PKI Server startup in DSTrace + pki

geoffc

By: geoffc

June 13, 2011 10:57 am

Reads: 200

Comments:0

Rating:5.0

Novell eDirectory has included a simple Certificate Authority as part of the base product for quite some time now. As far back as NetWare 5 I think it was added. This is part of the Novell PKI (Private Key Infrastructure) and in fact, on NetWare is loaded as PKI.NLM, and on other platforms as npki usually. This is supported on every platform that eDirectory can run on. Thus there is a Linux, Solaris, Windows, NetWare (Though no longer really supported on NetWare, alas, due to its end of life), and AIX version.

The PKI module runs in the eDirectory memory space, and the primary debugging tool is DSTrace. DSTrace is a great tool and it is nice when there is an option in it to trace out some product.

I remember when I had a server that had a bizarre eDirectory problem, and I could not figure out what was going on. There was no error code provided, so I did not really have anywhere to start troubleshooting from other than being told there was an error. Usually you find some error, look it up in Google and see what you can find. In the end, I did enabled every trace option in DSTrace, wrote it out to a file, generated the error case, then searched the trace file for the word ERROR and I found it. It turned out to be a disk space error, but the user interface was not reporting the error out. In that case the DSREPAIR tag for DSTrace showed me the issue. I probably never would have considered turning that flag on to try and find the error, but by turning everything on, and flooding the log I was able to find the problem.

There are several ways to get access too and view DSTrace output. I tried to summarize the various options in this article I wrote a while back: The Many Faces of DSTRACE

These options should be enough to get you following along and looking at interesting things in your environment! (Try iMonitor! That is interesting as it logs every request made through the HTTP interface, very interesting to see, if mostly useless)

Anyway, a surprising number of things can generate logging in DSTrace, and some of them can be quite instructive in what is shown, for better understanding what is going on under the covers of the otherwise silent application, and once you run into a problem, how to troubleshoot it.

For example, I have written about troubleshooting AFP (AppleShare File Protocol) and CIFS (Common Internet File System) access on NetWare in this article:
Example of Troubleshooting AFP NMAS Issues

Now really that was troubleshooting NMAS (Novell Modular Authentication Services) which is what provides the underlying authentication services to AFP and CIFS on NetWare and OES Linux, but you get the idea.

Here is an article about how you might use DSTrace to see what an LDAP authenticating application is doing, and why it is not working. This one was fun, as I could show from the trace that they took a sort of silly approach to fix it, instead of the simple fix: Troubleshooting an External LDAP Application (SAP GRC)

In both those cases, I specifically left lots of trace in the articles, because I think that having what a correctly working system looks like available in the Google cache and what the errors look like can be very helpful in terms of helping people who need it, to find the article. My expectation with those is that people will find one of the issues I discuss, probably in the middle of the process (since it is never a single issue, it is an onion with many layers to be peeled back) and then either forwards or backwards, one of the troubleshooting steps I demonstrate will be helpful.

I have written dozens of articles about Novell Identity Manager where DSTrace is used to show or fix a problem. In fact the primary tool for understanding and debugging IDM issues is DSTrace. (There is a Log option that confuses every first timer, but the log is basically useless for troubleshooting, it is DSTrace with the DirXML and DirXML Drivers tags that you need enabled to do anything meaningful.

If you happen to be interested in DSTrace for Identity Manager, the best written articles on this series that I have seen so far are by Fernando Frietas, a really nice guy who works at Novell Technical Support. If you are working with IDM, I highly recommend you read these articles:

Another application that I had not realized had useful information in trace is the PKI module. I was working on an issue with a client, and to try and isolate the problem I turned on the PKI option in DSTrace. The output was quite interesting.

I will include it all wordy as it is, since I think having it in the Google cache means the odds of someone finding this article is greater. Then I will continue and point out some highlights I see in the trace.

Let’s start with a simple load of the PKI module, with the trace switch on. As of eDirectory 8.8.3 I think, when you restart eDirectory, it will automatically run the equivalent of the old PKIDIAG command. They now call it a PKI Health Check, which is fine as well. This does not correct every error case, but handles the most common ones, like expired certificates, which is very helpful. But it does take an eDirectory restart (or perhaps a PKI reload) to make it happen. This is why in Novell Access Manager they were able to say in NAM 3.1.2 that they repair certificates automatically, since they use this code base for eDirectory as well. Or at least a portion of that is related to this function.

One of the first things you can see the PKI do is try to open the CRL, (Certificate Revocation List).

16:32:28 8ED365A0 PKI: Entering openCRLDataBase with NULL for CRLConfigDN
16:32:28 8ED365A0 PKI: openCRLDataBase: FlmDbOpen 0

This lists any certificates that were issued in the past and have since been revoked, and thus should not be valid. This is important as otherwise there would be no way to break a certificate in case of a security breach or the like. In the PKI world, this has mostly been superceded by the notion of an OCSP Responder, which does the same thing, but in a more distributed and replicated fashion. Cryptovision (www.cryptovision.com) out of Germany has a very nice PKI system for eDirectory that uses OCSP and does a lot more than the built in CA in eDirectory provides.

You can see from the trace that there is no distinguished name specified for the CRL object, which is also normal. You do not have to define one, but you could. Also we see that the CRL Database is yet another FLAIM database. FLAIM is the underlying database that powers eDirectory and in fact GroupWise. This change was made back when eDirectory switched to 8.x versioning. Alas the version of FLAIM used in eDirectory is much newer than the one in GroupWise, which did not upgrade due to compatibility issues. In fact there is an open source version of FLAIM available to look at.

We will see a little lower in the trace that another error due to the lack of a CRL object specified with this line of trace:

16:32:28 8ED365A0 PKI: copyCAToCRLConfig: Unable to read the CRL Configuration DN List (-603)

The 603 error is attribute not found. Which is correct, if no CRL is defined, then there is no value in the attribute linking to the CRL object.

Which we see more clearly a line or three later:

16:32:28 8ED365A0 PKI: GetCRLConfigDNList:missing or invalid ndspkiCRLConfigurationDNList attribute(-603)

A bunch of modules load up next, some reporting of cryptographic strengths, and then a report about the age limits on the certificate authorities. In the PKI world, every thing usually has a start and end date. In this case we see three CA’s of interest.

16:32:28 8ED365A0 PKI: NICI MU CA validFrom 34AC2DC4 -- Thu Jan 1 23:59:00 1998
16:32:28 8ED365A0 PKI: NICI MU CA validTo 7C5131C4 -- Sun Feb 3 23:59:00 2036
16:32:28 8ED365A0 PKI: Orginizational CA validFrom 3BB3569C -- Thu Sep 27 16:41:00 2001
16:32:28 8ED365A0 PKI: Orginizational CA validTo 4E8218BC -- Tue Sep 27 18:41:00 2011
16:32:28 8ED365A0 PKI: Subordinate CA validFrom 0 -- Thu Jan 1 00:00:00 1970
16:32:28 8ED365A0 PKI: Subordinate CA validTo 0 -- Thu Jan 1 00:00:00 1970

The NICI MU CA is Novell’s if I understand it correctly, and is the Machine Unique key generated based on a seed from Novell. Every machine has a different value. This is why it is critical to back up the NICI keys with your eDirectory backups, else the restore is useless. The NICI keys are used to decrypt passwords and whatnot in eDirectory. The NICI MU is used to sign the Organizational CA, which you can see (the CA) if due to expire in Sept 2011, which will be a bit of a pain! It had a 10 year run, but it is about to run out. At that point, there is no choice but to recreate the Certificate Authority, and then recreate all the certificates that it generated. The process of recreating the CA means a new Public Key – Private Key pair, and thus all the old certificates get invalidated as their parent that signed them is no longer valid.

The better news is that the default CA age went to 2037 from 10 years, since that is when CTIME (32 bit signed integer representing the count of seconds since Jan 1, 1970) runs out. Thus recreating a CA now buys us a few more decades, but we will have to do something about that 2037 problem one of these days.

You also see that the Subordinate CA has no real time stamp. (0 in CTIME is basically Jan 1, 1970 at midnight)

Then the health check begins. This should look familiar as it looks just like the PKIDIAG output screen.

