.bos.redhat.com -cs_port 10444 -sd_hostname sterope.idm.lab.bos.redhat.com -sd_ssl_port 9444 -sd_admin_name admin -sd_admin_password Secret123 -ca_hostname sterope.idm.lab.bos.redhat.com -ca_port 9180 -ca_ssl_port 9444 -client_certdb_dir /tmp/ -client_certdb_pwd netscape -preop_pin VGoNHd96lsPI6XRiocFo -domain_name pkitest -admin_user admin -admin_password Secret123 -admin_email 'pkitest\@redhat.com' -agent_name pki-agent-kra-01 -ldap_host localhost -ldap_port 389 -bind_dn '"cn=directory' 'manager"' -bind_password Secret123 -base_dn o=kra01 -db_name kra01 -key_size 2048 -key_type rsa -token_name internal -token_pwd netscape -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=pki-agent-kra-01,O=redhat -subsystem_name pki-test-kra -drm_transport_cert_subject_name CN=pki-kra-transport,O=redhat -drm_subsystem_cert_subject_name CN=pki-kra-subsystem,O=redhat -drm_storage_cert_subject_name CN=pki-kra-storage,O=redhat -drm_server_cert_subject_name CN=sterope.idm.lab.bos.redhat.com,O=redhat -drm_audit_signing_cert_subject_name CN=pki-kra-audit,O=redhat
libpath=/usr/lib
[Fatal Error] :-1:-1: Premature end of file.
org.xml.sax.SAXParseException: Premature end of file.
        at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
        at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
        at javax.xml.parsers.DocumentBuilder.parse(Unknown Source)
        at ParseXML.parse(ParseXML.java:43)
        at ConfigureDRM.DisplayChainPanel(ConfigureDRM.java:244)
        at ConfigureDRM.ConfigureDRMInstance(ConfigureDRM.java:833)
        at ConfigureDRM.main(ConfigureDRM.java:1170)
Exception in thread "main" java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
        at java.util.ArrayList.rangeCheck(ArrayList.java:571)
        at java.util.ArrayList.get(ArrayList.java:349)
        at ConfigureDRM.CertSubjectPanel(ConfigureDRM.java:538)
        at ConfigureDRM.ConfigureDRMInstance(ConfigureDRM.java:888)
        at ConfigureDRM.main(ConfigureDRM.java:1170)
#######################################################################

Created attachment 335745 [details]
pkisilent output

I tried a manual install and that works fine.

here's how I configured the CA with pkisilent

+ pkisilent ConfigureCA -cs_hostname sterope.idm.lab.bos.redhat.com -cs_port 9444 -client_certdb_dir /tmp/ -client_certdb_pwd netscape -preop_pin 55Kbtg0rWKV4wyvuhfWT -domain_name pkitest -admin_user admin -admin_password Secret123 -admin_email 'pkitest\@redhat.com' -agent_name pki-agent-ca-01 -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=pki-agent-ca-01,O=redhat -ldap_host localhost -ldap_port 389 -bind_dn '"cn=directory' 'manager"' -bind_password Secret123 -base_dn o=ca01 -db_name ca01 -key_size 2048 -key_type rsa -save_p12 false -subsystem_name pki-test-ca -token_name internal -token_pwd netscape -ca_sign_cert_subject_name CN=pki-test-ca,O=redhat -ca_subsystem_cert_subject_name CN=subsystem-sterope.idm.lab.bos.redhat.com,O=redhat -ca_ocsp_cert_subject_name CN=ocsp-sterope.idm.lab.bos.redhat.com,O=redhat -ca_server_cert_subject_name CN=sterope.idm.lab.bos.redhat.com,O=redhat -ca_audit_signing_cert_subject_name CN=audit-sterope.idm.lab.bos.redhat.com,O=redhat

with selinux in permissive mode, I see these during DRM configuration with silent install ...

