Bug 500756 - TKS : install fails with nethsm2k
TKS : install fails with nethsm2k
Status: CLOSED DUPLICATE of bug 500738
Product: Dogtag Certificate System
Classification: Community
Component: TKS (Show other bugs)
unspecified
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Christina Fu
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-05-13 20:05 EDT by Chandrasekar Kannan
Modified: 2015-01-04 18:38 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-06-01 12:14:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chandrasekar Kannan 2009-05-13 20:05:46 EDT
test setup:

1 - rhel 5.3 x86_64,firefox 3.0 , nethsm2000
2 - install rootCA (security domain)
3 - install TKS

installation wizard proceeds fine. 
tks starts fine. 

But if I do certutil to list keys for tks from nethsm, 
I see only the server-cert. both auditSigning and subSystem
certs are missing.

============================================================
[root@zeta alias]# certutil -L -d . -h nethsm2k

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

Enter Password or Pin for "nethsm2k":
nethsm2k:Server-Cert cert-pki-tks                            u,u,u
nethsm2k:caSigningCert cert-pki-ca                           CTu,cu,u
nethsm2k:auditSigningCert cert-pki-ca                        u,u,u
nethsm2k:subsystemCert cert-pki-ca1                          u,u,u
nethsm2k:Server-Cert cert-pki-ca                             u,u,u
nethsm2k:transportCert cert-pki-kra                          u,u,u
nethsm2k:Server-Cert cert-pki-ca1                            u,u,u
nethsm2k:caSigningCert cert-pki-ca1                          u,u,u
nethsm2k:ocspSigningCert cert-pki-ca                         u,u,u
nethsm2k:ocspSigningCert cert-pki-ca1                        u,u,u
nethsm2k:subsystemCert cert-pki-ca                           u,u,u
nethsm2k:auditSigningCert cert-pki-ca1                       u,u,u
[root@zeta alias]# certutil -L -d . 

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

Certificate Authority - DsdevSjcRedhat Domain                CT,c,
[root@zeta alias]# 
===============================================================================

Sure enough debug log shows some problem...