16:32:28 8ED365A0 PKI: AllocCriticalSectionMutex: Error = 0
16:32:28 8ED365A0 PKI: AllocCriticalSectionMutex: Error = 0
16:32:28 8ED365A0 PKI: Entering openCRLDataBase with NULL for CRLConfigDN
16:32:28 8ED365A0 PKI: openCRLDataBase: FlmDbOpen 0
16:32:28 8ED365A0 PKI: Need to create new CRL any 0 this #0
16:32:28 8ED365A0 PKI: Entering GetCRLConfigDNList
16:32:28 8ED365A0 PKI: Entering PKI_GetWorkingCAs
16:32:28 8ED365A0 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
16:32:28 8ED365A0 PKI: GetSecurityObjectName: Security Container type SAS:Security
16:32:28 8ED365A0 PKI: PKI_GetWorkingCAs: treeCADN = Acme CA.Security
16:32:28 8ED365A0 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
16:32:28 8ED365A0 PKI: PKI_GetWorkingCAs: This Server is the host server!
16:32:28 8ED365A0 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
16:32:28 8ED365A0 PKI: PKI_StoreCAInfo: Mission Accomplished
16:32:28 8ED365A0 PKI: Entering copySSCertificate: (0)
16:32:28 8ED365A0 PKI: Exiting copySSCertificate: (-614)
16:32:28 8ED365A0 PKI: Entering copyCAToCRLConfig: (0)
16:32:28 8ED365A0 PKI: copyCAToCRLConfig: Unable to read the CRL Configuration DN List (-603)
16:32:28 8ED365A0 PKI: Exiting PKI_GetWorkingCAs ccode = 0
16:32:28 8ED365A0 PKI: Trying to resolve to Acme CA.Security
16:32:28 8ED365A0 PKI: Trying to resolve to Acme CA.Security
16:32:28 8ED365A0 PKI: GetCRLConfigDNList:missing or invalid ndspkiCRLConfigurationDNList attribute(-603)
16:32:28 8ED365A0 PKI: Cleaning up GetCRLConfigDNList
16:32:28 8ED365A0 PKI: openCRLDataBase: exiting with -603, crlIdentifier 0
16:32:28 8ED365A0 PKI: Create Context succeded from Startup
16:32:28 8ED365A0 PKI:
16:32:28 8ED365A0 PKI: PKMAIN.C was compiled Aug 15 2007 at 18:24:59
16:32:28 8ED365A0 PKI: NLM Handle = 0x8F54DB00
16:32:28 8ED365A0 PKI: NLM ID = 0x000000A6
16:32:28 8ED365A0 PKI: Thread Group ID = 0x000000F5
16:32:28 8ED365A0 PKI: Dclient Context Handle = 0x6F750002
16:32:28 8ED365A0 PKI: CCS/NICI module strength = 3 (domestic)
16:32:28 8ED365A0 PKI: Max RSA key size (from Xeng) = 4096 bits
16:32:28 8ED365A0 PKI: Max RSA key size (signing) = 4096 bits
16:32:28 8ED365A0 PKI: Max RSA key size (data enc.) = 4096 bits
16:32:28 8ED365A0 PKI: Max RSA key size (key enc.) = 4096 bits
16:32:28 8ED365A0 PKI: Entering PKI_GetWorkingCAs
16:32:28 8ED365A0 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
16:32:28 8ED365A0 PKI: GetSecurityObjectName: Security Container type SAS:Security
16:32:28 8ED365A0 PKI: PKI_GetWorkingCAs: treeCADN = Acme CA.Security
16:32:28 8ED365A0 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
16:32:28 8ED365A0 PKI: PKI_GetWorkingCAs: This Server is the host server!
16:32:28 8ED365A0 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
16:32:28 8ED365A0 PKI: PKI_StoreCAInfo: Mission Accomplished
16:32:28 8ED365A0 PKI: Exiting PKI_GetWorkingCAs ccode = 0
16:32:28 8ED365A0 PKI: Working CAs mask = 1 (Tree Root CA)
16:32:28 8ED365A0 PKI: Entering PKI_ReadMachineUniqueCA()...
16:32:28 8ED365A0 PKI: PKI_ReadMachineUniqueCA() returned 0
16:32:28 8ED365A0 PKI: Entering x509Decode
16:32:28 8ED365A0 PKI: certDataLen 1114
16:32:28 8ED365A0 PKI: 1st check succeeded
16:32:28 8ED365A0 PKI: 2nd check succeeded
16:32:28 8ED365A0 PKI: curMax 1110
16:32:28 8ED365A0 PKI: 3rd check succeeded
16:32:28 8ED365A0 PKI: curMax 998
16:32:28 8ED365A0 PKI: 4th check succeeded
16:32:28 8ED365A0 PKI: Malloc succeeded
16:32:28 8ED365A0 PKI: Entering PKI_GetWorkingCAs
16:32:28 8ED365A0 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
16:32:28 8ED365A0 PKI: GetSecurityObjectName: Security Container type SAS:Security
16:32:28 8ED365A0 PKI: PKI_GetWorkingCAs: treeCADN = Acme CA.Security
16:32:28 8ED365A0 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
16:32:28 8ED365A0 PKI: PKI_GetWorkingCAs: This Server is the host server!
16:32:28 8ED365A0 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
16:32:28 8ED365A0 PKI: PKI_StoreCAInfo: Mission Accomplished
16:32:28 8ED365A0 PKI: Exiting PKI_GetWorkingCAs ccode = 0
16:32:28 8ED365A0 PKI: Entering x509Decode
16:32:28 8ED365A0 PKI: certDataLen 1243
16:32:28 8ED365A0 PKI: 1st check succeeded
16:32:28 8ED365A0 PKI: 2nd check succeeded
16:32:28 8ED365A0 PKI: curMax 1239
16:32:28 8ED365A0 PKI: 3rd check succeeded
16:32:28 8ED365A0 PKI: curMax 1082
16:32:28 8ED365A0 PKI: 4th check succeeded
16:32:28 8ED365A0 PKI: Malloc succeeded
16:32:28 8ED365A0 PKI: NICI MU CA validFrom 34AC2DC4 -- Thu Jan 1 23:59:00 1998
16:32:28 8ED365A0 PKI: NICI MU CA validTo 7C5131C4 -- Sun Feb 3 23:59:00 2036
16:32:28 8ED365A0 PKI: Orginizational CA validFrom 3BB3569C -- Thu Sep 27 16:41:00 2001
16:32:28 8ED365A0 PKI: Orginizational CA validTo 4E8218BC -- Tue Sep 27 18:41:00 2011
16:32:28 8ED365A0 PKI: Subordinate CA validFrom 0 -- Thu Jan 1 00:00:00 1970
16:32:28 8ED365A0 PKI: Subordinate CA validTo 0 -- Thu Jan 1 00:00:00 1970
16:32:28 8ED365A0 PKI:
16:32:28 8ED365A0 PKI: _____________________________________________________________________________
16:32:28 8ED365A0 PKI: PKIHealthCheck -- PKI Server is version 3.30
16:32:28 8ED365A0 PKI: Compiled Aug 15 2007 at 18:24:56
16:32:28 8ED365A0 PKI: Run at: Mon Mar 2 21:32:28 2009
16:32:28 8ED365A0 PKI: _____________________________________________________________________________
16:32:28 8ED365A0 PKI: Organiztional CA DN: Acme CA.Security
16:32:28 8ED365A0 PKI: Step 0 Check if this server should be an SDI Key Server.
16:32:28 8ED365A0 PKI: Testing for keyfile -- SYS:\system\nici\nicisdi.key.
16:32:28 8ED365A0 PKI: keyfile size 493.
16:32:28 8ED365A0 PKI: This server is already in the list.
16:32:28 8ED365A0 PKI: Step 0 succeeded.
16:32:28 8ED365A0 PKI: Step 1 Verifying the Server's link to the SAS Service Object.
16:32:28 8ED365A0 PKI: Server 'ACME9.ACME' points to SAS Service object 'SAS Service - ACME9.ACME'
16:32:28 8ED365A0 PKI: Step 1 succeeded.
16:32:28 8ED365A0 PKI: Step 2 Verifying the SAS Service Object
16:32:28 8ED365A0 PKI: SAS Service object 'SAS Service - ACME9.ACME' is backlinked to server 'ACME9.ACME'.
16:32:28 8ED365A0 PKI: Step 2 succeeded.
16:32:28 8ED365A0 PKI: Step 3 Verifying the links to the KMOs
16:32:28 8ED365A0 PKI: Reading the links for SAS Service object 'SAS Service - ACME9.ACME'.
16:32:28 8ED365A0 PKI: --> No KMOs are linked to Service object 'SAS Service - ACME9.ACME'.
16:32:28 8ED365A0 PKI: Step 3 succeeded.
16:32:28 8ED365A0 PKI: Step 4 Verifying the KMOs
16:32:28 8ED365A0 PKI: ---> Testing KMO 'SSL CertificateIP - ACME09.ACME'.
16:32:28 8ED365A0 PKI: NotBefore 20071108210346
16:32:28 8ED365A0 PKI: NotAfter 20091107210346
16:32:28 8ED365A0 PKI: Successfully added NotBefore and NotAfter fields
16:32:28 8ED365A0 PKI: Rights check -- OK.
16:32:28 8ED365A0 PKI: ERROR -603 reading host server attributes for KMO 'SSL CertificateIP - ACME09.ACME'.
16:32:28 8ED365A0 PKI: Private Key -- Failed.
16:32:28 8ED365A0 PKI: ---> Testing KMO 'SSL CertificateIP - ACME01.ACME'.
16:32:28 8ED365A0 PKI: NotBefore 20071108193329
16:32:28 8ED365A0 PKI: NotAfter 20091107193329
16:32:28 8ED365A0 PKI: Successfully added NotBefore and NotAfter fields
16:32:28 8ED365A0 PKI: Rights check -- OK.
16:32:28 8ED365A0 PKI: ERROR -603 reading host server attributes for KMO 'SSL CertificateIP - ACME01.ACME'.
16:32:28 8ED365A0 PKI: Private Key -- Failed.
16:32:29 8ED365A0 PKI: ---> Testing KMO 'SSL CertificateDNS - ACME09.ACME'.
16:32:29 8ED365A0 PKI: NotBefore 20071108210346
16:32:29 8ED365A0 PKI: NotAfter 20091107210346
16:32:29 8ED365A0 PKI: Successfully added NotBefore and NotAfter fields
16:32:29 8ED365A0 PKI: Rights check -- OK.
16:32:29 8ED365A0 PKI: ERROR -603 reading host server attributes for KMO 'SSL CertificateDNS - ACME09.ACME'.
16:32:29 8ED365A0 PKI: Private Key -- Failed.
16:32:29 8ED365A0 PKI: ---> Testing KMO 'SSL CertificateDNS - ACME01.ACME'.
16:32:29 8ED365A0 PKI: NotBefore 20071108193329
16:32:29 8ED365A0 PKI: NotAfter 20091107193329
16:32:29 8ED365A0 PKI: Successfully added NotBefore and NotAfter fields
16:32:29 8ED365A0 PKI: Rights check -- OK.
16:32:29 8ED365A0 PKI: ERROR -603 reading host server attributes for KMO 'SSL CertificateDNS - ACME01.ACME'.
16:32:29 8ED365A0 PKI: Private Key -- Failed.
16:32:29 8ED365A0 PKI: ---> Testing KMO 'IP AG 192\.168\.166\.33 - ACME09.ACME'.
16:32:29 8ED365A0 PKI: NotBefore 20060326221739
16:32:29 8ED365A0 PKI: NotAfter 20080325221739
16:32:29 8ED365A0 PKI: Successfully added NotBefore and NotAfter fields
16:32:29 8ED365A0 PKI: Rights check -- OK.
16:32:29 8ED365A0 PKI: ERROR -603 reading host server attributes for KMO 'IP AG 192\.168\.166\.33 - ACME09.ACME'.
16:32:29 8ED365A0 PKI: Private Key -- Failed.
16:32:29 8ED365A0 PKI: ---> Testing KMO 'DNS AG ACME09 - ACME09.ACME'.
16:32:29 8ED365A0 PKI: NotBefore 20060326221739
16:32:29 8ED365A0 PKI: NotAfter 20080325221739
16:32:29 8ED365A0 PKI: Successfully added NotBefore and NotAfter fields
16:32:29 8ED365A0 PKI: Rights check -- OK.
16:32:29 8ED365A0 PKI: ERROR -603 reading host server attributes for KMO 'DNS AG ACME09 - ACME09.ACME'.
16:32:29 8ED365A0 PKI: Private Key -- Failed.
16:32:29 8ED365A0 PKI: ---> Testing KMO 'DNS AG 192\.168\.166\.33 - ACME09.ACME'.
16:32:29 8ED365A0 PKI: NotBefore 20060326221814
16:32:29 8ED365A0 PKI: NotAfter 20080325221814
16:32:29 8ED365A0 PKI: Successfully added NotBefore and NotAfter fields
16:32:29 8ED365A0 PKI: Rights check -- OK.
16:32:29 8ED365A0 PKI: ERROR -603 reading host server attributes for KMO 'DNS AG 192\.168\.166\.33 - ACME09.ACME'.
16:32:29 8ED365A0 PKI: Private Key -- Failed.
16:32:29 8ED365A0 PKI: Step 4 succeeded.
16:32:29 8ED365A0 PKI: Step 5 Re-verifying the links to the KMOs
16:32:29 8ED365A0 PKI: INFO: kmo SSL CertificateIP - ACME09.ACME is not back linked to any server. It should probably be deleted.
16:32:29 8ED365A0 PKI: INFO: kmo SSL CertificateIP - ACME01.ACME is not back linked to any server. It should probably be deleted.
16:32:29 8ED365A0 PKI: INFO: kmo SSL CertificateDNS - ACME09.ACME is not back linked to any server. It should probably be deleted.
16:32:29 8ED365A0 PKI: INFO: kmo SSL CertificateDNS - ACME01.ACME is not back linked to any server. It should probably be deleted.
16:32:29 8ED365A0 PKI: INFO: kmo IP AG 192\.168\.166\.33 - ACME09.ACME is not back linked to any server. It should probably be deleted.
16:32:29 8ED365A0 PKI: INFO: kmo DNS AG ACME09 - ACME09.ACME is not back linked to any server. It should probably be deleted.
16:32:29 8ED365A0 PKI: INFO: kmo DNS AG 192\.168\.166\.33 - ACME09.ACME is not back linked to any server. It should probably be deleted.
16:32:29 8ED365A0 PKI: Step 5 succeeded.
16:32:29 8ED365A0 PKI: Step 6 Create Default Certificates
16:32:29 8ED365A0 PKI: Server Self-Provisioning is NOT enabled, so we cannot create certificates.
16:32:29 8ED365A0 PKI: Step 6 succeeded.
16:32:29 8ED365A0 PKI: Step 7 Checking validity of RootCert.der in SYS:\Public
16:32:29 8ED365A0 PKI: Read SYS:\public\rootcert.der -- 1303 bytes.
16:32:29 8ED365A0 PKI: Read CA certificate of length 1303.
16:32:29 8ED365A0 PKI: RootCert.der matchs the CA's certificate.
16:32:29 8ED365A0 PKI: Step 7 succeeded.
16:32:29 8ED365A0 PKI: Note: Occasionally multiple problems will be solved with a single fix.
16:32:29 8ED365A0 PKI: Fixable problems found: 0
16:32:29 8ED365A0 PKI: Problems fixed: 0
16:32:29 8ED365A0 PKI: Un-fixable problems found: 0
16:32:29 8ED365A0 PKI: Staying resident ...
16:32:29 8ED365A0 PKI:
16:32:29 8ED365A0 PKI:
16:32:29 8ED365A0 PKI: Country ID = 2949164
16:32:29 8ED365A0 PKI: Code page = 65973 

