Ask Your Question
0

Certificate Event plugin not found - DogTagCAPlugin

asked 2015-09-15 03:36:06 -0600

KurinchiMalar gravatar image

updated 2015-09-15 07:39:12 -0600

Platform: CentOS 6.7 pki-ca : pki-ca-9.0.3-43.el6.noarch

I am getting the following exception in Barbican log while trying to enroll a certificate.

plugin_name', 'barbican.plugin.dogtag.DogtagCAPlugin')   
ERROR barbican.tasks.resources [req-- - -]**Could not perform processing for task 'Process TypeOrder'**.
2015-09-15 06:58:55.145 28822 ERROR barbican.tasks.resources Traceback (most recent call last):

2015-09-15 06:58:55.145 28822 ERROR barbican.tasks.resources CertificateEventPluginNotFound: **Certificate event plugin not found.**

Configured DogTag Plugin details:

---------------------------------------
{"status": "ACTIVE", "updated": "2015-09-15T11:38:18.137685", "created": "2015-09-15T11:38:18.137685", "plugin_name": "barbican.plugin.dogtag.DogtagCAPlugin", "meta": [{"name": "Dogtag CA"}, {"description": "Certificate Authority - Dogtag CA"}], "ca_id": "3cdc5962-7e0d-4f43-bc6b-31a6b5c105c8", "plugin_ca_id": "Dogtag CA", "expiration": "2015-09-16T11:38:18.126492"}

Barbican.conf

[dogtag_plugin]
pem_path = '/etc/barbican/kra_admin_cert.pem'
dogtag_host = x.x.x.x
dogtag_port = 9444
nss_db_path = '/etc/barbican/alias'
nss_db_path_ca = '/etc/barbican/alias-ca'
nss_password = 'password'
simple_cmc_profile= 'caServerCert'
approved_profile_list= 'caServerCert'

[secretstore]
namespace = barbican.secretstore.plugin
enabled_secretstore_plugins = dogtag_crypto

[certificate]
namespace = barbican.certificate.plugin
enabled_certificate_plugins = dogtag

[certificate_event]
namespace = barbican.certificate.event.plugin
enabled_certificate_event_plugins = simple_certificate
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-09-30 14:21:24 -0600

The problem is likely that you are using an old version of Dogtag. The Dogtag python client that supports cert issuance is only on Dogtag 10. I know that is available on Fedora 22 or RHEL 7.X (Centos 7.X).

edit flag offensive delete link more

Comments

If you are looking for Centos builds, Dogtag 10.x is available in various copr builds. You need pki-ca and pki-kra.

https://copr.fedoraproject.org/coprs/mkosek/freeipa/ (https://copr.fedoraproject.org/coprs/...) includes Dogtag 10.2.X builds.

As these builds are in RHEL 7.1, they should be released in the Centos 7.1 repos eventually

vakwetu gravatar imagevakwetu ( 2015-10-08 10:08:30 -0600 )edit

For more recent builds -- ie. to get the subca feature, I've created Centos 7 builds for Dogtag 10.3. These are ongoing development builds. Dogtag 10.3 is expected to be released with Fedora 24.

https://copr.fedoraproject.org/coprs/vakwetu/dogtag_10.3_test_builds/ (https://copr.fedoraproject.org/coprs/...)

vakwetu gravatar imagevakwetu ( 2015-10-08 10:10:42 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-09-15 03:36:06 -0600

Seen: 108 times

Last updated: Sep 15 '15