Uploaded image for project: 'Dogtag PKI'
  1. Dogtag PKI
  2. DOGTAG-551

CA subsystem Installation fails on LunaHSM Client.

XMLWordPrintable

    • Moderate
    • rhel-idm-cs
    • rc
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • 42

      Description of problem:

      CA installation fails on FIPS enable LunaHSM client system.

      Version-Release number of selected component (if applicable):

      [root@pki1 ~]# rpm -qi redhat-pki-ca
      Name : redhat-pki-ca
      Version : 10.11.1
      Release : 2.module+el8pki+12549+b49d0ccf
      Architecture: noarch
      Install Date: Thu 16 Sep 2021 01:38:37 PM EDT
      Group : Unspecified
      Size : 3506061
      License : GPLv2 and LGPLv2
      Signature : RSA/SHA256, Thu 09 Sep 2021 12:48:37 PM EDT, Key ID 199e2f91fd431d51
      Source RPM : redhat-pki-10.11.1-2.module+el8pki+12549+b49d0ccf.src.rpm
      Build Date : Thu 09 Sep 2021 11:59:53 AM EDT
      Build Host : arm64-018.build.eng.bos.redhat.com
      Relocations : (not relocatable)
      Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
      Vendor : Red Hat, Inc.
      URL : https://www.dogtagpki.org
      Summary : Red Hat Certificate System CA Package

      How reproducible:

      Steps to Reproduce:
      1. Configure LunaHSM Client
      2. Install CA.
      3.

      Actual results:

      [root@pki1 ~]# fips-mode-setup --check
      FIPS mode is enabled.
      [root@pki1 ~]#

      [root@pki1 ~]# sestatus
      SELinux status: enabled
      SELinuxfs mount: /sys/fs/selinux
      SELinux root directory: /etc/selinux
      Loaded policy name: targeted
      Current mode: enforcing
      Mode from config file: enforcing
      Policy MLS status: enabled
      Policy deny_unknown status: allowed
      Memory protection checking: actual (secure)
      Max kernel policy version: 33
      [root@pki1 ~]#

      [root@pki1 ~]# /usr/safenet/lunaclient/bin/lunacm
      lunacm (64-bit) v7.11.1-5 (7.11.1-5-ga24a9e8). Copyright (c) 2020 SafeNet Assured Technologies, LLC. All rights reserved.

      Available HSMs:

      Slot Id -> 0
      HSM Label -> thalesLunaQE
      HSM Serial Number -> 100084041
      HSM Model -> LunaSA 7.11.0
      HSM Firmware Version -> 7.11.1
      HSM Configuration -> Luna Network HSM Slot (PW) Signing With Cloning Mode
      HSM Status -> OK

      Current Slot Id: 0

      lunacm:>clientconfig verify

      The following Slots/Partitions were found:

      Slot Serial # Label
      ==== ================ =====
      0 100084041 thalesLunaQE