I happened to capture the trace from when a Repair Default Certs was issued from iManager. This is the cross platform PKIDIAG approach Novell is taking. They do not wish to maintain binaries for each platform, instead let iManager do it. Of course there is a chicken an egg issue that iManager with a broken cert will usually not start, so using iManager (that is broken due to a bad cert) to fix a bad cert seems implausible. In this case it turns out that any iManager instance that can see your tree over NCP can fix it, so you can use iManager Workstation running on your desktop to connect and fix it.

Here is the trace, for reference. If you read through it, you will see lots of steps, at which you can imagine any number of failures might occur. Now that you have a copy of a mostly working trace, should yours fail at any point, you can look at this one, see how far you got, what should have come next and have a better feel for where your issue lies.

One interesting issue I see is this snippet from the trace:

17:19:58 85BD6040 PKI: PKI_ReadCAPrivateKey: Unable to load CA private key (-1418)
17:19:58 85BD6040 PKI: SC: err from PKI_GenerateCertificateFromCSR = -1418
17:19:58 85BD6040 PKI: PKIVerbHandOff returned -1418
17:19:58 85BD6040 PKI: Exiting PKIVerbHandOff rc = -1418
17:19:58 85BD6040 PKI: Exiting PKIWireRequest err = -1418
17:19:58 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:19:58 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:19:58 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:19:58 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:19:58 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:19:58 85BD6040 PKI: Entering PKI_ReadMachineUniqueCA()...
17:19:58 85BD6040 PKI: PKI_ReadMachineUniqueCA() returned 0
17:19:58 85BD6040 PKI: Entering x509Decode
17:19:58 85BD6040 PKI: certDataLen 1114
17:19:58 85BD6040 PKI: 1st check succeeded
17:19:58 85BD6040 PKI: 2nd check succeeded
17:19:58 85BD6040 PKI: curMax 1110
17:19:58 85BD6040 PKI: 3rd check succeeded
17:19:58 85BD6040 PKI: curMax 998
17:19:58 85BD6040 PKI: 4th check succeeded
17:19:58 85BD6040 PKI: Malloc succeeded
17:19:58 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:19:58 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:19:58 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:19:58 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:19:58 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:19:58 85BD6040 PKI: Entering x509Decode
17:19:58 85BD6040 PKI: certDataLen 1243
17:19:58 85BD6040 PKI: 1st check succeeded
17:19:58 85BD6040 PKI: 2nd check succeeded
17:19:58 85BD6040 PKI: curMax 1239
17:19:58 85BD6040 PKI: 3rd check succeeded
17:19:58 85BD6040 PKI: curMax 1082
17:19:58 85BD6040 PKI: 4th check succeeded
17:19:58 85BD6040 PKI: Malloc succeeded
17:20:01 85BD6040 PKI: Entering PKIWireRequest
17:20:01 85BD6040 PKI: Entering PKIVerbHandOff
17:20:01 85BD6040 PKI: PKIVerbHandOff calling verb 4
17:20:01 85BD6040 PKI: SC: v-3
17:20:01 85BD6040 PKI: cl-945 data-
17:20:01 85BD6040 PKI: SC: hashLen-128
17:20:01 85BD6040 PKI: numInChain-3
17:20:01 85BD6040 PKI: chainLen-3598
17:20:01 85BD6040 PKI: sa-4
17:20:01 85BD6040 PKI: dF-x0
17:20:01 85BD6040 PKI: vf-x49AC409E
17:20:01 85BD6040 PKI: vt-x4D6EA79E
17:20:01 85BD6040 PKI: SC: subjLen-26
17:20:01 85BD6040 PKI: subjDN-.O=NE_IDN.CN=192.168.1.201
17:20:01 85BD6040 PKI: SC: serverLen-14
17:20:01 85BD6040 PKI: serverDN-CN=ACME01.O=ACME

The process tries to read the CA’s private key, and gets an error decrypting it (the 1418 error). It looks for a working CA, realizes it is the server it is running on, ACME09, and works through using the info it needs. It looks like the 1418 error is cosmetic, since it did not affect the working of this server. It still seems to get what is needed, regardless of the error.

Then you can see that it is generating a certificate for the server ACME01. In this case, the iManager being used was connected to ACME09, which held the Certificate Authority service, and thus the connection was not made across the wire. You would see slightly different trace when it has to reach out to get information from a remote server. Something to keep in mind if you trace is not quite identical to my example here.

The good news is that much of the process is readable and seems like it makes sense, which is really helpful when trying to troubleshoot issues.

