Ask Your Question
0

Starting Dogtag v10

asked 2013-05-02 12:03:34 -0500

jpbkslave42 gravatar image

Hey there,

Got a fedora 18 kvm with 389-ds setup and working perfectly, having trouble getting Dogtag v10 to cooperate though. The installation went well and all was great until i restarted the machine, after which i can no longer access any of the Dogtag web interfaces (CA, etc). After much googling i found that v10 has a lot of changes, and it seems that it can't be controlled with systemctl / pki-ca; i'm emarrased to say that i can't figure out how to simply start up Dogtag! Tomcat is running, not sure what the issue is.

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2016-10-12 08:50:13 -0500

g10rspki0ne gravatar image

Hi there!, I've achieved a "partial" functing DogTag CA, unfortunately it didn't ever release a valid certificate because of a tricky error and for reasons not in my will I shut it down. Recently I bringing back this topic that I love, can we share common postive thing and discuss negative ones ? jpbkslave42 let me kindly know.

edit flag offensive delete link more
add a comment
0

answered 2013-05-06 11:10:20 -0500

jpbkslave42 gravatar image

Turned to the #Dogtag-PKI IRC chanel and got it resolved! posting here for anyone else having this issue(s) (turned out the problem was 2 fold)

First off - starting the instance manually:

# systemctl restart pki-tomcatd@<instance_name>.service

If you used default settings, your instance name would be pki-tomcat, and the command would be:

# systemctl restart pki-tomcatd@pki-tomcat.service

It seems that pkispawn doesn't set the instance to restart at boot time. To acheive this:

# systemctl enable pki-tomcatd@<instance_name>.service

There is now a trac ticket open to have this (how to start / stop manually, and start at boot) added to the man page: (I was going to provide a link to trac, but apparently my karma is "insufficient")

The other issue is that there is a bug in SELinux policy that mislabels /root/.java as systemu:objectr:adminhomet:s0 - it should be mozillahomet. This will prevent the instance from starting. There is an issue open for this now as well, and the SELinux team is working on a fix that should release today-ish. (same deal here - can't post the link unfortunately... darn karma)

As a temporary fix you can just re-label it real quick (which doesn't survive a reboot mind you!)

# chcon -R -t mozilla_home_t /root/.java

Special thanks to alee in #dogtag-pki for walking me through all this!

edit flag offensive delete link more
add a comment

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2013-05-02 12:03:34 -0500

Seen: 524 times

Last updated: May 06 '13

Related questions

How to add apache-tomcat to eclipse IDE

cannot configure the server and client configuration files [closed]

can i setup fedora 18 as dns server

Can Fedora server support 1000 email clients for e-mail services

What is the server process that allows my user settings and project files to be available on any pc I log into in a lab environment?

logout from server is connected via nautilus

Setting up my Fedora box to be a file server

Best practices for Fedora servers?

How to create users for Tomcat in XAMPP

Need Help Configuring Dynamic DNS Server.

Ask Fedora is community maintained and Red Hat or Fedora Project is not responsible for content. Content on this site is licensed under a CC-BY-SA 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2