Hi, It worked !! Only the Subordinate CA has a certificate valid only for 2 years. Now I'm looking for how to increase it.
Many thanks! On Mon, Aug 22, 2016 at 11:03 AM, Ade Lee <[email protected]> wrote: > See inline below -- > > On Fri, 2016-08-19 at 07:28 -0300, Leonardo Bacha Abrantes wrote: > > Hi guys, > > I'm trying to configure a subordinate CA, but am receiving the message > "ERROR: Unable to access security domain: 401 Client Error: Unauthorized". > > > I follow these steps: > > > > > ===>> On Server01 (root-ca): > > > setup-ds.pl --silent General.FullMachineName=root-ca.xxx.xxx.xx \ > General.SuiteSpotUserID=nobody General.SuiteSpotGroup=nobody \ > slapd.ServerPort=389 slapd.ServerIdentifier=pki-RootCA \ > slapd.Suffix=dc=EXAMPLE,dc=xxx,dc=xx \ > slapd.RootDN="cn=ldapadmin" slapd.RootDNPwd=PASSWORD > > > > > myconfig.txt > > > [DEFAULT] > pki_admin_password=Root-CA_pwd > pki_client_database_password=Root-CA_pwd > pki_client_pkcs12_password=Root-CA_pwd > pki_ds_password=Root-CA_pwd > pki_security_domain_password=Root-CA_pwd > pki_admin_password=Root-CA_pwd > pki_client_database_password=Root-CA_pwd > pki_client_pkcs12_password=Root-CA_pwd > pki_ds_bind_dn=cn=ldapadmin > pki_ds_password=Root-CA_pwd > pki_security_domain_password=Root-CA_pwd > pki_instance_name=pki-RootCA > > [CA] > pki_ca_signing_subject_dn=cn=EXAMLE Root Certification > Authority,o=XXXXXXXXXXX,c=BR > pki_admin_nickname=PKI Administrator for EXAMPLE > pki_admin_subject_dn=cn=PKI Administrator Root CA,[email protected],o= > XXXXXXXXXX,c=BR > [email protected] > > > > > > ===>> On Server02 (Sub-ca): > > > setup-ds.pl --silent General.FullMachineName=sub-ca.xxx.xxx.xx \ > General.SuiteSpotUserID=nobody General.SuiteSpotGroup=nobody \ > slapd.ServerPort=389 slapd.ServerIdentifier=pki-SubCA \ > slapd.Suffix=dc=EXAMPLE,dc=xxx,dc=xx \ > slapd.RootDN="cn=ldapadmin" slapd.RootDNPwd=OTHER_PASSWORD > > > > > myconfig.txt > > [DEFAULT] > pki_admin_password=SUB-CA_Passord > pki_client_database_password=SUB-CA_Passord > pki_client_pkcs12_password=SUB-CA_Passord > pki_ds_password=SUB-CA_Passord > pki_security_domain_password=SUB-CA_Passord > pki_admin_password=SUB-CA_Passord > pki_client_database_password=SUB-CA_Passord > pki_client_pkcs12_password=SUB-CA_Passord > pki_ds_bind_dn=cn=ldapadmin > pki_ds_password=SUB-CA_Passord > pki_security_domain_password=SUB-CA_Passord > > > This is incorrect. The security domain password -- which for some reason > you have listed twice > in this section -- should be the password for the admin user in the root > CA. > > The subCA is contacting the rootCA - which hosts the secruity domain to > register the new subsystem > with the domain. > > pki_instance_name=pki-SubCA > pki_security_domain_hostname=root-ca.xxxx.xxx.xx > pki_security_domain_https_port=8443 > pki_security_domain_user=caadmin > > [CA] > pki_subordinate=True > pki_issuing_ca=https://root-ca.xxxx.xxxv.xx:8443 > pki_ca_signing_subject_dn=cn=EXAMPLE Certification Authority > L2,o=XXXXXXXXXXX,c=BR > pki_subordinate_create_new_security_domain=True > pki_subordinate_security_domain_name=EXAMPLE Certification Authority L2 > pki_admin_nickname=PKI Administrator for Example Sub-CA L2 > pki_admin_subject_dn=cn=PKI Administrator CA L2,[email protected],o= > XXXXXXXXXXX,c=BR > [email protected] > > > > > when I run pkispawn -v -s CA -f myconfig.txt on Server02: > > > ERROR: Unable to access security domain: 401 Client Error: Unauthorized > > > > === > > > > I tried to use the same passwords on myconfig.txt in both servers just to > test, but I receive the same message. > > > Can you help me please ? > > many thanks! > > > _______________________________________________ > Pki-users mailing > [email protected]https://www.redhat.com/mailman/listinfo/pki-users > >
_______________________________________________ Pki-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-users