16:37:14 85A334E0 PKI: Entering PKI_GetWorkingCAs
16:37:14 85A334E0 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
16:37:14 85A334E0 PKI: GetSecurityObjectName: Security Container type SAS:Security
16:37:14 85A334E0 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
16:37:14 85A334E0 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
16:37:14 85A334E0 PKI: PKI_GetWorkingCAs: This Server is the host server!
16:37:14 85A334E0 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
16:37:14 85A334E0 PKI: PKI_StoreCAInfo: Mission Accomplished
16:37:14 85A334E0 PKI: Exiting PKI_GetWorkingCAs ccode = 0
16:37:14 85A334E0 PKI: Entering PKI_ReadMachineUniqueCA()...
16:37:14 85A334E0 PKI: PKI_ReadMachineUniqueCA() returned 0
16:37:14 85A334E0 PKI: Entering x509Decode
16:37:14 85A334E0 PKI: certDataLen 1114
16:37:14 85A334E0 PKI: 1st check succeeded
16:37:14 85A334E0 PKI: 2nd check succeeded
16:37:14 85A334E0 PKI: curMax 1110
16:37:14 85A334E0 PKI: 3rd check succeeded
16:37:14 85A334E0 PKI: curMax 998
16:37:14 85A334E0 PKI: 4th check succeeded
16:37:14 85A334E0 PKI: Malloc succeeded
16:37:14 85A334E0 PKI: Entering PKI_GetWorkingCAs
16:37:14 85A334E0 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
16:37:14 85A334E0 PKI: GetSecurityObjectName: Security Container type SAS:Security
16:37:14 85A334E0 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
16:37:14 85A334E0 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
16:37:14 85A334E0 PKI: PKI_GetWorkingCAs: This Server is the host server!
16:37:14 85A334E0 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
16:37:14 85A334E0 PKI: PKI_StoreCAInfo: Mission Accomplished
16:37:14 85A334E0 PKI: Exiting PKI_GetWorkingCAs ccode = 0
16:37:14 85A334E0 PKI: Entering x509Decode
16:37:14 85A334E0 PKI: certDataLen 1243
16:37:14 85A334E0 PKI: 1st check succeeded
16:37:14 85A334E0 PKI: 2nd check succeeded
16:37:14 85A334E0 PKI: curMax 1239
16:37:14 85A334E0 PKI: 3rd check succeeded
16:37:14 85A334E0 PKI: curMax 1082
16:37:14 85A334E0 PKI: 4th check succeeded
16:37:14 85A334E0 PKI: Malloc succeeded
16:37:15 85A334E0 PKI: Entering PKI_GetWorkingCAs
16:37:15 85A334E0 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
16:37:15 85A334E0 PKI: GetSecurityObjectName: Security Container type SAS:Security
16:37:15 85A334E0 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
16:37:15 85A334E0 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
16:37:15 85A334E0 PKI: PKI_GetWorkingCAs: This Server is the host server!
16:37:15 85A334E0 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
16:37:15 85A334E0 PKI: PKI_StoreCAInfo: Mission Accomplished
16:37:15 85A334E0 PKI: Exiting PKI_GetWorkingCAs ccode = 0
16:37:15 85A334E0 PKI: Entering PKI_ReadMachineUniqueCA()...
16:37:15 85A334E0 PKI: PKI_ReadMachineUniqueCA() returned 0
16:37:15 85A334E0 PKI: Entering x509Decode
16:37:15 85A334E0 PKI: certDataLen 1114
16:37:15 85A334E0 PKI: 1st check succeeded
16:37:15 85A334E0 PKI: 2nd check succeeded
16:37:15 85A334E0 PKI: curMax 1110
16:37:15 85A334E0 PKI: 3rd check succeeded
16:37:15 85A334E0 PKI: curMax 998
16:37:15 85A334E0 PKI: 4th check succeeded
16:37:15 85A334E0 PKI: Malloc succeeded
16:37:15 85A334E0 PKI: Entering PKI_GetWorkingCAs
16:37:15 85A334E0 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
16:37:15 85A334E0 PKI: GetSecurityObjectName: Security Container type SAS:Security
16:37:15 85A334E0 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
16:37:15 85A334E0 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
16:37:15 85A334E0 PKI: PKI_GetWorkingCAs: This Server is the host server!
16:37:15 85A334E0 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
Monday, Mar 2, 2009
16:37:15 85A334E0 PKI: PKI_StoreCAInfo: Mission Accomplished
16:37:15 85A334E0 PKI: Exiting PKI_GetWorkingCAs ccode = 0
16:37:15 85A334E0 PKI: Entering x509Decode
16:37:15 85A334E0 PKI: certDataLen 1243
16:37:15 85A334E0 PKI: 1st check succeeded
16:37:15 85A334E0 PKI: 2nd check succeeded
16:37:15 85A334E0 PKI: curMax 1239
16:37:15 85A334E0 PKI: 3rd check succeeded
16:37:15 85A334E0 PKI: curMax 1082
16:37:15 85A334E0 PKI: 4th check succeeded
16:37:15 85A334E0 PKI: Malloc succeeded
16:37:20 85A334E0 PKI: Entering PKI_GetWorkingCAs
16:37:20 85A334E0 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
16:37:20 85A334E0 PKI: GetSecurityObjectName: Security Container type SAS:Security
16:37:20 85A334E0 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
16:37:20 85A334E0 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
16:37:20 85A334E0 PKI: PKI_GetWorkingCAs: This Server is the host server!
16:37:20 85A334E0 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
16:37:20 85A334E0 PKI: PKI_StoreCAInfo: Mission Accomplished
16:37:20 85A334E0 PKI: Exiting PKI_GetWorkingCAs ccode = 0
16:37:20 85A334E0 PKI: Entering PKI_ReadMachineUniqueCA()...
16:37:20 85A334E0 PKI: PKI_ReadMachineUniqueCA() returned 0
16:37:20 85A334E0 PKI: Entering x509Decode
16:37:20 85A334E0 PKI: certDataLen 1114
16:37:20 85A334E0 PKI: 1st check succeeded
16:37:20 85A334E0 PKI: 2nd check succeeded
16:37:20 85A334E0 PKI: curMax 1110
16:37:20 85A334E0 PKI: 3rd check succeeded
16:37:20 85A334E0 PKI: curMax 998
16:37:20 85A334E0 PKI: 4th check succeeded
16:37:20 85A334E0 PKI: Malloc succeeded
16:37:20 85A334E0 PKI: Entering PKI_GetWorkingCAs
16:37:20 85A334E0 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
16:37:20 85A334E0 PKI: GetSecurityObjectName: Security Container type SAS:Security
16:37:20 85A334E0 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
16:37:20 85A334E0 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
16:37:20 85A334E0 PKI: PKI_GetWorkingCAs: This Server is the host server!
16:37:20 85A334E0 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
16:37:20 85A334E0 PKI: PKI_StoreCAInfo: Mission Accomplished
16:37:20 85A334E0 PKI: Exiting PKI_GetWorkingCAs ccode = 0
16:37:20 85A334E0 PKI: Entering x509Decode
16:37:20 85A334E0 PKI: certDataLen 1243
16:37:20 85A334E0 PKI: 1st check succeeded
16:37:20 85A334E0 PKI: 2nd check succeeded
16:37:20 85A334E0 PKI: curMax 1239
16:37:20 85A334E0 PKI: 3rd check succeeded
16:37:20 85A334E0 PKI: curMax 1082
16:37:20 85A334E0 PKI: 4th check succeeded
16:37:20 85A334E0 PKI: Malloc succeeded
16:37:20 85A334E0 PKI: Entering PKI_GetWorkingCAs
16:37:20 85A334E0 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
16:37:20 85A334E0 PKI: GetSecurityObjectName: Security Container type SAS:Security
16:37:20 85A334E0 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
16:37:20 85A334E0 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
16:37:20 85A334E0 PKI: PKI_GetWorkingCAs: This Server is the host server!
16:37:20 85A334E0 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
16:37:20 85A334E0 PKI: PKI_StoreCAInfo: Mission Accomplished
16:37:20 85A334E0 PKI: Exiting PKI_GetWorkingCAs ccode = 0
16:37:20 85A334E0 PKI: Entering PKI_ReadMachineUniqueCA()...
16:37:20 85A334E0 PKI: PKI_ReadMachineUniqueCA() returned 0
16:37:20 85A334E0 PKI: Entering x509Decode
16:37:20 85A334E0 PKI: certDataLen 1114
16:37:20 85A334E0 PKI: 1st check succeeded
16:37:20 85A334E0 PKI: 2nd check succeeded
16:37:20 85A334E0 PKI: curMax 1110
16:37:20 85A334E0 PKI: 3rd check succeeded
16:37:20 85A334E0 PKI: curMax 998
16:37:20 85A334E0 PKI: 4th check succeeded
16:37:20 85A334E0 PKI: Malloc succeeded
16:37:20 85A334E0 PKI: Entering PKI_GetWorkingCAs
16:37:20 85A334E0 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
16:37:20 85A334E0 PKI: GetSecurityObjectName: Security Container type SAS:Security
16:37:20 85A334E0 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
16:37:20 85A334E0 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
16:37:20 85A334E0 PKI: PKI_GetWorkingCAs: This Server is the host server!
16:37:20 85A334E0 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
16:37:20 85A334E0 PKI: PKI_StoreCAInfo: Mission Accomplished
16:37:20 85A334E0 PKI: Exiting PKI_GetWorkingCAs ccode = 0
16:37:20 85A334E0 PKI: Entering x509Decode
16:37:20 85A334E0 PKI: certDataLen 1243
16:37:20 85A334E0 PKI: 1st check succeeded
16:37:20 85A334E0 PKI: 2nd check succeeded
16:37:20 85A334E0 PKI: curMax 1239
16:37:20 85A334E0 PKI: 3rd check succeeded
16:37:20 85A334E0 PKI: curMax 1082
16:37:20 85A334E0 PKI: 4th check succeeded
16:37:20 85A334E0 PKI: Malloc succeeded
17:12:10 85B13320 PKI: Entering PKIWireRequest
17:12:10 85B13320 PKI: Entering PKIVerbHandOff
17:12:10 85B13320 PKI: PKIVerbHandOff calling verb 5
17:12:10 85B13320 PKI: Entering _PKIGetCertficates taskID: 0
17:12:10 85B13320 PKI: _PKIGetCertificates : ODNLen = 39
17:12:10 85B13320 PKI: GC: v-0
17:12:10 85B13320 PKI: rf-x1
17:12:10 85B13320 PKI: ODNlen-39
17:12:10 85B13320 PKI: PKI_GetCertificates: Reading certs from object CN=ACME Corp CA.CN=Security
17:12:10 85B13320 PKI: Entering PKI_ReturnObjectType()...
17:12:10 85B13320 PKI: Exiting PKI_ReturnObjectType with 2
17:12:10 85B13320 PKI: Entering PKI_GetKeyInfo()...
17:12:10 85B13320 PKI: Entering PKI_ReturnObjectType()...
17:12:10 85B13320 PKI: Exiting PKI_ReturnObjectType with 2
17:12:10 85B13320 PKI: Leaving PKI_GetKeyInfo..... (0)
17:12:10 85B13320 PKI: PKI_GetCertificates: Success!
17:12:10 85B13320 PKI: PKIVerbHandOff returned 0
17:12:10 85B13320 PKI: Exiting PKIVerbHandOff rc = 0
17:12:10 85B13320 PKI: Exiting PKIWireRequest err = 0
17:12:11 85B13320 PKI: Entering PKIWireRequest
17:12:11 85B13320 PKI: Entering PKIVerbHandOff
17:12:11 85B13320 PKI: PKIVerbHandOff calling verb 5
17:12:11 85B13320 PKI: Entering _PKIGetCertficates taskID: 0
17:12:11 85B13320 PKI: _PKIGetCertificates : ODNLen = 47
17:12:11 85B13320 PKI: GC: v-0
17:12:11 85B13320 PKI: rf-x5
17:12:11 85B13320 PKI: ODNlen-47
17:12:11 85B13320 PKI: PKI_GetCertificates: Reading certs from object CN=ACME Corp CA.CN=Security.NE_IDN.
17:12:11 85B13320 PKI: Entering PKI_ReturnObjectType()...
17:12:11 85B13320 PKI: Exiting PKI_ReturnObjectType with 2
17:12:11 85B13320 PKI: Entering PKI_GetKeyInfo()...
17:12:11 85B13320 PKI: Entering PKI_ReturnObjectType()...
17:12:11 85B13320 PKI: Exiting PKI_ReturnObjectType with 2
17:12:11 85B13320 PKI: PKI_GetKeyInfo rootMarker -- 0
17:12:11 85B13320 PKI: PKI_GetKeyInfo index -- 1
17:12:11 85B13320 PKI: PKI_GetKeyInfo rootMarker -- 0
17:12:11 85B13320 PKI: PKI_GetKeyInfo index -- 2
17:12:11 85B13320 PKI: PKI_GetKeyInfo rootMarker -- 0
17:12:11 85B13320 PKI: PKI_GetKeyInfo index -- 3
17:12:11 85B13320 PKI: PKI_GetKeyInfo rootMarker -- 0
17:12:11 85B13320 PKI: PKI_GetKeyInfo index -- 4
17:12:11 85B13320 PKI: PKI_GetKeyInfo rootMarker -- 1
