Created attachment 1238830 [details]
Install output, configuration, debug and log files
Description of problem:
When trying to set up a clone using pkispawn with the attached configuration in FIPS, pkispawn fails with NoSuchTokenException.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Set up a master server and a future replica to use FIPS.
2. Set up a master CA on a server using pkispawn
3. Try to create a clone of the server from 1. using `pkispawn -s CA -f pkispawn_config_repl.txt`
The installation fails with "org.mozilla.jss.NoSuchTokenException".
The installation of the clone passes.
Might (but does not have to be) be related to https://bugzilla.redhat.com/show_bug.cgi?id=1382066.
Hi, in bug #1382066 the code was fixed to recognize the full name of the internal token (i.e. Internal Key Storage Token) which is used in FIPS mode in addition to the short name (i.e. internal):
Apparently there are additional places that need to be fixed which are only exposed under this test scenario.
*** Bug 1412132 has been marked as a duplicate of this bug. ***
Fixed in master:
I tested this bug on pki 10.4.1-8.el7 version. It worked as expected.
I follow following steps to verify the bug:
1. Installed CA with dual step installation with modification of sslRangeCiphers in server.xml file.
2. I follow above installation procedure with the clone and I able to create the clone successfully.
Verifying this bug.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.