      Command Result : No Error

      lunacm:>

      [root@pki1 ~]# pkispawn -s CA -f config/ca.cfg -vvv
      The -vvv option has been deprecated. Use --debug instead.
      Loading deployment configuration from config/ca.cfg.
      Installation log: /var/log/pki/pki-ca-spawn.20210924091238.log
      INFO: Connecting to LDAP server at ldap://pki1.example.com:3389
      INFO: Connecting to LDAP server at ldap://pki1.example.com:3389
      Installing CA into /var/lib/pki/topology-02-CA-gswami.
      INFO: BEGIN spawning CA subsystem in topology-02-CA-gswami instance
      INFO: Loading instance: topology-02-CA-gswami
      INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf
      INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf
      INFO: Setting up pkiuser group
      INFO: Reusing existing pkiuser group with GID 17
      INFO: Setting up pkiuser user
      INFO: Reusing existing pkiuser user with UID 17
      DEBUG: Retrieving UID for 'pkiuser'
      DEBUG: UID of 'pkiuser' is 17
      DEBUG: Retrieving GID for 'pkiuser'
      DEBUG: GID of 'pkiuser' is 17
      INFO: Initialization
      INFO: Setting up infrastructure
      INFO: Creating /etc/sysconfig/pki/tomcat/topology-02-CA-gswami
      DEBUG: Command: mkdir -p /etc/sysconfig/pki/tomcat/topology-02-CA-gswami
      DEBUG: Command: chmod 770 /etc/sysconfig/pki/tomcat/topology-02-CA-gswami
      DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/topology-02-CA-gswami
      INFO: Creating /etc/sysconfig/pki/tomcat/topology-02-CA-gswami/ca
      DEBUG: Command: mkdir -p /etc/sysconfig/pki/tomcat/topology-02-CA-gswami/ca
      DEBUG: Command: chmod 770 /etc/sysconfig/pki/tomcat/topology-02-CA-gswami/ca
      DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/topology-02-CA-gswami/ca
      INFO: Creating /etc/sysconfig/pki/tomcat/topology-02-CA-gswami/ca/default.cfg
      DEBUG: Command: cp -p /usr/share/pki/server/etc/default.cfg /etc/sysconfig/pki/tomcat/topology-02-CA-gswami/ca/default.cfg
      DEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/topology-02-CA-gswami/ca/default.cfg
      DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/topology-02-CA-gswami/ca/default.cfg
      DEBUG: Command: touch /etc/sysconfig/pki/tomcat/topology-02-CA-gswami/ca/deployment.cfg
      DEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/topology-02-CA-gswami/ca/deployment.cfg
      DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/topology-02-CA-gswami/ca/deployment.cfg
      INFO: Creating /var/lib/pki/topology-02-CA-gswami
      DEBUG: Command: mkdir -p /var/lib/pki/topology-02-CA-gswami
      DEBUG: Command: chmod 770 /var/lib/pki/topology-02-CA-gswami
      DEBUG: Command: chown 17:17 /var/lib/pki/topology-02-CA-gswami
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/ca
      DEBUG: Command: mkdir -p /var/lib/pki/topology-02-CA-gswami/ca
      DEBUG: Command: chmod 770 /var/lib/pki/topology-02-CA-gswami/ca
      DEBUG: Command: chown 17:17 /var/lib/pki/topology-02-CA-gswami/ca
      INFO: Preparing topology-02-CA-gswami instance
      INFO: Loading instance: topology-02-CA-gswami
      INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf
      INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf
      INFO: Creating /etc/pki/topology-02-CA-gswami
      DEBUG: Command: mkdir /etc/pki/topology-02-CA-gswami
      INFO: Creating /etc/pki/topology-02-CA-gswami/password.conf
      INFO: Generating random server NSS database password
      INFO: Using specified internal database password
      INFO: Generating random replication manager password
      INFO: Creating /var/log/pki/topology-02-CA-gswami
      DEBUG: Command: mkdir -p /var/log/pki/topology-02-CA-gswami
      DEBUG: Command: chmod 770 /var/log/pki/topology-02-CA-gswami
      DEBUG: Command: chown 17:17 /var/log/pki/topology-02-CA-gswami
      INFO: Creating /etc/pki/topology-02-CA-gswami/tomcat.conf
      DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/pki/topology-02-CA-gswami/tomcat.conf
      INFO: Creating /etc/pki/topology-02-CA-gswami/server.xml
      DEBUG: Command: cp /usr/share/pki/server/conf/server.xml /etc/pki/topology-02-CA-gswami/server.xml
      INFO: Creating /etc/pki/topology-02-CA-gswami/catalina.properties
      DEBUG: Command: ln -s /usr/share/pki/server/conf/catalina.properties /etc/pki/topology-02-CA-gswami/catalina.properties
      INFO: Creating /etc/pki/topology-02-CA-gswami/context.xml
      DEBUG: Command: ln -s /etc/tomcat/context.xml /etc/pki/topology-02-CA-gswami/context.xml
      INFO: Creating /etc/pki/topology-02-CA-gswami/logging.properties
      DEBUG: Command: ln -s /usr/share/pki/server/conf/logging.properties /etc/pki/topology-02-CA-gswami/logging.properties
      INFO: Creating /etc/sysconfig/topology-02-CA-gswami
      DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/sysconfig/topology-02-CA-gswami
      INFO: Creating /etc/pki/topology-02-CA-gswami/tomcat.conf
      DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/pki/topology-02-CA-gswami/tomcat.conf
      INFO: Creating /etc/pki/topology-02-CA-gswami/web.xml
      DEBUG: Command: ln -s /etc/tomcat/web.xml /etc/pki/topology-02-CA-gswami/web.xml
      INFO: Creating /etc/pki/topology-02-CA-gswami/Catalina
      DEBUG: Command: mkdir /etc/pki/topology-02-CA-gswami/Catalina
      INFO: Creating /etc/pki/topology-02-CA-gswami/Catalina/localhost
      DEBUG: Command: mkdir /etc/pki/topology-02-CA-gswami/Catalina/localhost
      INFO: Deploying ROOT web application
      INFO: Creating /etc/pki/topology-02-CA-gswami/Catalina/localhost/ROOT.xml
      INFO: Deploying /pki web application
      INFO: Creating /etc/pki/topology-02-CA-gswami/Catalina/localhost/pki.xml
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/lib
      DEBUG: Command: ln -s /usr/share/pki/server/lib /var/lib/pki/topology-02-CA-gswami/lib
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/common