17:12:11 85B13320 PKI: PKI_GetKeyInfo index -- 5
17:12:11 85B13320 PKI: Leaving PKI_GetKeyInfo..... (0)
17:12:11 85B13320 PKI: PKI_GetCertificates: Success!
17:12:11 85B13320 PKI: PKIVerbHandOff returned 0
17:12:11 85B13320 PKI: Exiting PKIVerbHandOff rc = 0
17:12:11 85B13320 PKI: Exiting PKIWireRequest err = 0
17:12:16 85B13320 PKI: Entering PKIWireRequest
17:12:16 85B13320 PKI: Entering PKIVerbHandOff
17:12:16 85B13320 PKI: PKIVerbHandOff calling verb 5
17:12:16 85B13320 PKI: Entering _PKIGetCertficates taskID: 0
17:12:16 85B13320 PKI: _PKIGetCertificates : ODNLen = 39
17:12:16 85B13320 PKI: GC: v-0
17:12:16 85B13320 PKI: rf-x10
17:12:16 85B13320 PKI: ODNlen-39
17:12:16 85B13320 PKI: PKI_GetCertificates: Reading certs from object CN=ACME Corp CA.CN=Security
17:12:16 85B13320 PKI: Entering PKI_ReturnObjectType()...
17:12:16 85B13320 PKI: Exiting PKI_ReturnObjectType with 2
17:12:16 85B13320 PKI: Entering PKI_GetKeyInfo()...
17:12:16 85B13320 PKI: Entering PKI_ReturnObjectType()...
17:12:16 85B13320 PKI: Exiting PKI_ReturnObjectType with 2
17:12:16 85B13320 PKI: Leaving PKI_GetKeyInfo..... (0)
17:12:16 85B13320 PKI: PKI_GetCertificates: Success!
17:12:16 85B13320 PKI: PKIVerbHandOff returned 0
17:12:16 85B13320 PKI: Exiting PKIVerbHandOff rc = 0
17:12:16 85B13320 PKI: Exiting PKIWireRequest err = 0
17:12:36 85B13320 PKI: Entering PKI_GetWorkingCAs
17:12:36 85B13320 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:12:36 85B13320 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:12:36 85B13320 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:12:36 85B13320 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:12:36 85B13320 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:12:36 85B13320 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:12:36 85B13320 PKI: PKI_StoreCAInfo: Mission Accomplished
17:12:36 85B13320 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:12:36 85B13320 PKI: Entering PKI_ReadMachineUniqueCA()...
17:12:36 85B13320 PKI: PKI_ReadMachineUniqueCA() returned 0
17:12:36 85B13320 PKI: Entering x509Decode
17:12:36 85B13320 PKI: certDataLen 1114
17:12:36 85B13320 PKI: 1st check succeeded
17:12:36 85B13320 PKI: 2nd check succeeded
17:12:36 85B13320 PKI: curMax 1110
17:12:36 85B13320 PKI: 3rd check succeeded
17:12:36 85B13320 PKI: curMax 998
17:12:36 85B13320 PKI: 4th check succeeded
17:12:36 85B13320 PKI: Malloc succeeded
17:12:36 85B13320 PKI: Entering PKI_GetWorkingCAs
17:12:36 85B13320 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:12:36 85B13320 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:12:36 85B13320 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:12:36 85B13320 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:12:36 85B13320 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:12:36 85B13320 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:12:36 85B13320 PKI: PKI_StoreCAInfo: Mission Accomplished
17:12:36 85B13320 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:12:36 85B13320 PKI: Entering x509Decode
17:12:36 85B13320 PKI: certDataLen 1243
17:12:36 85B13320 PKI: 1st check succeeded
17:12:36 85B13320 PKI: 2nd check succeeded
17:12:36 85B13320 PKI: curMax 1239
17:12:36 85B13320 PKI: 3rd check succeeded
17:12:36 85B13320 PKI: curMax 1082
17:12:36 85B13320 PKI: 4th check succeeded
17:12:36 85B13320 PKI: Malloc succeeded
17:13:05 85B13320 PKI: Entering PKI_GetWorkingCAs
17:13:05 85B13320 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:13:05 85B13320 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:13:05 85B13320 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:13:05 85B13320 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:13:05 85B13320 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:13:05 85B13320 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:13:05 85B13320 PKI: PKI_StoreCAInfo: Mission Accomplished
17:13:05 85B13320 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:13:05 85B13320 PKI: Entering PKI_ReadMachineUniqueCA()...
17:13:05 85B13320 PKI: PKI_ReadMachineUniqueCA() returned 0
17:13:05 85B13320 PKI: Entering x509Decode
17:13:05 85B13320 PKI: certDataLen 1114
17:13:05 85B13320 PKI: 1st check succeeded
17:13:05 85B13320 PKI: 2nd check succeeded
17:13:05 85B13320 PKI: curMax 1110
17:13:05 85B13320 PKI: 3rd check succeeded
17:13:05 85B13320 PKI: curMax 998
17:13:05 85B13320 PKI: 4th check succeeded
17:13:05 85B13320 PKI: Malloc succeeded
517:13:05 85B13320 PKI: Entering PKI_GetWorkingCAs
17:13:05 85B13320 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:13:05 85B13320 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:13:05 85B13320 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:13:05 85B13320 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:13:05 85B13320 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:13:05 85B13320 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:13:05 85B13320 PKI: PKI_StoreCAInfo: Mission Accomplished
17:13:05 85B13320 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:13:05 85B13320 PKI: Entering x509Decode
17:13:05 85B13320 PKI: certDataLen 1243
17:13:05 85B13320 PKI: 1st check succeeded
17:13:05 85B13320 PKI: 2nd check succeeded
17:13:05 85B13320 PKI: curMax 1239
17:13:05 85B13320 PKI: 3rd check succeeded
17:13:05 85B13320 PKI: curMax 1082
17:13:05 85B13320 PKI: 4th check succeeded
17:13:05 85B13320 PKI: Malloc succeeded
17:14:07 85B13320 PKI: Entering PKIWireRequest
17:14:07 85B13320 PKI: Entering PKIVerbHandOff
17:14:07 85B13320 PKI: PKIVerbHandOff calling verb 5
17:14:07 85B13320 PKI: Entering _PKIGetCertficates taskID: 0
17:14:07 85B13320 PKI: _PKIGetCertificates : ODNLen = 39
17:14:07 85B13320 PKI: GC: v-0
17:14:07 85B13320 PKI: rf-x5
17:14:07 85B13320 PKI: ODNlen-39
17:14:07 85B13320 PKI: PKI_GetCertificates: Reading certs from object CN=ACME Corp CA.CN=Security
17:14:07 85B13320 PKI: Entering PKI_ReturnObjectType()...
17:14:07 85B13320 PKI: Exiting PKI_ReturnObjectType with 2
17:14:07 85B13320 PKI: Entering PKI_GetKeyInfo()...
17:14:07 85B13320 PKI: Entering PKI_ReturnObjectType()...
17:14:07 85B13320 PKI: Exiting PKI_ReturnObjectType with 2
17:14:07 85B13320 PKI: PKI_GetKeyInfo rootMarker -- 0
17:14:07 85B13320 PKI: PKI_GetKeyInfo index -- 1
17:14:07 85B13320 PKI: PKI_GetKeyInfo rootMarker -- 0
17:14:07 85B13320 PKI: PKI_GetKeyInfo index -- 2
17:14:07 85B13320 PKI: PKI_GetKeyInfo rootMarker -- 0
17:14:07 85B13320 PKI: PKI_GetKeyInfo index -- 3
Monday, Mar 2, 2009
17:14:07 85B13320 PKI: PKI_GetKeyInfo rootMarker -- 0
17:14:07 85B13320 PKI: PKI_GetKeyInfo index -- 4
17:14:07 85B13320 PKI: PKI_GetKeyInfo rootMarker -- 1
17:14:07 85B13320 PKI: PKI_GetKeyInfo index -- 5
17:14:07 85B13320 PKI: Leaving PKI_GetKeyInfo..... (0)
17:14:07 85B13320 PKI: PKI_GetCertificates: Success!
17:14:07 85B13320 PKI: PKIVerbHandOff returned 0
17:14:07 85B13320 PKI: Exiting PKIVerbHandOff rc = 0
17:14:07 85B13320 PKI: Exiting PKIWireRequest err = 0
17:14:24 85B13320 PKI: Entering PKI_GetWorkingCAs
17:14:24 85B13320 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:14:24 85B13320 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:14:24 85B13320 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:14:24 85B13320 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:14:24 85B13320 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:14:24 85B13320 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:14:24 85B13320 PKI: PKI_StoreCAInfo: Mission Accomplished
17:14:24 85B13320 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:14:24 85B13320 PKI: Entering PKI_ReadMachineUniqueCA()...
17:14:24 85B13320 PKI: PKI_ReadMachineUniqueCA() returned 0
17:14:24 85B13320 PKI: Entering x509Decode
17:14:24 85B13320 PKI: certDataLen 1114
17:14:24 85B13320 PKI: 1st check succeeded
17:14:24 85B13320 PKI: 2nd check succeeded
17:14:24 85B13320 PKI: curMax 1110
17:14:24 85B13320 PKI: 3rd check succeeded
17:14:24 85B13320 PKI: curMax 998
17:14:24 85B13320 PKI: 4th check succeeded
17:14:24 85B13320 PKI: Malloc succeeded
17:14:24 85B13320 PKI: Entering PKI_GetWorkingCAs
17:14:24 85B13320 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:14:24 85B13320 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:14:24 85B13320 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:14:24 85B13320 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:14:24 85B13320 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:14:24 85B13320 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:14:24 85B13320 PKI: PKI_StoreCAInfo: Mission Accomplished
17:14:24 85B13320 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:14:24 85B13320 PKI: Entering x509Decode
17:14:24 85B13320 PKI: certDataLen 1243
17:14:24 85B13320 PKI: 1st check succeeded
17:14:24 85B13320 PKI: 2nd check succeeded
17:14:24 85B13320 PKI: curMax 1239
17:14:24 85B13320 PKI: 3rd check succeeded
17:14:24 85B13320 PKI: curMax 1082
17:14:24 85B13320 PKI: 4th check succeeded
17:14:24 85B13320 PKI: Malloc succeeded
17:17:18 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:17:18 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:17:18 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:17:18 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:17:18 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:17:18 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:17:18 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:17:18 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:17:18 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:17:18 85BD6040 PKI: Entering PKI_ReadMachineUniqueCA()...
17:17:18 85BD6040 PKI: PKI_ReadMachineUniqueCA() returned 0
17:17:18 85BD6040 PKI: Entering x509Decode
17:17:18 85BD6040 PKI: certDataLen 1114
17:17:18 85BD6040 PKI: 1st check succeeded
17:17:18 85BD6040 PKI: 2nd check succeeded
17:17:18 85BD6040 PKI: curMax 1110
17:17:18 85BD6040 PKI: 3rd check succeeded
17:17:18 85BD6040 PKI: curMax 998
17:17:18 85BD6040 PKI: 4th check succeeded
17:17:18 85BD6040 PKI: Malloc succeeded
17:17:18 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:17:18 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:17:18 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:17:18 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:17:18 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:17:18 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:17:18 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:17:18 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:17:18 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:17:18 85BD6040 PKI: Entering x509Decode