Mar 18 15:35:57 sterope yum: Installed: wsdl4j-1.5.2-4jpp.1.i386
Mar 18 15:36:02 sterope yum: Installed: axis-1.2.1-2jpp.6.i386
Mar 18 15:36:05 sterope yum: Installed: 1:mx4j-3.0.1-6jpp.4.i386
Mar 18 15:36:07 sterope yum: Installed: geronimo-specs-1.0-0.M2.2jpp.12.i386
Mar 18 15:36:08 sterope yum: Installed: jakarta-commons-modeler-1.1-8jpp.3.el5.i386
Mar 18 15:36:09 sterope yum: Installed: geronimo-specs-compat-1.0-0.M2.2jpp.12.i386
Mar 18 15:36:11 sterope yum: Installed: tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.i386
Mar 18 15:36:12 sterope yum: Installed: avalon-logkit-1.2-4jpp.3.i386
Mar 18 15:36:14 sterope yum: Installed: velocity-1.4-6jpp.1.i386
Mar 18 15:36:18 sterope yum: Installed: tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.i386
Mar 18 15:36:21 sterope yum: Installed: tomcat5-5.5.23-0jpp.7.el5_2.1.i386
Mar 18 15:36:21 sterope yum: Installed: tomcatjss-1.1.0-12.el5idm.noarch
Mar 18 15:36:22 sterope yum: Installed: pki-common-8.0.0-9.alpha.noarch
Mar 18 15:36:31 sterope setroubleshoot: SELinux is preventing runuser (initrc_t) "search" to <Unknown> (unlabeled_t). For complete SELinux messages. run sealert -l 28f52789-ddf0-47f6-9bdd-3198d1279cb3
Mar 18 15:36:32 sterope setroubleshoot: SELinux is preventing java (pki_ocsp_t) "getattr" to /var/lib/tomcat5/common/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 869157ad-b06c-4485-9022-4738ebc26c01
Mar 18 15:36:32 sterope setroubleshoot: SELinux is preventing java (pki_ocsp_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l ddf4d7f9-cf06-44f2-a0cf-ae55ce610106
Mar 18 15:36:32 sterope setroubleshoot: SELinux is preventing java (pki_ocsp_t) "getattr" to /var/lib/tomcat5/server/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 804ed4a8-1856-4f04-8ec7-fed051914cce
Mar 18 15:36:32 sterope setroubleshoot: SELinux is preventing java (pki_ocsp_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l ddf4d7f9-cf06-44f2-a0cf-ae55ce610106
Mar 18 15:36:37 sterope yum: Installed: pki-ocsp-8.0.0-11.alpha.noarch
Mar 18 15:36:47 sterope setroubleshoot: SELinux is preventing runuser (initrc_t) "search" to <Unknown> (unlabeled_t). For complete SELinux messages. run sealert -l 28f52789-ddf0-47f6-9bdd-3198d1279cb3
Mar 18 15:36:47 sterope setroubleshoot: SELinux is preventing java (pki_tks_t) "signull" to <Unknown> (pki_ocsp_t). For complete SELinux messages. run sealert -l 498ac80e-8449-4259-b40c-99bc86bfbcf1
Mar 18 15:36:48 sterope setroubleshoot: SELinux is preventing java (pki_tks_t) "signull" to <Unknown> (pki_ocsp_t). For complete SELinux messages. run sealert -l 498ac80e-8449-4259-b40c-99bc86bfbcf1
Mar 18 15:36:48 sterope setroubleshoot: SELinux is preventing java (pki_tks_t) "getattr" to /var/lib/tomcat5/common/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l de050d88-847b-49ef-bc6f-65e87147e509
Mar 18 15:36:48 sterope setroubleshoot: SELinux is preventing java (pki_tks_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 9e1d8799-eb4d-4adc-9177-8a50ba3caa84
Mar 18 15:36:48 sterope setroubleshoot: SELinux is preventing java (pki_tks_t) "getattr" to /var/lib/tomcat5/server/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 26d1df76-f356-41dc-bf37-f898dfeb7148
Mar 18 15:36:48 sterope setroubleshoot: SELinux is preventing java (pki_tks_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 9e1d8799-eb4d-4adc-9177-8a50ba3caa84
Mar 18 15:36:53 sterope yum: Installed: pki-tks-8.0.0-11.alpha.noarch
Mar 18 15:36:53 sterope yum: Installed: pki-silent-8.0.0-6.alpha.noarch
Mar 18 15:37:01 sterope setroubleshoot: SELinux is preventing runuser (initrc_t) "search" to <Unknown> (unlabeled_t). For complete SELinux messages. run sealert -l 28f52789-ddf0-47f6-9bdd-3198d1279cb3
Mar 18 15:37:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_tks_t). For complete SELinux messages. run sealert -l 7ceab370-8236-478a-beac-67a1970298c0
Mar 18 15:37:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_ocsp_t). For complete SELinux messages. run sealert -l f042bf00-bf92-4efa-ae61-9fbd0d7b8889
Mar 18 15:37:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_tks_t). For complete SELinux messages. run sealert -l 7ceab370-8236-478a-beac-67a1970298c0
Mar 18 15:37:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_ocsp_t). For complete SELinux messages. run sealert -l f042bf00-bf92-4efa-ae61-9fbd0d7b8889
Mar 18 15:37:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "getattr" to /var/lib/tomcat5/common/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 7e126917-27cb-4d96-8051-ff1edea02357
Mar 18 15:37:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 87eef60c-9b76-4577-b63f-be2413b6b29f
Mar 18 15:37:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "getattr" to /var/lib/tomcat5/server/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l bf9b70aa-0a11-44e1-9605-dcd35506be2e
Mar 18 15:37:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 87eef60c-9b76-4577-b63f-be2413b6b29f
Mar 18 15:37:07 sterope yum: Installed: pki-kra-8.0.0-11.alpha.noarch