      DEBUG: Command: mkdir /var/lib/pki/topology-02-CA-gswami/common
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/common/lib
      DEBUG: Command: ln -s /usr/share/pki/server/common/lib /var/lib/pki/topology-02-CA-gswami/common/lib
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/temp
      DEBUG: Command: mkdir -p /var/lib/pki/topology-02-CA-gswami/temp
      DEBUG: Command: chmod 770 /var/lib/pki/topology-02-CA-gswami/temp
      DEBUG: Command: chown 17:17 /var/lib/pki/topology-02-CA-gswami/temp
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/work
      DEBUG: Command: mkdir -p /var/lib/pki/topology-02-CA-gswami/work
      DEBUG: Command: chmod 770 /var/lib/pki/topology-02-CA-gswami/work
      DEBUG: Command: chown 17:17 /var/lib/pki/topology-02-CA-gswami/work
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/work/Catalina
      DEBUG: Command: mkdir -p /var/lib/pki/topology-02-CA-gswami/work/Catalina
      DEBUG: Command: chmod 770 /var/lib/pki/topology-02-CA-gswami/work/Catalina
      DEBUG: Command: chown 17:17 /var/lib/pki/topology-02-CA-gswami/work/Catalina
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/work/Catalina/localhost
      DEBUG: Command: mkdir -p /var/lib/pki/topology-02-CA-gswami/work/Catalina/localhost
      DEBUG: Command: chmod 770 /var/lib/pki/topology-02-CA-gswami/work/Catalina/localhost
      DEBUG: Command: chown 17:17 /var/lib/pki/topology-02-CA-gswami/work/Catalina/localhost
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/work/Catalina/localhost/_
      DEBUG: Command: mkdir -p /var/lib/pki/topology-02-CA-gswami/work/Catalina/localhost/_
      DEBUG: Command: chmod 770 /var/lib/pki/topology-02-CA-gswami/work/Catalina/localhost/_
      DEBUG: Command: chown 17:17 /var/lib/pki/topology-02-CA-gswami/work/Catalina/localhost/_
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/work/Catalina/localhost/ca
      DEBUG: Command: mkdir -p /var/lib/pki/topology-02-CA-gswami/work/Catalina/localhost/ca
      DEBUG: Command: chmod 770 /var/lib/pki/topology-02-CA-gswami/work/Catalina/localhost/ca
      DEBUG: Command: chown 17:17 /var/lib/pki/topology-02-CA-gswami/work/Catalina/localhost/ca
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/bin
      DEBUG: Command: ln -s /usr/share/tomcat/bin /var/lib/pki/topology-02-CA-gswami/bin
      DEBUG: Command: chown -h 17:17 /var/lib/pki/topology-02-CA-gswami/bin
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/topology-02-CA-gswami
      DEBUG: Command: ln -s /usr/sbin/tomcat /var/lib/pki/topology-02-CA-gswami/topology-02-CA-gswami
      DEBUG: Command: chown -h 0:0 /var/lib/pki/topology-02-CA-gswami/topology-02-CA-gswami
      DEBUG: Command: systemctl daemon-reload
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/conf
      DEBUG: Command: ln -s /etc/pki/topology-02-CA-gswami /var/lib/pki/topology-02-CA-gswami/conf
      DEBUG: Command: chown -h 17:17 /var/lib/pki/topology-02-CA-gswami/conf
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/logs
      DEBUG: Command: ln -s /var/log/pki/topology-02-CA-gswami /var/lib/pki/topology-02-CA-gswami/logs
      DEBUG: Command: chown -h 17:17 /var/lib/pki/topology-02-CA-gswami/logs
      INFO: Creating /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@topology-02-CA-gswami.service
      DEBUG: Command: ln -s /lib/systemd/system/pki-tomcatd@.service /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@topology-02-CA-gswami.service
      DEBUG: Command: chown -h 17:17 /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@topology-02-CA-gswami.service
      INFO: Creating /etc/sysconfig/pki/tomcat/topology-02-CA-gswami/topology-02-CA-gswami
      DEBUG: Command: cp /usr/share/pki/setup/pkidaemon_registry /etc/sysconfig/pki/tomcat/topology-02-CA-gswami/topology-02-CA-gswami
      INFO: Creating CA subsystem
      INFO: Creating /var/log/pki/topology-02-CA-gswami/ca
      DEBUG: Command: mkdir /var/log/pki/topology-02-CA-gswami/ca
      INFO: Creating /var/log/pki/topology-02-CA-gswami/ca/archive
      DEBUG: Command: mkdir /var/log/pki/topology-02-CA-gswami/ca/archive
      INFO: Creating /var/log/pki/topology-02-CA-gswami/ca/signedAudit
      DEBUG: Command: mkdir /var/log/pki/topology-02-CA-gswami/ca/signedAudit
      INFO: Creating /etc/pki/topology-02-CA-gswami/ca
      DEBUG: Command: mkdir /etc/pki/topology-02-CA-gswami/ca
      INFO: Creating /etc/pki/topology-02-CA-gswami/ca/CS.cfg
      DEBUG: Command: cp /usr/share/pki/ca/conf/CS.cfg /etc/pki/topology-02-CA-gswami/ca/CS.cfg
      INFO: Creating /etc/pki/topology-02-CA-gswami/ca/registry.cfg
      DEBUG: Command: cp /usr/share/pki/ca/conf/registry.cfg /etc/pki/topology-02-CA-gswami/ca/registry.cfg
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/ca/emails
      DEBUG: Command: mkdir /var/lib/pki/topology-02-CA-gswami/ca/emails
      DEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJob /var/lib/pki/topology-02-CA-gswami/ca/emails/ExpiredUnpublishJob
      DEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJobItem /var/lib/pki/topology-02-CA-gswami/ca/emails/ExpiredUnpublishJobItem
      DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA /var/lib/pki/topology-02-CA-gswami/ca/emails/certIssued_CA
      DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA.html /var/lib/pki/topology-02-CA-gswami/ca/emails/certIssued_CA.html
      DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA /var/lib/pki/topology-02-CA-gswami/ca/emails/certIssued_RA
      DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA.html /var/lib/pki/topology-02-CA-gswami/ca/emails/certIssued_RA.html
      DEBUG: Command: cp /usr/share/pki/ca/emails/certRequestRejected.html /var/lib/pki/topology-02-CA-gswami/ca/emails/certRequestRejected.html
      DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA /var/lib/pki/topology-02-CA-gswami/ca/emails/certRevoked_CA
      DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA.html /var/lib/pki/topology-02-CA-gswami/ca/emails/certRevoked_CA.html
      DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA /var/lib/pki/topology-02-CA-gswami/ca/emails/certRevoked_RA
      DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA.html /var/lib/pki/topology-02-CA-gswami/ca/emails/certRevoked_RA.html
      DEBUG: Command: cp /usr/share/pki/ca/emails/euJob1.html /var/lib/pki/topology-02-CA-gswami/ca/emails/euJob1.html
      DEBUG: Command: cp /usr/share/pki/ca/emails/euJob1Item.html /var/lib/pki/topology-02-CA-gswami/ca/emails/euJob1Item.html
      DEBUG: Command: cp /usr/share/pki/ca/emails/publishCerts.html /var/lib/pki/topology-02-CA-gswami/ca/emails/publishCerts.html
      DEBUG: Command: cp /usr/share/pki/ca/emails/publishCertsItem.html /var/lib/pki/topology-02-CA-gswami/ca/emails/publishCertsItem.html
      DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA /var/lib/pki/topology-02-CA-gswami/ca/emails/reqInQueue_CA
      DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA.html /var/lib/pki/topology-02-CA-gswami/ca/emails/reqInQueue_CA.html
      DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA /var/lib/pki/topology-02-CA-gswami/ca/emails/reqInQueue_RA
      DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA.html /var/lib/pki/topology-02-CA-gswami/ca/emails/reqInQueue_RA.html
      DEBUG: Command: cp /usr/share/pki/ca/emails/riq1Item.html /var/lib/pki/topology-02-CA-gswami/ca/emails/riq1Item.html
      DEBUG: Command: cp /usr/share/pki/ca/emails/riq1Summary.html /var/lib/pki/topology-02-CA-gswami/ca/emails/riq1Summary.html
      DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1.txt /var/lib/pki/topology-02-CA-gswami/ca/emails/rnJob1.txt
      DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Item.txt /var/lib/pki/topology-02-CA-gswami/ca/emails/rnJob1Item.txt
      DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Summary.txt /var/lib/pki/topology-02-CA-gswami/ca/emails/rnJob1Summary.txt
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca
      DEBUG: Command: mkdir /var/lib/pki/topology-02-CA-gswami/ca/profiles
      DEBUG: Command: mkdir /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTPSCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caTPSCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/AdminCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/AdminCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthTransportCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caInternalAuthTransportCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/DomainController.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/DomainController.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenMSLoginEnrollment.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caTokenMSLoginEnrollment.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/ECAdminCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/ECAdminCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/acmeServerCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/acmeServerCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTransportCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caTransportCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAdminCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caAdminCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caJarSigningCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caJarSigningCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentFileSigning.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caAgentFileSigning.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOtherCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caOtherCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentServerCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caAgentServerCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOCSPCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caOCSPCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAuditSigningCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caAuditSigningCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUUIDdeviceCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caUUIDdeviceCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCACert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caCACert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caUserCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECUserCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caCMCECUserCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRACert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caRACert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECserverCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caCMCECserverCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRARouterCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caRARouterCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECsubsystemCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caCMCECsubsystemCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserSMIMEcapCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caUserSMIMEcapCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCUserCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caCMCUserCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAagentCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caRAagentCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCauditSigningCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caCMCauditSigningCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caCMCcaCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAserverCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caRAserverCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraStorageCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caCMCkraStorageCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRouterCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caRouterCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraTransportCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caCMCkraTransportCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCocspCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caCMCocspCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCserverCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caCMCserverCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSSLClientSelfRenewal.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caSSLClientSelfRenewal.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCsubsystemCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caCMCsubsystemCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caServerCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCrossSignedCACert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caCrossSignedCACert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCertWithSCT.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caServerCertWithSCT.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirBasedDualCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caDirBasedDualCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSignedLogCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caSignedLogCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirPinUserCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caDirPinUserCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caDirUserCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_DirUserCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caServerKeygen_DirUserCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserRenewal.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caDirUserRenewal.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caDualCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_UserCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caServerKeygen_UserCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualRAuserCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caDualRAuserCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAdminCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caECAdminCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningECUserCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caSigningECUserCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAgentServerCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caECAgentServerCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningUserCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caSigningUserCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirPinUserCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caECDirPinUserCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirUserCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caECDirUserCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDualCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caECDualCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caFullCMCUserCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSimpleCMCUserCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caSimpleCMCUserCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caECFullCMCUserCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCSharedTokenCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caFullCMCSharedTokenCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserSignedCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caECFullCMCUserSignedCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthOCSPCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caInternalAuthOCSPCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthServerCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caECInternalAuthServerCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserSignedCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caFullCMCUserSignedCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caECServerCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caStorageCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caStorageCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCertWithSCT.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caECServerCertWithSCT.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSimpleCMCUserCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caECSimpleCMCUserCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSubsystemCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caSubsystemCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSubsystemCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caECSubsystemCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECUserCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caECUserCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncECUserCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caEncECUserCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncUserCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caEncUserCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caIPAserviceCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInstallCACert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caInstallCACert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthServerCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caInternalAuthServerCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthSubsystemCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caInternalAuthSubsystemCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caManualRenewal.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caManualRenewal.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg
      DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg /var/lib/pki/topology-02-CA-gswami/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg
      INFO: Creating /etc/pki/topology-02-CA-gswami/ca/flatfile.txt
      DEBUG: Command: cp /usr/share/pki/ca/conf/flatfile.txt /etc/pki/topology-02-CA-gswami/ca/flatfile.txt
