Hello,

I tried to install freeipa with certs management. I did manage after a problem.

1°) The installation was unable to finished on a french localized system.
The error at stage [3/15]: configuring certificate server instance was something like

java.utils.MissingResourceException can't find bundle for base name LogMessages, locale fr_FR.UTF-8
full log at then end

It's a dogtag error but since I had it while installing freeipa, I report it to you.

Finally, for the installation i used a fresh fedora 12 with en_US.UTF-8 locales, rpms version was 1.9.0GIT3620135-0.fc12, and I activate the testing repos as advised in this thread: [Freeipa-users] call implemented methods via xml-rpc.

I tried to play a little with certificates mostly to replace puppet certificate management by the freeipa ones 2°) I wasn't able to do a ipa cert-request --principal=my/test.domain.com my.csr
I had this error:
ipa: ERROR: Certificate operation cannot be completed: Failure decoding Certificate Signing Request

It seems that it was a forgetten line in ipalib/pkcs10.py
here's the patch:

--- /tmp/pkcs10.py    2010-05-03 16:02:22.929018799 +0200
+++ ipalib/pkcs10.py    2010-05-03 16:02:09.855940583 +0200
@@ -52,6 +52,7 @@
namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), + namedtype.NamedType('ia5string', char.IA5String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
         )





that's all for the report, now I have a question:

Is/Will freeipa integrate smart token authentication?
In this page : http://freeipa.org/page/Certificate_Management
You said that "There is no requirement to provision user certificates.". Smart key authentication require user certificates.






# File /var/log/pki-ca/catalina.out
28 avr. 2010 16:08:53 org.apache.catalina.core.ApplicationContext log
GRAVE: StandardWrapper.Throwable
java.util.MissingResourceException: Can't find bundle for base name LogMessages, locale fr_FR at java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:1539)
        at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1278)
        at java.util.ResourceBundle.getBundle(ResourceBundle.java:733)
at com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1103) at com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1176)
        at com.netscape.certsrv.apps.CMS.getLogMessage(CMS.java:637)
at com.netscape.cms.servlet.common.Utils.initializeAuthz(Utils.java:89) at com.netscape.cms.servlet.base.CMSServlet.init(CMSServlet.java:288) at com.netscape.cms.servlet.csadmin.GetStatus.init(GetStatus.java:61) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1139) at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:791) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:127) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:548) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
        at java.lang.Thread.run(Thread.java:636)
28 avr. 2010 16:08:53 org.apache.catalina.core.StandardWrapperValve invoke
GRAVE: Exception lors de l'allocation pour la servlet caGetStatus
java.util.MissingResourceException: Can't find bundle for base name LogMessages, locale fr_FR at java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:1539)
        at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1278)
        at java.util.ResourceBundle.getBundle(ResourceBundle.java:733)
at com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1103) at com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1176)
        at com.netscape.certsrv.apps.CMS.getLogMessage(CMS.java:637)
at com.netscape.cms.servlet.common.Utils.initializeAuthz(Utils.java:89) at com.netscape.cms.servlet.base.CMSServlet.init(CMSServlet.java:288) at com.netscape.cms.servlet.csadmin.GetStatus.init(GetStatus.java:61) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1139) at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:791) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:127) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:548) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
        at java.lang.Thread.run(Thread.java:636)
[Fatal Error] :1:8: The string "--" is not permitted within comments.
28 avr. 2010 16:08:58 org.apache.catalina.core.ApplicationContext log
GRAVE: StandardWrapper.Throwable
java.util.MissingResourceException: Can't find bundle for base name LogMessages, locale fr_FR at java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:1539)
        at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1278)
        at java.util.ResourceBundle.getBundle(ResourceBundle.java:733)
at com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1103) at com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1176)
        at com.netscape.certsrv.apps.CMS.getLogMessage(CMS.java:637)
at com.netscape.cms.servlet.common.Utils.initializeAuthz(Utils.java:89) at com.netscape.cms.servlet.base.CMSServlet.init(CMSServlet.java:288) at com.netscape.cms.servlet.csadmin.GetStatus.init(GetStatus.java:61) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1139) at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:791) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:127) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:548) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
        at java.lang.Thread.run(Thread.java:636)
28 avr. 2010 16:08:58 org.apache.catalina.core.StandardWrapperValve invoke
GRAVE: Exception lors de l'allocation pour la servlet caGetStatus
java.util.MissingResourceException: Can't find bundle for base name LogMessages, locale fr_FR at java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:1539)
        at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1278)
        at java.util.ResourceBundle.getBundle(ResourceBundle.java:733)
at com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1103) at com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1176)
        at com.netscape.certsrv.apps.CMS.getLogMessage(CMS.java:637)
at com.netscape.cms.servlet.common.Utils.initializeAuthz(Utils.java:89) at com.netscape.cms.servlet.base.CMSServlet.init(CMSServlet.java:288) at com.netscape.cms.servlet.csadmin.GetStatus.init(GetStatus.java:61) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1139) at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:791) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:127) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:548) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
        at java.lang.Thread.run(Thread.java:636)
[Fatal Error] :1:8: The string "--" is not permitted within comments.
Exception caught: java.io.IOException: The value for preop.cert.signing.type should be remote Exception caught: java.io.IOException: The value for preop.cert.ocsp_signing.type should be remote Exception caught: java.io.IOException: The value for preop.cert.sslserver.type should be remote Exception caught: java.io.IOException: The value for preop.cert.subsystem.type should be remote Exception caught: java.io.IOException: The value for preop.cert.audit_signing.type should be remote









_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to