I can’t register users via webadmin.All points into admin help related to has been noted. All topics here have been attended.
all my steps:
-
CA Task running
-
CA DB created and configured
-
CAKeyfile created
-
server keyfile created
-
certificat request db created and configured
-
the Certificate has been merged into the keyring
-
keyfile.kyr and keyfile.sth in data directory
-
ssl into server document “Ports” enabled
-
migrate cert.id to CA process
-
create a new internet certifier
-
Setting up Internet clients for SSL client authentication
environment:
SuSE Linux 8.1
Notes/Domino 6.0.1
part. server with its own ip an hostname
tests:
-
access database certreq.nsf via http >> ok
-
access database certreq.nsf via https >> ok
-
ssl client autenthication works (ask for certificate)
-
tell http show security says:
ssl enabled
Key file name:
Secure server not started Waiting for HTTPS request
-
access webadmin.nsf via https >> ok, but console says:
HTTP Server: SSL handshake failure, IP address [10.10.1.8], Keyring [keyfile.kyr], [SSL Error: Keyring File access error], code [4165]
-access Poeple > Register… > follow errors
No certificate Authority (CA) configured certifier available for this domain.
and
You are not auth… RA and cannot perform any registrations.
What should I still doing ???
Subject: 2 different things
The ssl handshake error on the server console accessing the webadmin.nsf db via https:// has nothing to do with the fact that you get warnings when attempting to perform user registrations.
The warning"No certificate Authority (CA) configured certifier available for this domain." means that there is no Notes(!)-certifier which has been migrated to a CA. The registration code looks only for CA-enabled notes certifiers. The 2nd error message is in this case a redundant/related error, saying that it couldn’t find you as an RA (Registration authority), simply because there are no CA-enabled notes certifiers in the 1st place.
Thomas - IBM
Subject: RE: 2 different things
Hi Thomas,
I’m be sure I did migrated an Notes Certifier to a CA.
says the following log entries that I’m doing right?
CA Process Status:
-
O=ACME
Certifier Type:Notes
Active:Yes
ICL DB Path: icl\icl_5460.nsf
-
CN=ACME Internet Zertifikat/O=ACME/ST=Deutschland/C=DE
Certifier Type: Internet
Active:Yes
ICL DB Path: icl\icl_ACME.nsf
Marcel
Subject: RE: 2 different things
The 1st certifier “1. O=ACME, Certifier Type:Notes” should work fine, based on what you wrote. Is the CA process running on the same server where you run http with webadmin?
Subject: RE: 2 different things
Yes thats right. The CA process and the HTTP (webadmin)are running on the same maschine.
Marcel
Subject: RE: 2 different things
It could be that AdminP didn’t finish its work to setup the various CA infrastructure pieces required for this to work.You can expedite it by entering tell adminp process all on your server console and then re-load webadmin.
Also, make sure that both the server name running webadmin and your admin name are listed as RAs (Registration Authorities), otherwise you won’t be able to use the CA from webadmin.
Subject: RE: 2 different things
Hi Thomas,
now everything is working fine :-).
Thr server entry as RA was that thing to know.
Thank you very much!
Marcel