      INFO: Creating /etc/pki/topology-02-CA-gswami/ca/adminCert.profile
      DEBUG: Command: cp /usr/share/pki/ca/conf/rsaAdminCert.profile /etc/pki/topology-02-CA-gswami/ca/adminCert.profile
      INFO: Creating /etc/pki/topology-02-CA-gswami/ca/caAuditSigningCert.profile
      DEBUG: Command: cp /usr/share/pki/ca/conf/caAuditSigningCert.profile /etc/pki/topology-02-CA-gswami/ca/caAuditSigningCert.profile
      INFO: Creating /etc/pki/topology-02-CA-gswami/ca/caCert.profile
      DEBUG: Command: cp /usr/share/pki/ca/conf/caCert.profile /etc/pki/topology-02-CA-gswami/ca/caCert.profile
      INFO: Creating /etc/pki/topology-02-CA-gswami/ca/caOCSPCert.profile
      DEBUG: Command: cp /usr/share/pki/ca/conf/caOCSPCert.profile /etc/pki/topology-02-CA-gswami/ca/caOCSPCert.profile
      INFO: Creating /etc/pki/topology-02-CA-gswami/ca/serverCert.profile
      DEBUG: Command: cp /usr/share/pki/ca/conf/rsaServerCert.profile /etc/pki/topology-02-CA-gswami/ca/serverCert.profile
      INFO: Creating /etc/pki/topology-02-CA-gswami/ca/subsystemCert.profile
      DEBUG: Command: cp /usr/share/pki/ca/conf/rsaSubsystemCert.profile /etc/pki/topology-02-CA-gswami/ca/subsystemCert.profile
      INFO: Creating /etc/pki/topology-02-CA-gswami/ca/proxy.conf
      DEBUG: Command: cp /usr/share/pki/ca/conf/proxy.conf /etc/pki/topology-02-CA-gswami/ca/proxy.conf
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/ca/conf
      DEBUG: Command: ln -s /etc/pki/topology-02-CA-gswami/ca /var/lib/pki/topology-02-CA-gswami/ca/conf
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/ca/logs
      DEBUG: Command: ln -s /var/log/pki/topology-02-CA-gswami/ca /var/lib/pki/topology-02-CA-gswami/ca/logs
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/ca/registry
      DEBUG: Command: ln -s /etc/sysconfig/pki/tomcat/topology-02-CA-gswami /var/lib/pki/topology-02-CA-gswami/ca/registry
      INFO: Loading instance: topology-02-CA-gswami
      INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf
      INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf
      INFO: Loading instance Tomcat config: /etc/pki/topology-02-CA-gswami/tomcat.conf
      INFO: Loading password config: /etc/pki/topology-02-CA-gswami/password.conf
      INFO: Loading subsystem config: /var/lib/pki/topology-02-CA-gswami/ca/conf/CS.cfg
      INFO: Loading subsystem registry: /var/lib/pki/topology-02-CA-gswami/ca/conf/registry.cfg
      INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/topology-02-CA-gswami/topology-02-CA-gswami
      DEBUG: - user: pkiuser
      DEBUG: - group: pkiuser
      INFO: Getting signing cert info from CS.cfg
      INFO: Getting ocsp_signing cert info from CS.cfg
      INFO: Getting sslserver cert info from CS.cfg
      INFO: Getting subsystem cert info from CS.cfg
      INFO: Getting audit_signing cert info from CS.cfg
      INFO: Storing subsystem config: /var/lib/pki/topology-02-CA-gswami/ca/conf/CS.cfg
      INFO: Storing registry config: /var/lib/pki/topology-02-CA-gswami/ca/conf/registry.cfg
      INFO: Deploying /ca web application
      INFO: Loading instance: topology-02-CA-gswami
      INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf
      INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf
      INFO: Loading instance Tomcat config: /etc/pki/topology-02-CA-gswami/tomcat.conf
      INFO: Loading password config: /etc/pki/topology-02-CA-gswami/password.conf
      INFO: Loading subsystem config: /var/lib/pki/topology-02-CA-gswami/ca/conf/CS.cfg
      INFO: Loading subsystem registry: /var/lib/pki/topology-02-CA-gswami/ca/conf/registry.cfg
      INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/topology-02-CA-gswami/topology-02-CA-gswami
      DEBUG: - user: pkiuser
      DEBUG: - group: pkiuser
      INFO: Creating /var/lib/pki/topology-02-CA-gswami/ca/webapps
      DEBUG: Command: mkdir -p /var/lib/pki/topology-02-CA-gswami/ca/webapps
      DEBUG: Command: chmod 770 /var/lib/pki/topology-02-CA-gswami/ca/webapps
      DEBUG: Command: chown 17:17 /var/lib/pki/topology-02-CA-gswami/ca/webapps
      INFO: Setting up ownerships, permissions, and ACLs on /var/lib/pki/topology-02-CA-gswami/ca/webapps
      INFO: Loading instance: topology-02-CA-gswami
      INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf
      INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf
      INFO: Loading instance Tomcat config: /etc/pki/topology-02-CA-gswami/tomcat.conf
      INFO: Loading password config: /etc/pki/topology-02-CA-gswami/password.conf
      INFO: Loading subsystem config: /var/lib/pki/topology-02-CA-gswami/ca/conf/CS.cfg
      INFO: Loading subsystem registry: /var/lib/pki/topology-02-CA-gswami/ca/conf/registry.cfg
      INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/topology-02-CA-gswami/topology-02-CA-gswami
      DEBUG: - user: pkiuser
      DEBUG: - group: pkiuser
      INFO: Creating password file: /etc/pki/topology-02-CA-gswami/pfile
      INFO: Updating /etc/pki/topology-02-CA-gswami/password.conf
      DEBUG: Command: chmod 660 /etc/pki/topology-02-CA-gswami/password.conf
      DEBUG: Command: chown 17:17 /etc/pki/topology-02-CA-gswami/password.conf
      INFO: Creating /etc/pki/topology-02-CA-gswami/alias
      DEBUG: Command: mkdir /etc/pki/topology-02-CA-gswami/alias
      INFO: Creating NSS database: /etc/pki/topology-02-CA-gswami/alias
      DEBUG: Command: certutil -N -d /etc/pki/topology-02-CA-gswami/alias -f /etc/pki/topology-02-CA-gswami/pfile
      DEBUG: Command: ln -s /etc/pki/topology-02-CA-gswami/alias /var/lib/pki/topology-02-CA-gswami/alias
      DEBUG: Command: ln -s /var/lib/pki/topology-02-CA-gswami/alias /var/lib/pki/topology-02-CA-gswami/ca/alias
      INFO: Checking module thalesLunaQE
      DEBUG: Command: modutil -dbdir /etc/pki/topology-02-CA-gswami/alias -rawlist
      INFO: Output: library= name="NSS Internal PKCS #11 Module" NSS="Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1=

