- Attempt to silent install/configure KRA. - I don't see an option for the audit signing cert. [root@gamma ~]# pkisilent ConfigureDRM -help libpath=/usr/lib ####################################################################### Usage: ConfigureDRM Options include: -help,-? displays help information -cs_hostname <string> CS Hostname -cs_port <string> CS SSL port -sd_hostname <string> Security Domain Hostname -sd_ssl_port <string> Security Domain SSL port -sd_admin_name <string> Security Domain username -sd_admin_password <string> Security Domain password -ca_hostname <string> CA Hostname -ca_port <string> CA non SSL port -ca_ssl_port <string> CA SSL port -client_certdb_dir <string> Client CertDB dir -client_certdb_pwd <string> client certdb password -preop_pin <string> pre op pin -domain_name <string> domain name -admin_user <string> Admin User Name -admin_email <string> Admin email -admin_password <string> Admin password -agent_name <string> Agent Cert Nickname -ldap_host <string> ldap host -ldap_port <string> ldap port -bind_dn <string> ldap bind dn -bind_password <string> ldap bind password -base_dn <string> base dn -db_name <string> db name -key_size <string> Key Size -key_type <string> Key type [RSA,ECC] -token_name <string> HSM/Software Token name -token_pwd <string> HSM/Software Token password -agent_key_size <string> Agent Cert Key Size -agent_key_type <string> Agent Cert Key type [rsa] -agent_cert_subject <string> Agent Cert Subject -backup_pwd <string> PKCS12 password -drm_transport_cert_subject_name <string> DRM transport cert subject name -drm_subsystem_cert_subject_name <string> DRM subsystem cert subject name -drm_storage_cert_subject_name <string> DRM storage cert subject name -drm_server_cert_subject_name <string> DRM server cert subject name -subsystem_name <string> CA subsystem name I tried to configure a DRM like this ... pkisilent ConfigureDRM -cs_hostname gamma.dsdev.sjc.redhat.com -cs_port 10444 -sd_hostname gamma.dsdev.sjc.redhat.com -sd_ssl_port 9444 -sd_admin_name admin -sd_admin_password Secret123 -ca_hostname gamma.dsdev.sjc.redhat.com -ca_port 9180 -ca_ssl_port 9443 -client_certdb_dir /tmp/ -client_certdb_pwd netscape -preop_pin szuusI6O3r7b2J22wJDB -domain_name pkitest -admin_user admin -admin_password Secret123 -admin_email 'pkitest\@redhat.com' -agent_name pki-agent-kra-01 -ldap_host localhost -ldap_port 389 -bind_dn '"cn=directory' 'manager"' -bind_password Secret123 -base_dn o=kra01 -db_name kra01 -key_size 2048 -key_type rsa -token_name internal -token_pwd netscape -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=pki-agent-kra-01,O=redhat -subsystem_name pki-test-kra -drm_transport_cert_subject_name CN=pki-kra-transport,O=redhat -drm_subsystem_cert_subject_name CN=pki-kra-subsystem,O=redhat -drm_storage_cert_subject_name CN=pki-kra-storage,O=redhat -drm_server_cert_subject_name CN=gamma.dsdev.sjc.redhat.com,O=redhat This results in a server side exception like this... [06/Mar/2009:15:12:34][http-10444-Processor25]: SizePanel: update() Exception caught: java.lang.NullPointerException Property null.preop.cert.audit_signing.keytype missing value at com.netscape.cmscore.base.PropConfigStore.getString(PropConfigStore.java:239) at com.netscape.cms.servlet.csadmin.SizePanel.update(SizePanel.java:343) at com.netscape.cms.servlet.wizard.WizardServlet.goNextApply(WizardServlet.java:315) at com.netscape.cms.servlet.wizard.WizardServlet.goNext(WizardServlet.java:294) at com.netscape.cms.servlet.wizard.WizardServlet.handleRequest(WizardServlet.java:489) at org.apache.velocity.servlet.VelocityServlet.doRequest(VelocityServlet.java:358) at org.apache.velocity.servlet.VelocityServlet.doPost(VelocityServlet.java:327) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:542) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685) at java.lang.Thread.run(Thread.java:636) [06/Mar/2009:15:12:41][http-10444-Processor25]: SizePanel: key generation failure: Property null.preop.cert.audit_signing.keytype missing value
same applies for the other sub-systems
Created attachment 334698 [details] patch to fix patch to fix. TPS does not have audit signing yet -- I will add that once cfu checks those changes in. awnuk, please review.
attachment (id=334698) +awnuk
[builder@dhcp231-124 dogtag-src]$ svn ci -m "Bugzilla 489057: add audit signing to tks,drm, ocsp" pki Sending pki/base/silent/src/drm/ConfigureDRM.java Sending pki/base/silent/src/ocsp/ConfigureOCSP.java Sending pki/base/silent/src/tks/ConfigureTKS.java Sending pki/dogtag/silent/pki-silent.spec Transmitting file data .... Committed revision 291.
on silent install RA is get getting an audit signing cerfificate - all other sub systems are okay - see attached silent install logs
Created attachment 346674 [details] silent install logs
closing this bug verified -as RA was not including in original bug. opening a new bug for RA audit signing certificate