Bug 500738 - (nethsm2k) : KRA : installation wizard fails
(nethsm2k) : KRA : installation wizard fails
Product: Dogtag Certificate System
Classification: Community
Component: DRM (Show other bugs)
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Christina Fu
Chandrasekar Kannan
: 500756 (view as bug list)
Depends On:
Blocks: 443788
  Show dependency treegraph
Reported: 2009-05-13 17:04 EDT by Chandrasekar Kannan
Modified: 2015-01-04 18:38 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-07-22 19:35:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
solution for working around some underlying issue with jss and hsm (3.78 KB, patch)
2009-06-01 12:50 EDT, Christina Fu
no flags Details | Diff
added a helpful debug message (4.60 KB, patch)
2009-06-02 11:32 EDT, Christina Fu
no flags Details | Diff
spec file change (1.13 KB, patch)
2009-06-02 15:50 EDT, Christina Fu
no flags Details | Diff

  None (edit)
Description Chandrasekar Kannan 2009-05-13 17:04:01 EDT
test setup:

1 - rhel 5.3 x86_64 with nethsm 2000 attached
2 - install a rootCA 
3 - install kra. join to security domain in Step(2)

Installation wizard proceeds just fine. I don't see any issues.
but when I restart KRA, I can't go into the agent page. 
sure enough, I do have the KRA agent cert.

but when I look in /var/lib/pki-kra/alias/ I see just the
transport cert.

nethsm2k:transportCert cert-pki-kra                          u,u,u

I don't see the server cert or storage cert.
Comment 1 Chandrasekar Kannan 2009-05-14 10:01:20 EDT
update - this problem doesn't happen on a machine that has no nethsm installed.
         so something to do with the way we work with nethsm.
Comment 4 Christina Fu 2009-06-01 12:14:12 EDT
*** Bug 500756 has been marked as a duplicate of this bug. ***
Comment 5 Christina Fu 2009-06-01 12:50:10 EDT
Created attachment 346100 [details]
solution for working around some underlying issue with jss and hsm
Comment 6 Christina Fu 2009-06-02 11:32:24 EDT
Created attachment 346273 [details]
added a helpful debug message
Comment 7 Jack Magne 2009-06-02 15:10:39 EDT
Attachment (id=346273) +jmagne.
Comment 8 Christina Fu 2009-06-02 15:49:06 EDT
[cfu@jaw common]$ svn commit
Sending        common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
Sending        common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
Transmitting file data ..pwd

Committed revision 539.
[cfu@jaw common]$ pwd
Comment 9 Christina Fu 2009-06-02 15:50:53 EDT
Created attachment 346308 [details]
spec file change
Comment 10 Chandrasekar Kannan 2009-06-04 17:14:03 EDT
Verified with today's build

[root@sigma ~]# rpm -qi pki-common
Name        : pki-common                   Relocations: (not relocatable)
Version     : 8.0.0                             Vendor: Red Hat, Inc.
Release     : 12.beta                       Build Date: Thu 04 Jun 2009 01:49:42 AM PDT
Install Date: Thu 04 Jun 2009 01:36:03 PM PDT      Build Host: payday.dsdev.sjc.redhat.com
Group       : System Environment/Base       Source RPM: pki-common-8.0.0-12.beta.src.rpm
Size        : 2780418                          License: GPLv2 with exceptions
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://www.redhat.com/certificate_system
Summary     : Red Hat Certificate System - PKI Common Framework
Description :
Red Hat Certificate System is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

The Red Hat PKI Common Framework is required by the following four
Red Hat PKI subsystems:

    the Red Hat Certificate Authority,
    the Red Hat Data Recovery Manager,
    the Red Hat Online Certificate Status Protocol Manager, and
    the Red Hat Token Key Service.
[root@sigma ~]# certutil -L -d /var/lib/pki-kra/alias -h nethsm2k

Certificate Nickname                                         Trust Attributes

Enter Password or Pin for "nethsm2k":
nethsm2k:subsystemCert cert-pki-kra                          u,u,u
nethsm2k:auditSigningCert cert-pki-ca                        u,u,u
nethsm2k:ocspSigningCert cert-pki-ca                         u,u,u
nethsm2k:transportCert cert-pki-kra                          u,u,u
nethsm2k:auditSigningCert cert-pki-tks                       u,u,u
nethsm2k:Server-Cert cert-pki-ra                             u,u,u
nethsm2k:subsystemCert cert-pki-ocsp                         u,u,u
nethsm2k:auditSigningCert cert-pki-kra                       u,u,u
nethsm2k:auditSigningCert cert-pki-tps                       u,u,u
nethsm2k:subsystemCert cert-pki-ca                           u,u,u
nethsm2k:auditSigningCert cert-pki-ocsp                      u,u,u
nethsm2k:Server-Cert cert-pki-ca                             u,u,u
nethsm2k:Server-Cert cert-pki-tps                            u,u,u
nethsm2k:subsystemCert cert-pki-tks                          u,u,u
nethsm2k:caSigningCert cert-pki-ca                           CTu,cu,u
nethsm2k:subsystemCert cert-pki-tps                          u,u,u
nethsm2k:Server-Cert cert-pki-ocsp                           u,u,u
nethsm2k:Server-Cert cert-pki-tks                            u,u,u
nethsm2k:ocspSigningCert cert-pki-ocsp                       u,u,u
nethsm2k:storageCert cert-pki-kra                            u,u,u
nethsm2k:Server-Cert cert-pki-kra                            u,u,u
nethsm2k:subsystemCert cert-pki-ra                           u,u,u
[root@sigma ~]#

Note You need to log in before you can comment on or make changes to this bug.