Description of problem: using pkisilent-1.1.0-1.el4 to automate a CA installation, as follows: (this was used in kickstart %post) INSTANCE=rhpki-ca PREOP=$( grep '^preop.pin' /var/lib/${INSTANCE}/conf/CS.cfg | cut -d= -f2 ) DBPASS=$( grep 'internal' /var/lib/${INSTANCE}/conf/password.conf | cut -d: -f2 ) export PREOP DBPASS INSTANCE cd /usr/share/pki perl /usr/share/pki/pkisilent ConfigureCA \ -cs_hostname certsystem.example.com \ -cs_port 9443 \ -client_certdb_dir /var/lib/${INSTANCE}/alias \ -client_certdb_pwd ${DBPASS} \ -domain_name "Prorail\ PKI" \ -admin_user admin \ -admin_password apassword \ -agent_name "CA Administrator of Instance ${INSTANCE}" \ -agent_key_size 2048 \ -agent_key_type rsa \ -ldap_host localhost \ -ldap_port 389 \ -bind_dn "cn=Directory\ Manager" \ -bind_password "somepassword" \ -base_dn "o=ca,dc=example,dc=com" \ -db_name ${INSTANCE} \ -key_size 2048 \ -key_type rsa \ -save_p12 true \ -backup_pwd anotherpassword \ -subsystem-name ca \ -ca_sign_cert_subject_name "cn=Certificate Authority,o=Example PKI" \ -ca_subsystem_cert_subject_name "cn=CA Subsystem Certificate,o=Example PKI" \ -ca_ocsp_cert_subject_name "cn=OCSP Signing Certificate,o=Example PKI" \ -ca_server_cert_subject_name "cn=CA server,o=Example PKI" Version-Release number of selected component (if applicable): pkisilent-1.1.0-1.el4 (Certificate System 7.3 x86 RHEL4.7AS) How reproducible: every time Steps to Reproduce: 1. up2date (or pki_install...) rhpki-ca 2. unpack the pkisilent tarball (in this case into /usr/share/pki 3. then connect to https://certificate.system:9443 in a web browser. Actual results: only 'Agent Services' appears as an option. Clicking upon this link immediately redirects to http://certificate.system:9080 where you are prompted for the installation PIN - which has already been used for pkisilent. Following the wizard through, you find that all the fields have been filled in with the details used in the pkisilent command. Expected results: The web interface offers both 'SSL Users End User Services' and 'Agent Services'. I appreciate that there is still a need to create and import end-user certs to use the 'Agent Services' functionality, but the end user options do not require this. Additional info:
oops. of course I meant: Steps to Reproduce: 1. up2date (or pki_install...) rhpki-ca 2. unpack the pkisilent tarball (in this case into /usr/share/pki) 3. run the pkisilent installation command as detailed 3. connect to https://certificate.system:9443 in a web browser and click on the 'Agent Services' link