===============================================================================
[13/May/2009:16:48:30][http-13445-Processor25]: total number of panels=16
[13/May/2009:16:48:33][http-13445-Processor20]: WizardServlet: process
[13/May/2009:16:48:33][http-13445-Processor20]: WizardServlet:service() uri = /tks/admin/console/config/wizard
[13/May/2009:16:48:33][http-13445-Processor20]: WizardServlet::service() param name='subsystem' value='-----BEGIN CERTIFICATE-----
MIIDlDCCAnygAwIBAgIBEDANBgkqhkiG9w0BAQUFADBAMR4wHAYDVQQKExVEc2RldlNqY1JlZGhh
dCBEb21haW4xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wOTA1MTMyMzQ4Mjla
Fw0xMTA1MDMyMDQxNTNaMEQxHjAcBgNVBAoTFURzZGV2U2pjUmVkaGF0IERvbWFpbjEiMCAGA1UE
AxMZVEtTIFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALwCcmrJmT8OJJwhy+Vq3OQr0AvKOL/hrT+LaK+WyVbnWWzLuXnRdfHqZNbqB/ARkFygf8qt
dvmJrhSVLyV4eurgrLokziF5qI5Ai2J1hIQ4LL+aHwXprFL9grofQ+0cR3+a3U9KmvEJoiXw1jZa
CK9zyBwG1YC1YQmqmSmxmTszPxai/X4gp75QDY3kFmYFyCZ7aLNmdNYvVA5msSmnVUB+iegL0GjL
U3JmOCK5yEhfrsAjN0dsPDKx0aOQgw08jPmceUk+/LpvgVtvs+uoVP0PbZhfGLLVqRGlAJPa4jqj
22Qc8hANai15LnAytvH4pB6bwEFhXKT+hxBH3pJyse0CAwEAAaOBlDCBkTAfBgNVHSMEGDAWgBSo
Qb4URVs9CjTk9oNGyGd8/RuxhjBJBggrBgEFBQcBAQQ9MDswOQYIKwYBBQUHMAGGLWh0dHA6Ly96
ZXRhLmRzZGV2LnNqYy5yZWRoYXQuY29tOjkxODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYD
VR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggEBAC68/1jcI0boayJ0c99zLZTV0Saa
LbnfUlu0OiN70fqtZ963nTtsQ0WMpTjBigwFqUtqLzrsBJdDScKGspPVCs/xuCQpnMo67XB6jrO8
XQbjN8iYu4t9mb1Y2vK/rqhSWvRTtj1RiNetZ0eW+7ETUi/crkmceUd/2hhMJDCeWcNfPVGW9y75
5XUJD6QTm9Up+AP8oARpZh5hR7na86HMS/ZE1OkK11AwsqgYR4bnfSA7RIUctWpIfc0KiZMVsfBk
FxPSYCHOYKNPmIkDhwdNPYs6mCn+4uh9XCClQlWDjPoIXQrr2hbo/gQwxeqZUa9xszUuhCFvXgDQ
FmqZzqLs5EU=
-----END CERTIFICATE-----'
[13/May/2009:16:48:33][http-13445-Processor20]: WizardServlet::service() param name='sslserver_cc' value=''
[13/May/2009:16:48:33][http-13445-Processor20]: WizardServlet::service() param name='subsystem_cc' value=''
[13/May/2009:16:48:33][http-13445-Processor20]: WizardServlet::service() param name='p' value='10'
[13/May/2009:16:48:33][http-13445-Processor20]: WizardServlet::service() param name='audit_signing_cc' value=''
[13/May/2009:16:48:33][http-13445-Processor20]: WizardServlet::service() param name='op' value='next'
[13/May/2009:16:48:33][http-13445-Processor20]: WizardServlet::service() param name='audit_signing' value='-----BEGIN CERTIFICATE-----
MIIDmDCCAoCgAwIBAgIBETANBgkqhkiG9w0BAQUFADBAMR4wHAYDVQQKExVEc2RldlNqY1JlZGhh
dCBEb21haW4xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wOTA1MTMyMzQ4MzBa
Fw0xMTA1MDMyMDQxNTNaMEgxHjAcBgNVBAoTFURzZGV2U2pjUmVkaGF0IERvbWFpbjEmMCQGA1UE
AxMdVEtTIEF1ZGl0IFNpZ25pbmcgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCzvLzVbPgAdxogMWbWe9rLs05SsjdtP0hgOS0j6vH+pE54mf9Pck8QNUVXbynWhZap
A7cxeLv8kGHSP+i1Haftxk0B9U8Q4pRMFZZ7NDjLn9qFYO+tLTUGauzTIot5Fja/RvrYI3ydD9z3
OfBSYnM/k0j3j2RJSuTg+9LVz1kSNf0QI5qQVoQET9v1hItqEB+36F4Zm5jOIdWStE0zOYuVaVgs
G68tPgZEkh23BbRCyCMmDN7Nq36LxsZ2pjLP3Ao0/JktsPkgVoEaVuODdADFWIqqOteygfoTNc1s
fFFZGB1WLucmh8OUsp2Qowjh917RMNhmS0GOKm2dEuZd3HC7AgMBAAGjgZQwgZEwHwYDVR0jBBgw
FoAUqEG+FEVbPQo05PaDRshnfP0bsYYwSQYIKwYBBQUHAQEEPTA7MDkGCCsGAQUFBzABhi1odHRw
Oi8vemV0YS5kc2Rldi5zamMucmVkaGF0LmNvbTo5MTgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgbA
MBMGA1UdJQQMMAoGCCsGAQUFBwMEMA0GCSqGSIb3DQEBBQUAA4IBAQCPTLI9YX69X9i/QTrs08xx
V4t3JIe99XtO4ZqrezLp6n8UTSJY6+SofVGHKvyM6k9TKrn2ZHEX2F5unKj4coG9jpWsCiQmz3gi
YkbsD3hsDbACt9Gxz+sH08YWgR7skkx2bQyV4lvuPbl2At8l5OXhaIgMitO2ipeznTXSE2OsTmd7
NNcqJBF8sz4a+W1oW26eIPC9jAVz0Hzd1qAVT5knWDiH1NbPpZ7yQIAm9d6uFIW23ZMTzAbXuUof
ZQVgt523NFen1b8dsqegDBMy9iLnsenzCXfITZsH59beYx7cgwTlKIeEHFxlhwMY6sobt7vgfJ85
NqVgIh38lpk9EZ/v