17:17:18 85BD6040 PKI: certDataLen 1243
17:17:18 85BD6040 PKI: 1st check succeeded
17:17:18 85BD6040 PKI: 2nd check succeeded
17:17:18 85BD6040 PKI: curMax 1239
17:17:18 85BD6040 PKI: 3rd check succeeded
17:17:18 85BD6040 PKI: curMax 1082
17:17:18 85BD6040 PKI: 4th check succeeded
17:17:18 85BD6040 PKI: Malloc succeeded
17:19:46 85BD6040 PKI: Entering PKIWireRequest
17:19:46 85BD6040 PKI: Entering PKIVerbHandOff
17:19:46 85BD6040 PKI: PKIVerbHandOff calling verb 5
17:19:46 85BD6040 PKI: Entering _PKIGetCertficates taskID: 0
17:19:46 85BD6040 PKI: _PKIGetCertificates : ODNLen = 39
17:19:46 85BD6040 PKI: GC: v-0
17:19:46 85BD6040 PKI: rf-x10
17:19:46 85BD6040 PKI: ODNlen-39
17:19:46 85BD6040 PKI: PKI_GetCertificates: Reading certs from object CN=ACME Corp CA.CN=Security
17:19:46 85BD6040 PKI: Entering PKI_ReturnObjectType()...
17:19:46 85BD6040 PKI: Exiting PKI_ReturnObjectType with 2
17:19:46 85BD6040 PKI: Entering PKI_GetKeyInfo()...
17:19:46 85BD6040 PKI: Entering PKI_ReturnObjectType()...
17:19:46 85BD6040 PKI: Exiting PKI_ReturnObjectType with 2
17:19:46 85BD6040 PKI: Leaving PKI_GetKeyInfo..... (0)
17:19:46 85BD6040 PKI: PKI_GetCertificates: Success!
17:19:46 85BD6040 PKI: PKIVerbHandOff returned 0
17:19:46 85BD6040 PKI: Exiting PKIVerbHandOff rc = 0
17:19:46 85BD6040 PKI: Exiting PKIWireRequest err = 0
17:19:46 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:19:46 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:19:46 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:19:46 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:19:46 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:19:46 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:19:46 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:19:46 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:19:46 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:19:46 85BD6040 PKI: Entering PKI_ReadMachineUniqueCA()...
17:19:46 85BD6040 PKI: PKI_ReadMachineUniqueCA() returned 0
17:19:46 85BD6040 PKI: Entering x509Decode
17:19:46 85BD6040 PKI: certDataLen 1114
17:19:46 85BD6040 PKI: 1st check succeeded
17:19:46 85BD6040 PKI: 2nd check succeeded
17:19:46 85BD6040 PKI: curMax 1110
17:19:46 85BD6040 PKI: 3rd check succeeded
17:19:46 85BD6040 PKI: curMax 998
17:19:46 85BD6040 PKI: 4th check succeeded
17:19:46 85BD6040 PKI: Malloc succeeded
17:19:46 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:19:46 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:19:46 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:19:46 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:19:46 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:19:46 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:19:46 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:19:46 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:19:46 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:19:46 85BD6040 PKI: Entering x509Decode
17:19:46 85BD6040 PKI: certDataLen 1243
17:19:46 85BD6040 PKI: 1st check succeeded
17:19:46 85BD6040 PKI: 2nd check succeeded
17:19:46 85BD6040 PKI: curMax 1239
17:19:46 85BD6040 PKI: 3rd check succeeded
17:19:46 85BD6040 PKI: curMax 1082
17:19:46 85BD6040 PKI: 4th check succeeded
17:19:46 85BD6040 PKI: Malloc succeeded
17:19:56 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:19:56 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:19:56 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:19:56 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:19:56 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:19:56 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:19:56 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:19:56 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:19:56 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:19:56 85BD6040 PKI: Entering PKI_ReadMachineUniqueCA()...
17:19:56 85BD6040 PKI: PKI_ReadMachineUniqueCA() returned 0
17:19:56 85BD6040 PKI: Entering x509Decode
17:19:56 85BD6040 PKI: certDataLen 1114
17:19:56 85BD6040 PKI: 1st check succeeded
17:19:56 85BD6040 PKI: 2nd check succeeded
17:19:56 85BD6040 PKI: curMax 1110
17:19:56 85BD6040 PKI: 3rd check succeeded
17:19:56 85BD6040 PKI: curMax 998
17:19:56 85BD6040 PKI: 4th check succeeded
17:19:56 85BD6040 PKI: Malloc succeeded
17:19:56 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:19:56 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:19:56 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:19:56 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:19:56 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:19:56 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:19:56 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:19:56 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:19:56 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:19:56 85BD6040 PKI: Entering x509Decode
17:19:56 85BD6040 PKI: certDataLen 1243
17:19:56 85BD6040 PKI: 1st check succeeded
17:19:56 85BD6040 PKI: 2nd check succeeded
17:19:56 85BD6040 PKI: curMax 1239
17:19:56 85BD6040 PKI: 3rd check succeeded
17:19:56 85BD6040 PKI: curMax 1082
17:19:56 85BD6040 PKI: 4th check succeeded
17:19:56 85BD6040 PKI: Malloc succeeded
17:19:58 85BD6040 PKI: Entering PKIWireRequest
17:19:58 85BD6040 PKI: Entering PKIVerbHandOff
17:19:58 85BD6040 PKI: PKIVerbHandOff calling verb 4
17:19:58 85BD6040 PKI: SC: v-3
17:19:58 85BD6040 PKI: cl-945 data-
17:19:58 85BD6040 PKI: SC: hashLen-128
17:19:58 85BD6040 PKI: numInChain-3
17:19:58 85BD6040 PKI: chainLen-3598
17:19:58 85BD6040 PKI: sa-4
17:19:58 85BD6040 PKI: dF-x0
17:19:58 85BD6040 PKI: vf-x49AC409E
17:19:58 85BD6040 PKI: vt-x4D6EA79E
17:19:58 85BD6040 PKI: SC: subjLen-26
17:19:58 85BD6040 PKI: subjDN-.O=NE_IDN.CN=192.168.1.201
17:19:58 85BD6040 PKI: SC: serverLen-14
17:19:58 85BD6040 PKI: serverDN-CN=ACME01.O=ACME
17:19:58 85BD6040 PKI: Entering PKI_GenerateCertificateFromCSR....
17:19:58 85BD6040 PKI: CSR is internal.
17:19:58 85BD6040 PKI: Validity Check Passes...
17:19:58 85BD6040 PKI: PKI_GenerateCertificateFromCSR: Setting subject name to .O=NE_IDN.CN=192.168.1.201
17:19:58 85BD6040 PKI: Entering getNextNameComponent...
17:19:58 85BD6040 PKI: Entering getNameOID - name to be parsed: .O=NE_IDN.CN=192.168.1.201
17:19:58 85BD6040 PKI: getNameOID: incoming token is O=
17:19:58 85BD6040 PKI: getNextNameComponent: name=
17:19:58 85BD6040 PKI: N
17:19:58 85BD6040 PKI: E
17:19:58 85BD6040 PKI: _
17:19:58 85BD6040 PKI: I
17:19:58 85BD6040 PKI: D
17:19:58 85BD6040 PKI: N
17:19:58 85BD6040 PKI: -- found '.' checking for new token.
17:19:58 85BD6040 PKI: Entering getNameOID - name to be parsed: .CN=192.168.1.201
17:19:58 85BD6040 PKI: getNameOID: incoming token is CN=
17:19:58 85BD6040 PKI:
17:19:58 85BD6040 PKI: getNextNameComponent: 9 parsed
17:19:58 85BD6040 PKI: getNextNameComponent: rc = 0
17:19:58 85BD6040 PKI: Entering getNextNameComponent...
17:19:58 85BD6040 PKI: Entering getNameOID - name to be parsed: .CN=192.168.1.201
17:19:58 85BD6040 PKI: getNameOID: incoming token is CN=
17:19:58 85BD6040 PKI: getNextNameComponent: name=
17:19:58 85BD6040 PKI: 1
17:19:58 85BD6040 PKI: 9
17:19:58 85BD6040 PKI: 2
17:19:58 85BD6040 PKI: -- found '.' checking for new token.
17:19:58 85BD6040 PKI: Entering getNameOID - name to be parsed: .168.1.201
17:19:58 85BD6040 PKI: getNameOID: incoming name did end with an =
17:19:58 85BD6040 PKI: .
17:19:58 85BD6040 PKI: 1
17:19:58 85BD6040 PKI: 6
17:19:58 85BD6040 PKI: 8
17:19:58 85BD6040 PKI: -- found '.' checking for new token.
17:19:58 85BD6040 PKI: Entering getNameOID - name to be parsed: .1.201
17:19:58 85BD6040 PKI: getNameOID: incoming name did end with an =
17:19:58 85BD6040 PKI: .
17:19:58 85BD6040 PKI: 1
17:19:58 85BD6040 PKI: -- found '.' checking for new token.
17:19:58 85BD6040 PKI: Entering getNameOID - name to be parsed: .201
17:19:58 85BD6040 PKI: getNameOID: incoming name did end with an =
17:19:58 85BD6040 PKI: .
17:19:58 85BD6040 PKI: 2
17:19:58 85BD6040 PKI: 0
17:19:58 85BD6040 PKI: 1
17:19:58 85BD6040 PKI:
17:19:58 85BD6040 PKI: getNextNameComponent: 17 parsed
17:19:58 85BD6040 PKI: getNextNameComponent: rc = 0
17:19:58 85BD6040 PKI: Key Usage completed.
17:19:58 85BD6040 PKI: Basic Constaints completed.
17:19:58 85BD6040 PKI: Subject Alt Names completed.
17:19:58 85BD6040 PKI: Novell Security Attribute completed.
17:19:58 85BD6040 PKI: Entering PKI_GetWorkingCAs
Monday, Mar 2, 2009
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:19:58 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:19:58 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:19:58 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:19:58 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:19:58 85BD6040 PKI: PKI_ReadCAPrivateKey: Unable to load CA private key (-1418)
17:19:58 85BD6040 PKI: SC: err from PKI_GenerateCertificateFromCSR = -1418
17:19:58 85BD6040 PKI: PKIVerbHandOff returned -1418
17:19:58 85BD6040 PKI: Exiting PKIVerbHandOff rc = -1418
17:19:58 85BD6040 PKI: Exiting PKIWireRequest err = -1418
17:19:58 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:19:58 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:19:58 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:19:58 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:19:58 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:19:58 85BD6040 PKI: Entering PKI_ReadMachineUniqueCA()...
17:19:58 85BD6040 PKI: PKI_ReadMachineUniqueCA() returned 0
17:19:58 85BD6040 PKI: Entering x509Decode
17:19:58 85BD6040 PKI: certDataLen 1114
17:19:58 85BD6040 PKI: 1st check succeeded
17:19:58 85BD6040 PKI: 2nd check succeeded
17:19:58 85BD6040 PKI: curMax 1110
17:19:58 85BD6040 PKI: 3rd check succeeded
17:19:58 85BD6040 PKI: curMax 998
17:19:58 85BD6040 PKI: 4th check succeeded
17:19:58 85BD6040 PKI: Malloc succeeded
17:19:58 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:19:58 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:19:58 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:19:58 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:19:58 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:19:58 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:19:58 85BD6040 PKI: Entering x509Decode
17:19:58 85BD6040 PKI: certDataLen 1243
17:19:58 85BD6040 PKI: 1st check succeeded
17:19:58 85BD6040 PKI: 2nd check succeeded
17:19:58 85BD6040 PKI: curMax 1239
17:19:58 85BD6040 PKI: 3rd check succeeded
17:19:58 85BD6040 PKI: curMax 1082
17:19:58 85BD6040 PKI: 4th check succeeded
17:19:58 85BD6040 PKI: Malloc succeeded
