Bug 489057 - pkisilent { ConfigureDRM,ConfigureOCSP,ConfigureTKS,ConfigureTPS } needs an option for audit signing cert
Summary: pkisilent { ConfigureDRM,ConfigureOCSP,ConfigureTKS,ConfigureTPS } needs an o...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: Scripts
Version: unspecified
Hardware: All
OS: Linux
urgent
high
Target Milestone: ---
Assignee: Ade Lee
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 443788
TreeView+ depends on / blocked
 
Reported: 2009-03-06 23:31 UTC by Chandrasekar Kannan
Modified: 2015-01-04 23:37 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-07-22 23:32:54 UTC
Embargoed:


Attachments (Terms of Use)
patch to fix (15.87 KB, patch)
2009-03-10 18:53 UTC, Ade Lee
no flags Details | Diff
silent install logs (700.00 KB, application/x-tar)
2009-06-05 15:55 UTC, Jenny Severance
no flags Details

Description Chandrasekar Kannan 2009-03-06 23:31:21 UTC
- Attempt to silent install/configure KRA.
- I don't see an option for the audit signing cert.

[root@gamma ~]# pkisilent ConfigureDRM -help
libpath=/usr/lib
#######################################################################
Usage: ConfigureDRM
Options include:

-help,-?     displays help information
-cs_hostname <string>    CS Hostname
-cs_port <string>    CS SSL port
-sd_hostname <string>    Security Domain Hostname
-sd_ssl_port <string>    Security Domain SSL port
-sd_admin_name <string>    Security Domain username
-sd_admin_password <string>    Security Domain password
-ca_hostname <string>    CA Hostname
-ca_port <string>    CA non SSL port
-ca_ssl_port <string>    CA SSL port
-client_certdb_dir <string>    Client CertDB dir
-client_certdb_pwd <string>    client certdb password
-preop_pin <string>    pre op pin
-domain_name <string>    domain name
-admin_user <string>    Admin User Name
-admin_email <string>    Admin email
-admin_password <string>    Admin password
-agent_name <string>    Agent Cert Nickname
-ldap_host <string>    ldap host
-ldap_port <string>    ldap port
-bind_dn <string>    ldap bind dn
-bind_password <string>    ldap bind password
-base_dn <string>    base dn
-db_name <string>    db name
-key_size <string>    Key Size
-key_type <string>    Key type [RSA,ECC]
-token_name <string>    HSM/Software Token name
-token_pwd <string>    HSM/Software Token password
-agent_key_size <string>    Agent Cert Key Size
-agent_key_type <string>    Agent Cert Key type [rsa]
-agent_cert_subject <string>    Agent Cert Subject 
-backup_pwd <string>    PKCS12 password
-drm_transport_cert_subject_name <string>    DRM transport cert subject name
-drm_subsystem_cert_subject_name <string>    DRM subsystem cert subject name
-drm_storage_cert_subject_name <string>    DRM storage cert subject name
-drm_server_cert_subject_name <string>    DRM server cert subject name
-subsystem_name <string>    CA subsystem name


I tried to configure a DRM like this ... 

 pkisilent ConfigureDRM -cs_hostname gamma.dsdev.sjc.redhat.com -cs_port 10444 -sd_hostname gamma.dsdev.sjc.redhat.com -sd_ssl_port 9444 -sd_admin_name admin -sd_admin_password Secret123 -ca_hostname gamma.dsdev.sjc.redhat.com -ca_port 9180 -ca_ssl_port 9443 -client_certdb_dir /tmp/ -client_certdb_pwd netscape -preop_pin szuusI6O3r7b2J22wJDB -domain_name pkitest -admin_user admin -admin_password Secret123 -admin_email 'pkitest\@redhat.com' -agent_name pki-agent-kra-01 -ldap_host localhost -ldap_port 389 -bind_dn '"cn=directory' 'manager"' -bind_password Secret123 -base_dn o=kra01 -db_name kra01 -key_size 2048 -key_type rsa -token_name internal -token_pwd netscape -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=pki-agent-kra-01,O=redhat -subsystem_name pki-test-kra -drm_transport_cert_subject_name CN=pki-kra-transport,O=redhat -drm_subsystem_cert_subject_name CN=pki-kra-subsystem,O=redhat -drm_storage_cert_subject_name CN=pki-kra-storage,O=redhat -drm_server_cert_subject_name CN=gamma.dsdev.sjc.redhat.com,O=redhat


This results in a server side exception like this...

[06/Mar/2009:15:12:34][http-10444-Processor25]: SizePanel: update() Exception caught: java.lang.NullPointerException
Property null.preop.cert.audit_signing.keytype missing value
        at com.netscape.cmscore.base.PropConfigStore.getString(PropConfigStore.java:239)
        at com.netscape.cms.servlet.csadmin.SizePanel.update(SizePanel.java:343)
        at com.netscape.cms.servlet.wizard.WizardServlet.goNextApply(WizardServlet.java:315)
        at com.netscape.cms.servlet.wizard.WizardServlet.goNext(WizardServlet.java:294)
        at com.netscape.cms.servlet.wizard.WizardServlet.handleRequest(WizardServlet.java:489)
        at org.apache.velocity.servlet.VelocityServlet.doRequest(VelocityServlet.java:358)
        at org.apache.velocity.servlet.VelocityServlet.doPost(VelocityServlet.java:327)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:542)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
        at java.lang.Thread.run(Thread.java:636)
[06/Mar/2009:15:12:41][http-10444-Processor25]: SizePanel: key generation failure: Property null.preop.cert.audit_signing.keytype missing value

Comment 1 Chandrasekar Kannan 2009-03-07 00:12:07 UTC
same applies for the other sub-systems

Comment 2 Ade Lee 2009-03-10 18:53:56 UTC
Created attachment 334698 [details]
patch to fix

patch to fix.

TPS does not have audit signing yet -- I will add that once cfu checks those changes in.

awnuk, please review.

Comment 3 Andrew Wnuk 2009-03-10 19:11:56 UTC
attachment (id=334698) +awnuk

Comment 4 Ade Lee 2009-03-10 19:14:28 UTC
[builder@dhcp231-124 dogtag-src]$ svn ci -m "Bugzilla 489057: add audit signing to tks,drm, ocsp" pki
Sending        pki/base/silent/src/drm/ConfigureDRM.java
Sending        pki/base/silent/src/ocsp/ConfigureOCSP.java
Sending        pki/base/silent/src/tks/ConfigureTKS.java
Sending        pki/dogtag/silent/pki-silent.spec
Transmitting file data ....
Committed revision 291.

Comment 5 Jenny Severance 2009-06-05 15:55:17 UTC
on silent install RA is get getting an audit signing cerfificate - all other sub systems are okay - see attached silent install logs

Comment 6 Jenny Severance 2009-06-05 15:55:40 UTC
Created attachment 346674 [details]
silent install logs

Comment 7 Jenny Severance 2009-06-05 16:16:55 UTC
closing this bug verified -as RA was not including in original bug.  opening a new bug for RA audit signing certificate


Note You need to log in before you can comment on or make changes to this bug.