-----END CERTIFICATE-----'
[13/May/2009:16:48:33][http-13445-Processor20]: WizardServlet::service() param name='sslserver' value='-----BEGIN CERTIFICATE-----
MIIDqDCCApCgAwIBAgIBDzANBgkqhkiG9w0BAQUFADBAMR4wHAYDVQQKExVEc2RldlNqY1JlZGhh
dCBEb21haW4xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wOTA1MTMyMzQ4Mjla
Fw0xMTA1MDMyMDQxNTNaMEQxHjAcBgNVBAoTFURzZGV2U2pjUmVkaGF0IERvbWFpbjEiMCAGA1UE
AxMZemV0YS5kc2Rldi5zamMucmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKqZX2oJ0fq9+6l3cuxSKfgrGTKVeCquKYBuQ0Q3qy4ZmCy2DlTW9cWL56X9VUznCCofo7IO
Xr9Ocm6ZrAJhV5rY7ht+nOya9NaK25n/ywpzk+ZQeb7E/AMRlJHXZzK2D6ZUrGCLSo44o+UEg+rD
RwnZoe5rsiTYwMYIlVw+X6b3GFVtdrSGOiB1Kg8yeKrxKT2UINK+otz9AsxHAYWySZl+eLoNekOt
T6Hypi88/Z/UBbMTyKk4lzzrv20p9d8gjN9txnG/k9qQ4wCr5ocdiO9J3M+qD4rzwYi02bwMicWe
Suh/2pmsPCGcLRpd33v9xGr1dp/ulZxSQLKNLInDJ7kCAwEAAaOBqDCBpTAfBgNVHSMEGDAWgBSo
Qb4URVs9CjTk9oNGyGd8/RuxhjBJBggrBgEFBQcBAQQ9MDswOQYIKwYBBQUHMAGGLWh0dHA6Ly96
ZXRhLmRzZGV2LnNqYy5yZWRoYXQuY29tOjkxODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwJwYD
VR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQUFAAOCAQEA
KOg2D7nSCtEFJofZhOf1uyPinOlNX1wvJzgOWuVXAQq4zdn6uc8LILDJ/ALcLFDXnu+XJzmh8fAP
OYz3fANXtqBMeBtDqky5bNsv4OpvL+nRYNkNEehv3YrkUPosNAQU6OIcT/qU897GAyY7LDMuLRU4
SMaZLyiPHQmzqdCE273raOv4gsYCbfnGiCyj4LgxwcTOHDqi+sl+FUFgz1gyGANmH092yXb6glR4
Zp2Tm2sDj+3ajQ2d0QsBYHRn0Xbr8dBzYains5/QzG88hacVq7B56C174f7n4X8XlQBIKOQ3NNVi
8arz1O1hBdjLaffhFj1A128KUptZ8ZaS2X8epQ==
-----END CERTIFICATE-----'
[13/May/2009:16:48:33][http-13445-Processor20]: WizardServlet: op=next
[13/May/2009:16:48:33][http-13445-Processor20]: WizardServlet: size=16
[13/May/2009:16:48:33][http-13445-Processor20]: WizardServlet: in next 10
[13/May/2009:16:48:33][http-13445-Processor20]: CertRequestPanel: in update()
[13/May/2009:16:48:33][http-13445-Processor20]: CertRequestPanel: update() for cert tag sslserver
[13/May/2009:16:48:33][http-13445-Processor20]: CertRequestPanel: in update() process remote...import cert
[13/May/2009:16:48:33][http-13445-Processor20]: WizardPanelBase deleteCert: nickname=Server-Cert cert-pki-tks
[13/May/2009:16:48:33][http-13445-Processor20]: WizardPanelBase deleteCert: this is pk11store
[13/May/2009:16:48:33][http-13445-Processor20]: CertRequestPanel findCertificate: Exception=org.mozilla.jss.crypto.ObjectNotFoundException
[13/May/2009:16:48:33][http-13445-Processor20]: CertRequestPanel configCert: Failed to import certificate sslserver Exception: org.mozilla.jss.crypto.TokenException: Failed to find certificate that was just imported: (-8174) security library: bad database.
[13/May/2009:16:48:33][http-13445-Processor20]: getNextPanel input p=10
[13/May/2009:16:48:33][http-13445-Processor20]: getNextPanel output p=11
[13/May/2009:16:48:33][http-13445-Processor20]: AdminPanel: display
[13/May/2009:16:48:33][http-13445-Processor20]: panel no=13
[13/May/2009:16:48:33][http-13445-Processor20]: panel name=adminpanel
[13/May/2009:16:48:33][http-13445-Processor20]: total number of panels=16
[13/May/2009:16:48:41][http-13445-Processor23]: WizardServlet: process
[13/May/2009:16:48:41][http-13445-Processor23]: WizardServlet:service() uri = /tks/admin/console/config/wizard

===============================================================================
Comment 1 Christina Fu 2009-05-14 12:13:27 EDT
I"m very certain this was working just last week.

I"d suggest you clean up everything on the token (use ksafe) and try again.
Comment 2 Christina Fu 2009-06-01 12:14:11 EDT
This is the exact same issue with 500738. The fix will be for both.

*** This bug has been marked as a duplicate of bug 500738 ***

Note You need to log in before you can comment on or make changes to this bug.