      {slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}

      )" parameters="configdir=/etc/pki/topology-02-CA-gswami/alias certPrefix= keyPrefix= secmod=secmod.db flags=readOnly "
      INFO: Adding module thalesLunaQE: /usr/safenet/lunaclient/lib/libCryptoki2_64.so
      DEBUG: Command: modutil -dbdir /etc/pki/topology-02-CA-gswami/alias -nocertdb -add thalesLunaQE -libfile /usr/safenet/lunaclient/lib/libCryptoki2_64.so -force
      INFO: Removing /etc/pki/topology-02-CA-gswami/pfile
      DEBUG: Command: rm -f /etc/pki/topology-02-CA-gswami/pfile
      INFO: Getting signing cert info from CS.cfg
      INFO: Getting ocsp_signing cert info from CS.cfg
      INFO: Getting sslserver cert info from CS.cfg
      INFO: Getting subsystem cert info from CS.cfg
      INFO: Getting audit_signing cert info from CS.cfg
      INFO: Injecting SAN: False
      INFO: SSL server cert SAN:
      INFO: Storing subsystem config: /var/lib/pki/topology-02-CA-gswami/ca/conf/CS.cfg
      INFO: Storing registry config: /var/lib/pki/topology-02-CA-gswami/ca/conf/registry.cfg
      INFO: Creating /opt/topology-02-CA/ca
      DEBUG: Command: mkdir -p /opt/topology-02-CA/ca
      DEBUG: Command: chmod 755 /opt/topology-02-CA/ca
      DEBUG: Command: chown 0:0 /opt/topology-02-CA/ca
      INFO: Creating password file: /opt/topology-02-CA/ca/password.conf
      INFO: Updating /opt/topology-02-CA/ca/password.conf
      DEBUG: Command: chmod 660 /opt/topology-02-CA/ca/password.conf
      DEBUG: Command: chown 0:0 /opt/topology-02-CA/ca/password.conf
      INFO: Storing PKCS #12 password in /opt/topology-02-CA/ca/pkcs12_password.conf
      INFO: Updating /opt/topology-02-CA/ca/pkcs12_password.conf
      DEBUG: Command: chmod 660 /opt/topology-02-CA/ca/pkcs12_password.conf
      DEBUG: Command: chown 17:17 /opt/topology-02-CA/ca/pkcs12_password.conf
      DEBUG: Command: mkdir /opt/topology-02-CA/ca/alias
      DEBUG: Command: certutil -N -d /opt/topology-02-CA/ca/alias -f /opt/topology-02-CA/ca/password.conf
      INFO: Creating SELinux contexts
      INFO: adding selinux fcontext "/var/lib/pki/topology-02-CA-gswami(/.*)?"
      INFO: adding selinux fcontext "/var/log/pki/topology-02-CA-gswami(/.*)?"
      INFO: adding selinux fcontext "/etc/pki/topology-02-CA-gswami(/.*)?"
      INFO: adding selinux fcontext "/etc/pki/topology-02-CA-gswami/alias(/.*)?"
      INFO: adding selinux port 20080
      INFO: adding selinux port 20443
      INFO: adding selinux port 20005
      INFO: adding selinux port 20009
      INFO: Generating system keys
      INFO: Loading instance: topology-02-CA-gswami
      INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf
      INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf
      INFO: Loading instance Tomcat config: /etc/pki/topology-02-CA-gswami/tomcat.conf
      INFO: Loading password config: /etc/pki/topology-02-CA-gswami/password.conf
      INFO: Loading subsystem config: /var/lib/pki/topology-02-CA-gswami/ca/conf/CS.cfg
      INFO: Loading subsystem registry: /var/lib/pki/topology-02-CA-gswami/ca/conf/registry.cfg
      INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/topology-02-CA-gswami/topology-02-CA-gswami
      DEBUG: - user: pkiuser
      DEBUG: - group: pkiuser
      INFO: Configuring subsystem
      INFO: Loading instance: topology-02-CA-gswami
      INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf
      INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf
      INFO: Loading instance Tomcat config: /etc/pki/topology-02-CA-gswami/tomcat.conf
      INFO: Loading password config: /etc/pki/topology-02-CA-gswami/password.conf
      INFO: Loading subsystem config: /var/lib/pki/topology-02-CA-gswami/ca/conf/CS.cfg
      INFO: Loading subsystem registry: /var/lib/pki/topology-02-CA-gswami/ca/conf/registry.cfg
      INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/topology-02-CA-gswami/topology-02-CA-gswami
      DEBUG: - user: pkiuser
      DEBUG: - group: pkiuser
      INFO: Storing subsystem config: /var/lib/pki/topology-02-CA-gswami/ca/conf/CS.cfg
      INFO: Storing registry config: /var/lib/pki/topology-02-CA-gswami/ca/conf/registry.cfg
      INFO: Checking existing SSL server cert: Server-Cert cert-topology-02-CA-gswami
      DEBUG: Command: certutil -L -d /etc/pki/topology-02-CA-gswami/alias -f /tmp/tmp1owmrj0q/password.txt -n Server-Cert cert-topology-02-CA-gswami -a
      INFO: Creating temp SSL server cert for pki1.example.com
      DEBUG: Command: openssl rand -out /tmp/tmpxufo8v14/noise 2048
