Certificate Event plugin not found - DogTagCAPlugin

asked 2015-09-15 03:36:06 -0500

KurinchiMalar gravatar image

updated 2015-09-15 07:39:12 -0500

Platform: CentOS 6.7 pki-ca : pki-ca-9.0.3-43.el6.noarch

I am getting the following exception in Barbican log while trying to enroll a certificate.

plugin_name', 'barbican.plugin.dogtag.DogtagCAPlugin')   
ERROR barbican.tasks.resources [req-- - -]**Could not perform processing for task 'Process TypeOrder'**.
2015-09-15 06:58:55.145 28822 ERROR barbican.tasks.resources Traceback (most recent call last):

2015-09-15 06:58:55.145 28822 ERROR barbican.tasks.resources CertificateEventPluginNotFound: **Certificate event plugin not found.**

Configured DogTag Plugin details:

{"status": "ACTIVE", "updated": "2015-09-15T11:38:18.137685", "created": "2015-09-15T11:38:18.137685", "plugin_name": "barbican.plugin.dogtag.DogtagCAPlugin", "meta": [{"name": "Dogtag CA"}, {"description": "Certificate Authority - Dogtag CA"}], "ca_id": "3cdc5962-7e0d-4f43-bc6b-31a6b5c105c8", "plugin_ca_id": "Dogtag CA", "expiration": "2015-09-16T11:38:18.126492"}


pem_path = '/etc/barbican/kra_admin_cert.pem'
dogtag_host = x.x.x.x
dogtag_port = 9444
nss_db_path = '/etc/barbican/alias'
nss_db_path_ca = '/etc/barbican/alias-ca'
nss_password = 'password'
simple_cmc_profile= 'caServerCert'
approved_profile_list= 'caServerCert'

namespace = barbican.secretstore.plugin
enabled_secretstore_plugins = dogtag_crypto

namespace = barbican.certificate.plugin
enabled_certificate_plugins = dogtag

namespace = barbican.certificate.event.plugin
enabled_certificate_event_plugins = simple_certificate
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-09-30 14:21:24 -0500

The problem is likely that you are using an old version of Dogtag. The Dogtag python client that supports cert issuance is only on Dogtag 10. I know that is available on Fedora 22 or RHEL 7.X (Centos 7.X).

edit flag offensive delete link more


If you are looking for Centos builds, Dogtag 10.x is available in various copr builds. You need pki-ca and pki-kra.

https://copr.fedoraproject.org/coprs/mkosek/freeipa/ (https://copr.fedoraproject.org/coprs/...) includes Dogtag 10.2.X builds.

As these builds are in RHEL 7.1, they should be released in the Centos 7.1 repos eventually

vakwetu gravatar imagevakwetu ( 2015-10-08 10:08:30 -0500 )edit

For more recent builds -- ie. to get the subca feature, I've created Centos 7 builds for Dogtag 10.3. These are ongoing development builds. Dogtag 10.3 is expected to be released with Fedora 24.

https://copr.fedoraproject.org/coprs/vakwetu/dogtag_10.3_test_builds/ (https://copr.fedoraproject.org/coprs/...)

vakwetu gravatar imagevakwetu ( 2015-10-08 10:10:42 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-09-15 03:36:06 -0500

Seen: 138 times

Last updated: Sep 15 '15