17:20:01 85BD6040 PKI: Entering PKIWireRequest
17:20:01 85BD6040 PKI: Entering PKIVerbHandOff
17:20:01 85BD6040 PKI: PKIVerbHandOff calling verb 4
17:20:01 85BD6040 PKI: SC: v-3
17:20:01 85BD6040 PKI: cl-945 data-
17:20:01 85BD6040 PKI: SC: hashLen-128
17:20:01 85BD6040 PKI: numInChain-3
17:20:01 85BD6040 PKI: chainLen-3598
17:20:01 85BD6040 PKI: sa-4
17:20:01 85BD6040 PKI: dF-x0
17:20:01 85BD6040 PKI: vf-x49AC409E
17:20:01 85BD6040 PKI: vt-x4D6EA79E
17:20:01 85BD6040 PKI: SC: subjLen-26
17:20:01 85BD6040 PKI: subjDN-.O=NE_IDN.CN=192.168.1.201
17:20:01 85BD6040 PKI: SC: serverLen-14
17:20:01 85BD6040 PKI: serverDN-CN=ACME01.O=ACME
17:20:01 85BD6040 PKI: Entering PKI_GenerateCertificateFromCSR....
17:20:01 85BD6040 PKI: CSR is internal.
17:20:01 85BD6040 PKI: Validity Check Passes...
17:20:01 85BD6040 PKI: PKI_GenerateCertificateFromCSR: Setting subject name to .O=NE_IDN.CN=192.168.1.201
17:20:01 85BD6040 PKI: Entering getNextNameComponent...
17:20:01 85BD6040 PKI: Entering getNameOID - name to be parsed: .O=NE_IDN.CN=192.168.1.201
17:20:01 85BD6040 PKI: getNameOID: incoming token is O=
17:20:01 85BD6040 PKI: getNextNameComponent: name=
17:20:01 85BD6040 PKI: N
17:20:01 85BD6040 PKI: E
17:20:01 85BD6040 PKI: _
17:20:01 85BD6040 PKI: I
17:20:01 85BD6040 PKI: D
17:20:01 85BD6040 PKI: N
17:20:01 85BD6040 PKI: -- found '.' checking for new token.
17:20:01 85BD6040 PKI: Entering getNameOID - name to be parsed: .CN=192.168.1.201
17:20:01 85BD6040 PKI: getNameOID: incoming token is CN=
17:20:01 85BD6040 PKI:
17:20:01 85BD6040 PKI: getNextNameComponent: 9 parsed
17:20:01 85BD6040 PKI: getNextNameComponent: rc = 0
17:20:01 85BD6040 PKI: Entering getNextNameComponent...
17:20:01 85BD6040 PKI: Entering getNameOID - name to be parsed: .CN=192.168.1.201
17:20:01 85BD6040 PKI: getNameOID: incoming token is CN=
17:20:01 85BD6040 PKI: getNextNameComponent: name=
17:20:01 85BD6040 PKI: 1
17:20:01 85BD6040 PKI: 9
17:20:01 85BD6040 PKI: 2
17:20:01 85BD6040 PKI: -- found '.' checking for new token.
17:20:01 85BD6040 PKI: Entering getNameOID - name to be parsed: .168.1.201
17:20:01 85BD6040 PKI: getNameOID: incoming name did end with an =
17:20:01 85BD6040 PKI: .
17:20:01 85BD6040 PKI: 1
17:20:01 85BD6040 PKI: 6
17:20:01 85BD6040 PKI: 8
17:20:01 85BD6040 PKI: -- found '.' checking for new token.
17:20:01 85BD6040 PKI: Entering getNameOID - name to be parsed: .1.201
17:20:01 85BD6040 PKI: getNameOID: incoming name did end with an =
17:20:01 85BD6040 PKI: .
17:20:01 85BD6040 PKI: 1
17:20:01 85BD6040 PKI: -- found '.' checking for new token.
17:20:01 85BD6040 PKI: Entering getNameOID - name to be parsed: .201
17:20:01 85BD6040 PKI: getNameOID: incoming name did end with an =
17:20:01 85BD6040 PKI: .
17:20:01 85BD6040 PKI: 2
17:20:01 85BD6040 PKI: 0
17:20:01 85BD6040 PKI: 1
17:20:01 85BD6040 PKI:
17:20:01 85BD6040 PKI: getNextNameComponent: 17 parsed
17:20:01 85BD6040 PKI: getNextNameComponent: rc = 0
17:20:01 85BD6040 PKI: Key Usage completed.
17:20:01 85BD6040 PKI: Basic Constaints completed.
17:20:01 85BD6040 PKI: Subject Alt Names completed.
17:20:01 85BD6040 PKI: Novell Security Attribute completed.
17:20:01 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:20:01 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:20:01 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:20:01 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:20:01 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:20:01 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:20:01 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:20:01 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:20:01 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:20:01 85BD6040 PKI: PKI_ReadCAPrivateKey: Unable to load CA private key (-1418)
17:20:01 85BD6040 PKI: SC: err from PKI_GenerateCertificateFromCSR = -1418
17:20:01 85BD6040 PKI: PKIVerbHandOff returned -1418
17:20:01 85BD6040 PKI: Exiting PKIVerbHandOff rc = -1418
17:20:01 85BD6040 PKI: Exiting PKIWireRequest err = -1418
17:20:01 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:20:01 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:20:01 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:20:01 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:20:01 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:20:01 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:20:01 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:20:01 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:20:01 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:20:01 85BD6040 PKI: Entering PKI_ReadMachineUniqueCA()...
17:20:01 85BD6040 PKI: PKI_ReadMachineUniqueCA() returned 0
17:20:01 85BD6040 PKI: Entering x509Decode
17:20:01 85BD6040 PKI: certDataLen 1114
17:20:01 85BD6040 PKI: 1st check succeeded
17:20:01 85BD6040 PKI: 2nd check succeeded
17:20:01 85BD6040 PKI: curMax 1110
17:20:01 85BD6040 PKI: 3rd check succeeded
17:20:01 85BD6040 PKI: curMax 998
17:20:01 85BD6040 PKI: 4th check succeeded
17:20:01 85BD6040 PKI: Malloc succeeded
17:20:01 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:20:01 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:20:01 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:20:01 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:20:01 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:20:01 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:20:01 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:20:01 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:20:01 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:20:01 85BD6040 PKI: Entering x509Decode
17:20:01 85BD6040 PKI: certDataLen 1243
17:20:01 85BD6040 PKI: 1st check succeeded
17:20:01 85BD6040 PKI: 2nd check succeeded
17:20:01 85BD6040 PKI: curMax 1239
17:20:01 85BD6040 PKI: 3rd check succeeded
17:20:01 85BD6040 PKI: curMax 1082
17:20:01 85BD6040 PKI: 4th check succeeded
17:20:01 85BD6040 PKI: Malloc succeeded
17:20:03 85BD6040 PKI: Entering PKIWireRequest
17:20:03 85BD6040 PKI: Entering PKIVerbHandOff
17:20:03 85BD6040 PKI: PKIVerbHandOff calling verb 4
17:20:03 85BD6040 PKI: SC: v-3
17:20:03 85BD6040 PKI: cl-931 data-
17:20:03 85BD6040 PKI: SC: hashLen-128
17:20:03 85BD6040 PKI: numInChain-3
17:20:03 85BD6040 PKI: chainLen-3598
17:20:03 85BD6040 PKI: sa-4
17:20:03 85BD6040 PKI: dF-x0
17:20:03 85BD6040 PKI: vf-x49AC409E
17:20:03 85BD6040 PKI: vt-x4D6EA79E
17:20:03 85BD6040 PKI: SC: subjLen-18
17:20:03 85BD6040 PKI: subjDN-.O=NE_IDN.CN=ACME01
17:20:03 85BD6040 PKI: SC: serverLen-14
17:20:03 85BD6040 PKI: serverDN-CN=ACME01.O=ACME
17:20:03 85BD6040 PKI: Entering PKI_GenerateCertificateFromCSR....
17:20:03 85BD6040 PKI: CSR is internal.
17:20:03 85BD6040 PKI: Validity Check Passes...
17:20:03 85BD6040 PKI: PKI_GenerateCertificateFromCSR: Setting subject name to .O=NE_IDN.CN=ACME01
17:20:03 85BD6040 PKI: Entering getNextNameComponent...
17:20:03 85BD6040 PKI: Entering getNameOID - name to be parsed: .O=NE_IDN.CN=ACME01
17:20:03 85BD6040 PKI: getNameOID: incoming token is O=
17:20:03 85BD6040 PKI: getNextNameComponent: name=
17:20:03 85BD6040 PKI: N
17:20:03 85BD6040 PKI: E
17:20:03 85BD6040 PKI: _
17:20:03 85BD6040 PKI: I
17:20:03 85BD6040 PKI: D
17:20:03 85BD6040 PKI: N
17:20:03 85BD6040 PKI: -- found '.' checking for new token.
17:20:03 85BD6040 PKI: Entering getNameOID - name to be parsed: .CN=ACME01
17:20:03 85BD6040 PKI: getNameOID: incoming token is CN=
17:20:03 85BD6040 PKI:
17:20:03 85BD6040 PKI: getNextNameComponent: 9 parsed
17:20:03 85BD6040 PKI: getNextNameComponent: rc = 0
17:20:03 85BD6040 PKI: Entering getNextNameComponent...
17:20:03 85BD6040 PKI: Entering getNameOID - name to be parsed: .CN=ACME01
17:20:03 85BD6040 PKI: getNameOID: incoming token is CN=
17:20:03 85BD6040 PKI: getNextNameComponent: name=
17:20:03 85BD6040 PKI: A
17:20:03 85BD6040 PKI: C
17:20:03 85BD6040 PKI: M
17:20:03 85BD6040 PKI: E
17:20:03 85BD6040 PKI: 1
17:20:03 85BD6040 PKI:
17:20:03 85BD6040 PKI: getNextNameComponent: 9 parsed
17:20:03 85BD6040 PKI: getNextNameComponent: rc = 0
17:20:03 85BD6040 PKI: Key Usage completed.
17:20:03 85BD6040 PKI: Basic Constaints completed.
17:20:03 85BD6040 PKI: Subject Alt Names completed.
17:20:03 85BD6040 PKI: Novell Security Attribute completed.
17:20:03 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:20:03 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:20:03 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:20:03 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:20:03 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:20:03 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:20:03 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:20:03 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:20:03 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:20:03 85BD6040 PKI: PKI_ReadCAPrivateKey: Unable to load CA private key (-1418)
17:20:03 85BD6040 PKI: SC: err from PKI_GenerateCertificateFromCSR = -1418
17:20:03 85BD6040 PKI: PKIVerbHandOff returned -1418
17:20:03 85BD6040 PKI: Exiting PKIVerbHandOff rc = -1418
17:20:03 85BD6040 PKI: Exiting PKIWireRequest err = -1418
17:20:04 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:20:04 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:20:04 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:20:04 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:20:04 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:20:04 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:20:04 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:20:04 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:20:04 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:20:04 85BD6040 PKI: Entering PKI_ReadMachineUniqueCA()...
17:20:04 85BD6040 PKI: PKI_ReadMachineUniqueCA() returned 0
17:20:04 85BD6040 PKI: Entering x509Decode
Monday, Mar 2, 2009
17:20:04 85BD6040 PKI: certDataLen 1114
17:20:04 85BD6040 PKI: 1st check succeeded
17:20:04 85BD6040 PKI: 2nd check succeeded
17:20:04 85BD6040 PKI: curMax 1110
17:20:04 85BD6040 PKI: 3rd check succeeded
17:20:04 85BD6040 PKI: curMax 998
17:20:04 85BD6040 PKI: 4th check succeeded
17:20:04 85BD6040 PKI: Malloc succeeded
17:20:04 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:20:04 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:20:04 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:20:04 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:20:04 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:20:04 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:20:04 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:20:04 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:20:04 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:20:04 85BD6040 PKI: Entering x509Decode
