Bug 492648

Summary: pkisilent ConfigureSubCA fails (audit signing)
Product: [Retired] Dogtag Certificate System Reporter: Chandrasekar Kannan <ckannan>
Component: TPSAssignee: Ade Lee <alee>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: urgent Docs Contact:
Priority: high    
Version: unspecifiedCC: alee, awnuk, benl, jmagne
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-07-22 23:33:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 443788    
Attachments:
Description Flags
patch to fix
none
pkisilent subca configuration log none

Description Chandrasekar Kannan 2009-03-27 20:50:46 UTC 
Need audit signing support...

createsubca01 : [2009:3:27  16:4:9] : started cs instance: subca-tp1
createsubca01 : [2009:3:27  16:5:9] : Configuring SUB_CA instance...
createsubca01 : [2009:3:27  16:5:9] : PREOP_PIN=gK7PnKFbXRmnBQy7i64Q
createsubca01 : [2009:3:27  16:5:9] : arguments to ConfigureSubCA:  ConfigureSubCA -cs_hostname
	wolverine.idm.lab.bos.redhat.com -cs_port 32016 -sd_hostname
	wolverine.idm.lab.bos.redhat.com -sd_ssl_port 32002 -sd_admin_name admin -sd_admin_password
	netscape -ca_hostname wolverine.idm.lab.bos.redhat.com -ca_port 32002 -ca_ssl_port 32002
	-client_certdb_dir
	/export/tet_root//trunk/testframework//tet_tmp_dir/wolverine.idm.lab.bos.redhat.com.10416.2
	0090327155124 -client_certdb_pwd netscape -preop_pin gK7PnKFbXRmnBQy7i64Q -domain_name
	pkidailyacceptance -admin_user admin -admin_email "admin" -admin_password
	netscape -agent_name subca-agent-tp1 -ldap_host wolverine.idm.lab.bos.redhat.com -ldap_port
	35016 -bind_dn cn=DirManager -bind_password Secret123 -base_dn dc=test-subca-tp1 -db_name
	test-subcatp1  -key_size 2048 -key_type rsa -agent_key_size 2048 -agent_key_type rsa
	-agent_cert_subject CN=subca-agent-tp1,OU=mtv,O=redhat -backup_pwd netscape -token_name
	internal -token_pwd netscape -subca_sign_cert_subject_name "CN=SUBCA,O=redhat"
	-subca_subsystem_cert_subject_name "CN=SUBCA-subsystem,O=redhat"
	-subca_ocsp_cert_subject_name "CN=SUBOCSPSigning,O=redhat"
	-subca_audit_signing_cert_subject_name "CN=subca-audit,O=redhat"
	-subca_server_cert_subject_name "CN=wolverine.idm.lab.bos.redhat.com,O=redhat"
	-subsystem_name "daily-acceptance-subca" 
createsubca01 : [2009:3:27  16:5:9] : ConfigureSubCA output=libpath=/usr/lib64
	 #######################################################################
	 Unrecognized argument: -subca_audit_signing_cert_subject_name
	 Use -help for help information
	 
	 #######################################################################
createsubca01 : [2009:3:27  16:5:9] : ERROR: failed to configure SubCA Instance
createsubca01 : [2009:3:27  16:5:9] : TestCaseResult createsubca01 FAIL
Comment 1 Ade Lee 2009-04-01 22:15:58 UTC 
Created attachment 337677 [details]
patch to fix 

awnuk, please review
Comment 2 Andrew Wnuk 2009-04-02 23:33:26 UTC 
attachment (id=337677) +awnuk
Comment 3 Ade Lee 2009-04-03 19:25:02 UTC 
[builder@dhcp231-124 pki]$ svn ci -m "Bugzilla Bug #491517 and #492648 - subca and TPS fail to configure - audit signing"
Sending        base/silent/src/subca/ConfigureSubCA.java
Sending        base/silent/src/tps/ConfigureTPS.java
Sending        dogtag/silent/pki-silent.spec
Transmitting file data ...
Committed revision 367.
Comment 4 Kashyap Chamarthy 2009-06-24 14:06:56 UTC 
Verified. Configured sub CA successfully with pkisilent. (See the attachment for successful subca-config-log )
Comment 5 Kashyap Chamarthy 2009-06-24 14:11:32 UTC 
Created attachment 349247 [details]
pkisilent subca configuration log

Used the subca_silent.template from the source tree

https://pki.fedoraproject.org/svn/pki/trunk/pki/dogtag/templates/subca_silent.template