Open p57p57 opened 3 years ago
part of the conf file for step 2. I have tried both (ca.crt is my rootCA certificate, UsersCA-4.crt is the signed certificate from the CSR signed by the rootCA) option 1: pki_external_step_two=True pki_cert_chain_path=ca.crt pki_ca_signing_cert_path=UsersCA-4.crt
option 2: pki_external_step_two=True pki_cert_chain_path=ca.p7b pki_ca_signing_cert_path=UsersCA-4.crt
And by the way, if i attempt to create a rootCA using interactive mode, it works ...
During step 2 of an externally signed CA, the installation failed with the following error message:
Installation failed: Command failed: pki -d /var/lib/pki/XXXXXX/alias pkcs7-cert-export --pkcs7-file /tmp/tmpiu1lMX/cert_chain.p7b --output-prefix /tmp/tmp7c8rxl/cert --output-suffix .crt
Logs from /var/log/pki/pki-ca-spawn.20201118123850.log:
2020-11-18 12:38:50 pkispawn : INFO ....... importing ca_signing certificate from UsersCA-4.crt 2020-11-18 12:38:50 pki.nssdb : DEBUG Command: pki -d /var/lib/pki/XXXXXXX/alias pkcs7-cert-export --pkcs7-file /tmp/tmphixnSq/cert_chain.p7b --output-prefix /tmp/tmpwvsiMR/cert --output-suffix .crt 2020-11-18 12:38:52 pkispawn : DEBUG ....... Error Type: CalledProcessError 2020-11-18 12:38:52 pkispawn : DEBUG ....... Error Message: Command '['pki', '-d', '/var/lib/pki/XXXXX/alias', 'pkcs7-cert-export', '--pkcs7-file', '/tmp/tmphixnSq/cert_chain.p7b', '--output-prefix', '/tmp/tmpwvsiMR/cert', '--output-suffix', '.crt']' returned non-zero exit status 255 2020-11-18 12:38:52 pkispawn : DEBUG ....... File "/usr/sbin/pkispawn", line 534, in main scriptlet.spawn(deployer) File "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py", line 1089, in spawn self.import_system_certs(deployer, nssdb, subsystem) File "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py", line 622, in import_system_certs self.import_ca_signing_cert(deployer, nssdb) File "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py", line 443, in import_ca_signing_cert trust_attributes='CT,C,C') File "/usr/lib/python2.7/site-packages/pki/nssdb.py", line 1157, in import_cert_chain trust_attributes=trust_attributes) File "/usr/lib/python2.7/site-packages/pki/nssdb.py", line 1189, in import_pkcs7 subprocess.check_call(cmd) File "/usr/lib64/python2.7/subprocess.py", line 542, in check_call raise CalledProcessError(retcode, cmd)
Info: rpm -q pki-server: pki-server-10.5.17-6.el7.noarch rpm -q tomcat: tomcat-7.0.76-12.el7_8.noarch