Mar 18 15:37:17 sterope setroubleshoot: SELinux is preventing runuser (initrc_t) "search" to <Unknown> (unlabeled_t). For complete SELinux messages. run sealert -l 28f52789-ddf0-47f6-9bdd-3198d1279cb3
Mar 18 15:37:18 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "getattr" to /var/lib/tomcat5/common/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l f590db33-7d50-4e8e-9fc4-98baebee1770
Mar 18 15:37:18 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 51b377dd-5fe0-4a78-9af6-4be23350837d
Mar 18 15:37:18 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "getattr" to /var/lib/tomcat5/server/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 9ee0d875-d5a1-4baf-a4a0-7f5092016499
Mar 18 15:37:18 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 51b377dd-5fe0-4a78-9af6-4be23350837d
Mar 18 15:37:23 sterope yum: Installed: pki-ca-8.0.0-11.alpha.noarch
Mar 18 15:41:24 sterope setroubleshoot: SELinux is preventing runuser (initrc_t) "search" to <Unknown> (unlabeled_t). For complete SELinux messages. run sealert -l 28f52789-ddf0-47f6-9bdd-3198d1279cb3
Mar 18 15:41:24 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "getattr" to /var/lib/tomcat5/common/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l f590db33-7d50-4e8e-9fc4-98baebee1770
Mar 18 15:41:24 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 51b377dd-5fe0-4a78-9af6-4be23350837d
Mar 18 15:41:24 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "getattr" to /var/lib/tomcat5/server/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 9ee0d875-d5a1-4baf-a4a0-7f5092016499
Mar 18 15:41:24 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 51b377dd-5fe0-4a78-9af6-4be23350837d
Mar 18 15:42:01 sterope setroubleshoot: SELinux is preventing runuser (initrc_t) "search" to <Unknown> (unlabeled_t). For complete SELinux messages. run sealert -l 28f52789-ddf0-47f6-9bdd-3198d1279cb3
Mar 18 15:42:01 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_tks_t). For complete SELinux messages. run sealert -l 7ceab370-8236-478a-beac-67a1970298c0
Mar 18 15:42:01 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_ocsp_t). For complete SELinux messages. run sealert -l f042bf00-bf92-4efa-ae61-9fbd0d7b8889
Mar 18 15:42:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_tks_t). For complete SELinux messages. run sealert -l 7ceab370-8236-478a-beac-67a1970298c0
Mar 18 15:42:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_ocsp_t). For complete SELinux messages. run sealert -l f042bf00-bf92-4efa-ae61-9fbd0d7b8889
Mar 18 15:42:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "getattr" to /var/lib/tomcat5/common/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 7e126917-27cb-4d96-8051-ff1edea02357
Mar 18 15:42:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 87eef60c-9b76-4577-b63f-be2413b6b29f
Mar 18 15:42:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "getattr" to /var/lib/tomcat5/server/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l bf9b70aa-0a11-44e1-9605-dcd35506be2e
Mar 18 15:42:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 87eef60c-9b76-4577-b63f-be2413b6b29f
Mar 18 15:42:53 sterope setroubleshoot: SELinux is preventing runuser (initrc_t) "search" to <Unknown> (unlabeled_t). For complete SELinux messages. run sealert -l 28f52789-ddf0-47f6-9bdd-3198d1279cb3
Mar 18 15:42:54 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "getattr" to /var/lib/tomcat5/common/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l f590db33-7d50-4e8e-9fc4-98baebee1770
Mar 18 15:42:54 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 51b377dd-5fe0-4a78-9af6-4be23350837d
Mar 18 15:43:00 sterope setroubleshoot: SELinux is preventing runuser (initrc_t) "search" to <Unknown> (unlabeled_t). For complete SELinux messages. run sealert -l 28f52789-ddf0-47f6-9bdd-3198d1279cb3
Mar 18 15:43:00 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_tks_t). For complete SELinux messages. run sealert -l 7ceab370-8236-478a-beac-67a1970298c0
Mar 18 15:43:00 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_ocsp_t). For complete SELinux messages. run sealert -l f042bf00-bf92-4efa-ae61-9fbd0d7b8889
Mar 18 15:43:00 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "getattr" to /var/lib/tomcat5/common/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 7e126917-27cb-4d96-8051-ff1edea02357
Mar 18 15:43:00 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 87eef60c-9b76-4577-b63f-be2413b6b29f
Mar 18 15:55:09 sterope dhclient: DHCPREQUEST on eth0 to 10.16.98.150 port 67
Mar 18 15:55:09 sterope dhclient: DHCPACK from 10.16.98.150
Mar 18 15:55:09 sterope dhclient: bound to 10.16.96.67 -- renewal in 10115 seconds.

I wasn't restarting the CA after its pkisilent configuration. makes sense
why DRM was getting its certificates. 

marking bug to modified again.

Created attachment 349130 [details]
ca debug log output from kra silent config

Verified successful pkisilent ConfigureDRM:

Output from ca's debug log attached - no null pointer exceptions
Also attached kra.log from silent configuration

Created attachment 349131 [details]
kra silent config log