Am Montag, 3. Mai 2010 16:17:18 schrieb Marc Schlinger: > Hello, > > I tried to install freeipa with certs management. I did manage after a > problem. > > 1°) The installation was unable to finished on a french localized system. > The error at stage [3/15]: configuring certificate server instance was > something like > > java.utils.MissingResourceException can't find bundle for base name > LogMessages, locale fr_FR.UTF-8 > full log at then end > > It's a dogtag error but since I had it while installing freeipa, I > report it to you. >
This is a bug I also encountered https://bugzilla.redhat.com/show_bug.cgi?id=583177 Quick workaround is to set the system locale (system-config-language) to english just before ipa-server-install, and switch it back to yours after that. Best regards, Oli > Finally, for the installation i used a fresh fedora 12 with en_US.UTF-8 > locales, rpms version was 1.9.0GIT3620135-0.fc12, > and I activate the testing repos as advised in this thread: > [Freeipa-users] call implemented methods via xml-rpc. > > I tried to play a little with certificates mostly to replace puppet > certificate management by the freeipa ones > 2°) I wasn't able to do a ipa cert-request > --principal=my/test.domain.com my.csr > I had this error: > ipa: ERROR: Certificate operation cannot be completed: Failure decoding > Certificate Signing Request > > It seems that it was a forgetten line in ipalib/pkcs10.py > here's the patch: > > --- /tmp/pkcs10.py 2010-05-03 16:02:22.929018799 +0200 > +++ ipalib/pkcs10.py 2010-05-03 16:02:09.855940583 +0200 > @@ -52,6 +52,7 @@ > namedtype.NamedType('universalString', > char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1 > , MAX))), > namedtype.NamedType('utf8String', > char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, > MAX))), > namedtype.NamedType('bmpString', > char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, > MAX))), > + namedtype.NamedType('ia5string', > char.IA5String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, > MAX))), > ) > > > > > > that's all for the report, now I have a question: > > Is/Will freeipa integrate smart token authentication? > In this page : http://freeipa.org/page/Certificate_Management > You said that "There is no requirement to provision user certificates.". > Smart key authentication require user certificates. > > > > > > > # File /var/log/pki-ca/catalina.out > 28 avr. 2010 16:08:53 org.apache.catalina.core.ApplicationContext log > GRAVE: StandardWrapper.Throwable > java.util.MissingResourceException: Can't find bundle for base name > LogMessages, locale fr_FR > at > java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java: > 1539) at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1278) > at java.util.ResourceBundle.getBundle(ResourceBundle.java:733) at > com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1103) > at > com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1176) > at com.netscape.certsrv.apps.CMS.getLogMessage(CMS.java:637) > at > com.netscape.cms.servlet.common.Utils.initializeAuthz(Utils.java:89) > at > com.netscape.cms.servlet.base.CMSServlet.init(CMSServlet.java:288) > at > com.netscape.cms.servlet.csadmin.GetStatus.init(GetStatus.java:61) > at > org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1 > 139) at > org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:791) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.j > ava:127) at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.j > ava:172) at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:12 > 7) at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:11 > 7) at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:548) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.jav > a:108) at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875) > at > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.process > Connection(Http11BaseProtocol.java:665) at > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.ja > va:528) at > org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerW > orkerThread.java:81) at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.ja > va:689) at java.lang.Thread.run(Thread.java:636) > 28 avr. 2010 16:08:53 org.apache.catalina.core.StandardWrapperValve invoke > GRAVE: Exception lors de l'allocation pour la servlet caGetStatus > java.util.MissingResourceException: Can't find bundle for base name > LogMessages, locale fr_FR > at > java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java: > 1539) at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1278) > at java.util.ResourceBundle.getBundle(ResourceBundle.java:733) at > com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1103) > at > com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1176) > at com.netscape.certsrv.apps.CMS.getLogMessage(CMS.java:637) > at > com.netscape.cms.servlet.common.Utils.initializeAuthz(Utils.java:89) > at > com.netscape.cms.servlet.base.CMSServlet.init(CMSServlet.java:288) > at > com.netscape.cms.servlet.csadmin.GetStatus.init(GetStatus.java:61) > at > org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1 > 139) at > org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:791) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.j > ava:127) at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.j > ava:172) at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:12 > 7) at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:11 > 7) at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:548) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.jav > a:108) at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875) > at > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.process > Connection(Http11BaseProtocol.java:665) at > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.ja > va:528) at > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.ja > va:528) at > org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerW > orkerThread.java:81) at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.ja > va:689) at java.lang.Thread.run(Thread.java:636) > [Fatal Error] :1:8: The string "--" is not permitted within comments. > 28 avr. 2010 16:08:58 org.apache.catalina.core.ApplicationContext log > GRAVE: StandardWrapper.Throwable > java.util.MissingResourceException: Can't find bundle for base name > LogMessages, locale fr_FR > at > java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java: > 1539) at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1278) > at java.util.ResourceBundle.getBundle(ResourceBundle.java:733) at > com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1103) > at > com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1176) > at com.netscape.certsrv.apps.CMS.getLogMessage(CMS.java:637) > at > com.netscape.cms.servlet.common.Utils.initializeAuthz(Utils.java:89) > at > com.netscape.cms.servlet.base.CMSServlet.init(CMSServlet.java:288) > at > com.netscape.cms.servlet.csadmin.GetStatus.init(GetStatus.java:61) > at > org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1 > 139) at > org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:791) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.j > ava:127) at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.j > ava:172) at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:12 > 7) at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:11 > 7) at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:548) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.jav > a:108) at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875) > at > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.process > Connection(Http11BaseProtocol.java:665) at > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.ja > va:528) at > org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerW > orkerThread.java:81) at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.ja > va:689) at java.lang.Thread.run(Thread.java:636) > 28 avr. 2010 16:08:58 org.apache.catalina.core.StandardWrapperValve invoke > GRAVE: Exception lors de l'allocation pour la servlet caGetStatus > java.util.MissingResourceException: Can't find bundle for base name > LogMessages, locale fr_FR > at > java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java: > 1539) at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1278) > at java.util.ResourceBundle.getBundle(ResourceBundle.java:733) at > com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1103) > at > com.netscape.cmscore.apps.CMSEngine.getLogMessage(CMSEngine.java:1176) > at com.netscape.certsrv.apps.CMS.getLogMessage(CMS.java:637) > at > com.netscape.cms.servlet.common.Utils.initializeAuthz(Utils.java:89) > at > com.netscape.cms.servlet.base.CMSServlet.init(CMSServlet.java:288) > at > com.netscape.cms.servlet.csadmin.GetStatus.init(GetStatus.java:61) > at > org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1 > 139) at > org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:791) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.j > ava:127) at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.j > ava:172) at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:12 > 7) at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:11 > 7) at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:548) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.jav > a:108) at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875) > at > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.process > Connection(Http11BaseProtocol.java:665) at > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.ja > va:528) at > org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerW > orkerThread.java:81) at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.ja > va:689) at java.lang.Thread.run(Thread.java:636) > [Fatal Error] :1:8: The string "--" is not permitted within comments. > Exception caught: java.io.IOException: The value for > preop.cert.signing.type should be remote > Exception caught: java.io.IOException: The value for > preop.cert.ocsp_signing.type should be remote > Exception caught: java.io.IOException: The value for > preop.cert.sslserver.type should be remote > Exception caught: java.io.IOException: The value for > preop.cert.subsystem.type should be remote > Exception caught: java.io.IOException: The value for > preop.cert.audit_signing.type should be remote > > > > > > > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -- Oliver Burtchen, Berlin _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users