17:20:04 85BD6040 PKI: certDataLen 1243
17:20:04 85BD6040 PKI: 1st check succeeded
17:20:04 85BD6040 PKI: 2nd check succeeded
17:20:04 85BD6040 PKI: curMax 1239
17:20:04 85BD6040 PKI: 3rd check succeeded
17:20:04 85BD6040 PKI: curMax 1082
17:20:04 85BD6040 PKI: 4th check succeeded
17:20:04 85BD6040 PKI: Malloc succeeded
17:20:06 85BD6040 PKI: Entering PKIWireRequest
17:20:06 85BD6040 PKI: Entering PKIVerbHandOff
17:20:06 85BD6040 PKI: PKIVerbHandOff calling verb 4
17:20:06 85BD6040 PKI: SC: v-3
17:20:06 85BD6040 PKI: cl-931 data-
17:20:06 85BD6040 PKI: SC: hashLen-128
17:20:06 85BD6040 PKI: numInChain-3
17:20:06 85BD6040 PKI: chainLen-3598
17:20:06 85BD6040 PKI: sa-4
17:20:06 85BD6040 PKI: dF-x0
17:20:06 85BD6040 PKI: vf-x49AC409E
17:20:06 85BD6040 PKI: vt-x4D6EA79E
17:20:06 85BD6040 PKI: SC: subjLen-18
17:20:06 85BD6040 PKI: subjDN-.O=NE_IDN.CN=ACME01
17:20:06 85BD6040 PKI: SC: serverLen-14
17:20:06 85BD6040 PKI: serverDN-CN=ACME01.O=ACME
17:20:06 85BD6040 PKI: Entering PKI_GenerateCertificateFromCSR....
17:20:06 85BD6040 PKI: CSR is internal.
17:20:06 85BD6040 PKI: Validity Check Passes...
17:20:06 85BD6040 PKI: PKI_GenerateCertificateFromCSR: Setting subject name to .O=NE_IDN.CN=ACME01
17:20:06 85BD6040 PKI: Entering getNextNameComponent...
17:20:06 85BD6040 PKI: Entering getNameOID - name to be parsed: .O=NE_IDN.CN=ACME01
17:20:06 85BD6040 PKI: getNameOID: incoming token is O=
17:20:06 85BD6040 PKI: getNextNameComponent: name=
17:20:06 85BD6040 PKI: N
17:20:06 85BD6040 PKI: E
17:20:06 85BD6040 PKI: _
17:20:06 85BD6040 PKI: I
17:20:06 85BD6040 PKI: D
17:20:06 85BD6040 PKI: N
17:20:06 85BD6040 PKI: -- found '.' checking for new token.
17:20:06 85BD6040 PKI: Entering getNameOID - name to be parsed: .CN=ACME01
17:20:06 85BD6040 PKI: getNameOID: incoming token is CN=
17:20:06 85BD6040 PKI:
17:20:06 85BD6040 PKI: getNextNameComponent: 9 parsed
17:20:06 85BD6040 PKI: getNextNameComponent: rc = 0
17:20:06 85BD6040 PKI: Entering getNextNameComponent...
17:20:06 85BD6040 PKI: Entering getNameOID - name to be parsed: .CN=ACME01
17:20:06 85BD6040 PKI: getNameOID: incoming token is CN=
17:20:06 85BD6040 PKI: getNextNameComponent: name=
17:20:06 85BD6040 PKI: A
17:20:06 85BD6040 PKI: C
17:20:06 85BD6040 PKI: M
17:20:06 85BD6040 PKI: E
17:20:06 85BD6040 PKI: 1
17:20:06 85BD6040 PKI:
17:20:06 85BD6040 PKI: getNextNameComponent: 9 parsed
17:20:06 85BD6040 PKI: getNextNameComponent: rc = 0
17:20:06 85BD6040 PKI: Key Usage completed.
17:20:06 85BD6040 PKI: Basic Constaints completed.
17:20:06 85BD6040 PKI: Subject Alt Names completed.
17:20:06 85BD6040 PKI: Novell Security Attribute completed.
17:20:06 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:20:06 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:20:06 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:20:06 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:20:06 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:20:06 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:20:06 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:20:06 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:20:06 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:20:06 85BD6040 PKI: PKI_ReadCAPrivateKey: Unable to load CA private key (-1418)
17:20:06 85BD6040 PKI: SC: err from PKI_GenerateCertificateFromCSR = -1418
17:20:06 85BD6040 PKI: PKIVerbHandOff returned -1418
17:20:06 85BD6040 PKI: Exiting PKIVerbHandOff rc = -1418
17:20:06 85BD6040 PKI: Exiting PKIWireRequest err = -1418
17:20:07 85BD6040 PKI: Entering PKIWireRequest
17:20:07 85BD6040 PKI: Entering PKIVerbHandOff
17:20:07 85BD6040 PKI: PKIVerbHandOff calling verb 5
17:20:07 85BD6040 PKI: Entering _PKIGetCertficates taskID: 0
17:20:07 85BD6040 PKI: _PKIGetCertificates : ODNLen = 39
17:20:07 85BD6040 PKI: GC: v-0
17:20:07 85BD6040 PKI: rf-x10
17:20:07 85BD6040 PKI: ODNlen-39
17:20:07 85BD6040 PKI: PKI_GetCertificates: Reading certs from object CN=ACME Corp CA.CN=Security
17:20:07 85BD6040 PKI: Entering PKI_ReturnObjectType()...
17:20:07 85BD6040 PKI: Exiting PKI_ReturnObjectType with 2
17:20:07 85BD6040 PKI: Entering PKI_GetKeyInfo()...
17:20:07 85BD6040 PKI: Entering PKI_ReturnObjectType()...
17:20:07 85BD6040 PKI: Exiting PKI_ReturnObjectType with 2
17:20:07 85BD6040 PKI: Leaving PKI_GetKeyInfo..... (0)
17:20:07 85BD6040 PKI: PKI_GetCertificates: Success!
17:20:07 85BD6040 PKI: PKIVerbHandOff returned 0
17:20:07 85BD6040 PKI: Exiting PKIVerbHandOff rc = 0
17:20:07 85BD6040 PKI: Exiting PKIWireRequest err = 0
17:20:07 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:20:07 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:20:07 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:20:07 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:20:07 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:20:07 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:20:07 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:20:07 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:20:07 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:20:07 85BD6040 PKI: Entering PKI_ReadMachineUniqueCA()...
17:20:07 85BD6040 PKI: PKI_ReadMachineUniqueCA() returned 0
17:20:07 85BD6040 PKI: Entering x509Decode
17:20:07 85BD6040 PKI: certDataLen 1114
17:20:07 85BD6040 PKI: 1st check succeeded
17:20:07 85BD6040 PKI: 2nd check succeeded
17:20:07 85BD6040 PKI: curMax 1110
17:20:07 85BD6040 PKI: 3rd check succeeded
17:20:07 85BD6040 PKI: curMax 998
17:20:07 85BD6040 PKI: 4th check succeeded
17:20:07 85BD6040 PKI: Malloc succeeded
17:20:07 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:20:07 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:20:07 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:20:07 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:20:07 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:20:07 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:20:07 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:20:07 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:20:07 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:20:07 85BD6040 PKI: Entering x509Decode
17:20:07 85BD6040 PKI: certDataLen 1243
17:20:07 85BD6040 PKI: 1st check succeeded
17:20:07 85BD6040 PKI: 2nd check succeeded
17:20:07 85BD6040 PKI: curMax 1239
17:20:07 85BD6040 PKI: 3rd check succeeded
17:20:07 85BD6040 PKI: curMax 1082
17:20:07 85BD6040 PKI: 4th check succeeded
17:20:07 85BD6040 PKI: Malloc succeeded
17:20:07 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:20:07 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:20:07 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:20:07 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:20:07 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:20:07 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:20:07 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:20:07 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:20:07 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:20:07 85BD6040 PKI: Entering PKI_ReadMachineUniqueCA()...
17:20:07 85BD6040 PKI: PKI_ReadMachineUniqueCA() returned 0
17:20:07 85BD6040 PKI: Entering x509Decode
17:20:07 85BD6040 PKI: certDataLen 1114
17:20:07 85BD6040 PKI: 1st check succeeded
17:20:07 85BD6040 PKI: 2nd check succeeded
17:20:07 85BD6040 PKI: curMax 1110
17:20:07 85BD6040 PKI: 3rd check succeeded
17:20:07 85BD6040 PKI: curMax 998
17:20:07 85BD6040 PKI: 4th check succeeded
17:20:07 85BD6040 PKI: Malloc succeeded
17:20:07 85BD6040 PKI: Entering PKI_GetWorkingCAs
17:20:07 85BD6040 PKI: PKI_GetWorkingCAs: Original ServerDN = ACME9.ACME
17:20:07 85BD6040 PKI: GetSecurityObjectName: Security Container type SAS:Security
17:20:07 85BD6040 PKI: PKI_GetWorkingCAs: treeCADN = ACME Corp CA.Security
17:20:07 85BD6040 PKI: PKI_GetWorkingCAs: treeCA host Server = ACME9.ACME
17:20:07 85BD6040 PKI: PKI_GetWorkingCAs: This Server is the host server!
17:20:07 85BD6040 PKI: PKI_StoreCAInfo: ServerDN = ACME9.ACME
17:20:07 85BD6040 PKI: PKI_StoreCAInfo: Mission Accomplished
17:20:07 85BD6040 PKI: Exiting PKI_GetWorkingCAs ccode = 0
17:20:07 85BD6040 PKI: Entering x509Decode
17:20:07 85BD6040 PKI: certDataLen 1243
17:20:07 85BD6040 PKI: 1st check succeeded
17:20:07 85BD6040 PKI: 2nd check succeeded
17:20:07 85BD6040 PKI: curMax 1239
17:20:07 85BD6040 PKI: 3rd check succeeded
17:20:07 85BD6040 PKI: curMax 1082
17:20:07 85BD6040 PKI: 4th check succeeded
17:20:07 85BD6040 PKI: Malloc succeeded
17:20:07 85BD6040 PKI: Entering PKIWireRequest
17:20:07 85BD6040 PKI: Entering PKIVerbHandOff
17:20:07 85BD6040 PKI: PKIVerbHandOff calling verb 14
17:20:07 85BD6040 PKI: Entering _PKISGetIPAndDNSAddresses
17:20:07 85BD6040 PKI: Host name = ACME12
17:20:07 85BD6040 PKI: Reading IP Addresses ...
17:20:07 85BD6040 PKI: WSALookupServiceBegin successful
17:20:17 85BD6040 PKI: WSALookupServiceNext successful
17:20:17 85BD6040 PKI: HostAddress:
17:20:17 85BD6040 PKI: 192.
17:20:17 85BD6040 PKI: 168.
17:20:17 85BD6040 PKI: 1.
17:20:17 85BD6040 PKI: 200
17:20:17 85BD6040 PKI: -Ignoring duplicate IP address:
17:20:17 85BD6040 PKI: 192.
17:20:17 85BD6040 PKI: 168.
17:20:17 85BD6040 PKI: 1.
17:20:17 85BD6040 PKI: 200
17:20:17 85BD6040 PKI: WSALookupServiceNext successful
17:20:17 85BD6040 PKI: -Ignoring duplicate IP address:
17:20:17 85BD6040 PKI: 192.
17:20:17 85BD6040 PKI: 168.
17:20:17 85BD6040 PKI: 1.
17:20:17 85BD6040 PKI: 200
17:20:17 85BD6040 PKI: WSALookupServiceNext error -1
17:20:17 85BD6040 PKI: WSAGetLastError -- 10110 -- no more data (Normal Error)
17:20:17 85BD6040 PKI: WSALookupServiceEnd
17:20:17 85BD6040 PKI: Reading DNS Addresses ...
17:20:17 85BD6040 PKI: WSALookupServiceBegin successful
17:20:17 85BD6040 PKI: WSALookupServiceNext successful
17:20:17 85BD6040 PKI: DNS Name for IP Address 192.168.1.200 = ACME12
17:20:17 85BD6040 PKI: WSALookupServiceNext error -1
17:20:17 85BD6040 PKI: WSAGetLastError -- 10110 -- no more data (Normal Error)
17:20:17 85BD6040 PKI: WSALookupServiceEnd
17:20:17 85BD6040 PKI: GetIPAndDNSAddresses returning (0)
17:20:17 85BD6040 PKI: _PKISGetIPAndDNSAddresses returning (0)
17:20:17 85BD6040 PKI: PKIVerbHandOff returned 0
17:20:17 85BD6040 PKI: Exiting PKIVerbHandOff rc = 0
17:20:17 85BD6040 PKI: Exiting PKIWireRequest err = 0 

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)
PKI Server startup in DSTrace + pki, 5.0 out of 5 based on 1 rating

Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Comment