search

SilleBille / pki

Dogtag PKI Issues should be reported to the Dogtag PKI Pagure Issues site
https://pagure.io/dogtagpki/issues
GNU General Public License v2.0
1 stars 1 forks source link

certutil: could not change trust on certificate: SEC_ERROR_TOKEN_NOT_LOGGED_IN #400

Closed SilleBille closed 4 years ago

SilleBille commented 5 years ago

This issue was migrated from Pagure Issue #2888.Originally filed by mharmsen on 2018-01-09

Steps to Reproduce:

1. pkispawn -s CA -f ca.cfg
2. pkispawn -s KRA -f kra.cfg

Actual results:

Log file: /var/log/pki/pki-kra-spawn.20180105105230.log
Loading deployment configuration from kra.cfg.
Installing KRA into /var/lib/pki/RootKRA_hsm.
certutil: Could not find cert: NHSM6000-OCS:Server-Cert cert-RootKRA_hsm
: PR_FILE_NOT_FOUND_ERROR: File not found
Notice: Trust flag u is set automatically if the private key is present.
certutil: could not change trust on certificate: SEC_ERROR_TOKEN_NOT_LOGGED_IN: The operation failed because the PKCS#11 token is not logged in.

    ==========================================================================
                                INSTALLATION SUMMARY
    ==========================================================================

      Administrator's username:             kraadmin
      Administrator's PKCS #12 file:
            /opt/RootKRA_hsm/kraadmincert.p12

      This KRA subsystem of the 'RootKRA_hsm' instance
      has FIPS mode enabled on this operating system.

      REMINDER:  Don't forget to update the appropriate FIPS
                 algorithms in server.xml in the 'RootKRA_hsm' instance.

      To check the status of the subsystem:
            systemctl status pki-tomcatdRootKRA_hsm.service

      To restart the subsystem:
            systemctl restart pki-tomcatdRootKRA_hsm.service

      The URL for the subsystem is:
            https://pki.example.com:21042/kra

      PKI instances will be enabled upon system boot

    ==========================================================================

Expected results:

Not able to see any error messages.

Additional info:

This issue is occured due to certutil.
* BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1393668
SilleBille commented 5 years ago

Posted by mharmsen on 2018-01-09:

This issue exists for the following two actions:

SilleBille commented 5 years ago

Posted by mharmsen on 2018-01-18:

Per PKI Team Meeting of 20180118 moving to 10.6

SilleBille commented 5 years ago

Posted by mharmsen on 2018-04-18:

Per 10.5.x/10.6 Triage: 10.5.x

edewata: misleading error message