The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.
This issue was migrated from Pagure Issue #1609. Originally filed by edewata (@edewata) on 2015-09-12 00:51:28:
Assigned to nobody
Install CA, KRA, TKS, and TPS using separate databases:
pki_share_db=False
The TPS installation will fail with the following error:
pkispawn : ERROR ....... Exception from Java Configuration Servlet: 500 Server Error: Internal Server Error
pkispawn : ERROR ....... ParseError: not well-formed (invalid token): line 1, column 0: {"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.PKIException","Code":500,"Message":"Errors in registering TPS to CA, TKS or KRA: com.netscape.certsrv.base.UnauthorizedException: TPS Connection belongs to another user"}
pkispawn : DEBUG ....... Error Type: ParseError
pkispawn : DEBUG ....... Error Message: not well-formed (invalid token): line 1, column 0
pkispawn : DEBUG ....... File "/usr/sbin/pkispawn", line 600, in main
rv = instance.spawn(deployer)
File "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py", line 117, in spawn
json.dumps(data, cls=pki.encoder.CustomTypeEncoder))
File "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py", line 3907, in configure_pki_data
root = ET.fromstring(text)
File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1300, in XML
parser.feed(text)
File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1642, in feed
self._raiseerror(v)
File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1506, in _raiseerror
raise err
This caused by certificate mapping conflict similar to ticket 1595. Here TPS is trying to create a connector in TKS with user ID TPS--, but the certificate is mapped to pkidbuser. Since the user IDs don't match, the operation is rejected.
This issue was migrated from Pagure Issue #1609. Originally filed by edewata (@edewata) on 2015-09-12 00:51:28:
Install CA, KRA, TKS, and TPS using separate databases:
The TPS installation will fail with the following error:
This caused by certificate mapping conflict similar to ticket 1595. Here TPS is trying to create a connector in TKS with user ID TPS--, but the certificate is mapped to pkidbuser. Since the user IDs don't match, the operation is rejected.
Proposed milestone: 10.3