      DEBUG: Command: certutil -R -d /etc/pki/topology-02-CA-gswami/alias -k rsa -g 2048 -z /tmp/tmpxufo8v14/noise -f /tmp/tmpxufo8v14/password.txt -s cn=pki1.example.com,o=2021-09-24 09:12:38 -o /tmp/tmpxufo8v14/request.bin
      DEBUG: Command: certutil -C -d /etc/pki/topology-02-CA-gswami/alias -x -f /tmp/tmpwfxioe4q/password.txt -a -i /tmp/tmpjzqtq596/sslserver.csr -o /tmp/tmpjzqtq596/sslserver.crt -m 0 -v 12
      DEBUG: Command: certutil -A -d /etc/pki/topology-02-CA-gswami/alias -f /tmp/tmpwfxioe4q/internal_password.txt -n Server-Cert cert-topology-02-CA-gswami -a -i /tmp/tmpjzqtq596/sslserver.crt -t CTu,CTu,CTu
      Notice: Trust flag u is set automatically if the private key is present.
      INFO: Creating new security domain
      INFO: Using CA at https://pki1.example.com:8443
      INFO: Storing subsystem config: /var/lib/pki/topology-02-CA-gswami/ca/conf/CS.cfg
      INFO: Storing registry config: /var/lib/pki/topology-02-CA-gswami/ca/conf/registry.cfg
      INFO: Removing existing database
      DEBUG: Command: /usr/sbin/runuser -u pkiuser – /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/:/var/lib/pki/topology-02-CA-gswami/common/lib/:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/topology-02-CA-gswami -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/topology-02-CA-gswami/temp -Djava.util.logging.config.file=/etc/pki/topology-02-CA-gswami/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-remove --force --debug
      org.mozilla.jss.NoSuchTokenException: No such token: thalesLunaQE
      at org.mozilla.jss.CryptoManager.getTokenByName(CryptoManager.java:187)
      at org.apache.tomcat.util.net.jss.TomcatJSS.getToken(TomcatJSS.java:518)
      at org.apache.tomcat.util.net.jss.TomcatJSS.login(TomcatJSS.java:473)
      at org.apache.tomcat.util.net.jss.TomcatJSS.login(TomcatJSS.java:467)
      at org.apache.tomcat.util.net.jss.TomcatJSS.init(TomcatJSS.java:420)
      at org.dogtagpki.server.cli.SubsystemDBRemoveCLI.execute(SubsystemDBRemoveCLI.java:72)
      at org.dogtagpki.cli.CommandCLI.execute(CommandCLI.java:58)
      at org.dogtagpki.cli.CLI.execute(CLI.java:357)
      at org.dogtagpki.cli.CLI.execute(CLI.java:357)
      at org.dogtagpki.cli.CLI.execute(CLI.java:357)
      at org.dogtagpki.server.cli.PKIServerCLI.execute(PKIServerCLI.java:93)
      at org.dogtagpki.server.cli.PKIServerCLI.main(PKIServerCLI.java:123)
      CalledProcessError: Command '['/usr/sbin/runuser', '-u', 'pkiuser', '--', '/usr/lib/jvm/jre-1.8.0-openjdk/bin/java', '-classpath', '/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/topology-02-CA-gswami/common/lib/*:/usr/share/pki/lib/*', '-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory', '-Dcatalina.base=/var/lib/pki/topology-02-CA-gswami', '-Dcatalina.home=/usr/share/tomcat', '-Djava.endorsed.dirs=', '-Djava.io.tmpdir=/var/lib/pki/topology-02-CA-gswami/temp', '-Djava.util.logging.config.file=/etc/pki/topology-02-CA-gswami/logging.properties', '-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager', '-Dcom.redhat.fips=false', 'org.dogtagpki.server.cli.PKIServerCLI', 'ca-db-remove', '--force', '--debug']' returned non-zero exit status 255.
      File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 575, in main
      scriptlet.spawn(deployer)
      File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", line 594, in spawn
      subsystem.remove_database(force=True)
      File "/usr/lib/python3.6/site-packages/pki/server/subsystem.py", line 1027, in remove_database
      self.run(cmd, as_current_user=as_current_user)
      File "/usr/lib/python3.6/site-packages/pki/server/subsystem.py", line 1653, in run
      check=True)
      File "/usr/lib64/python3.6/subprocess.py", line 438, in run
      output=stdout, stderr=stderr)

      Installation failed: Command failed: /usr/sbin/runuser -u pkiuser – /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/:/var/lib/pki/topology-02-CA-gswami/common/lib/:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/topology-02-CA-gswami -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/topology-02-CA-gswami/temp -Djava.util.logging.config.file=/etc/pki/topology-02-CA-gswami/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-remove --force --debug

      Please check pkispawn logs in /var/log/pki/pki-ca-spawn.20210924091238.log

      Expected results:

      CA Should be installed.

      Additional info:

              cfu@redhat.com Christina Fu
              rhn-support-gswami Gaurav Swami (Inactive)
              RH Bugzilla Integration RH Bugzilla Integration
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: