Endi S. Dewata

@rjrelyea We have a tool (written by @cipherboy) that parses the constants from pkcs11t.h and pkcs11n.h and put them into PKCS11Constants.java so they are accessible from Java applications. There are...

Server startup log: ``` Started PKI Tomcat Server pki-tomcat. Java virtual machine used: /usr/share/java-utils/java-wrapper classpath used: /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/lib/java/commons-daemon.jar main class used: org.apache.catalina.startup.Bootstrap flags used: -Dcom.redhat.fips=false options used: -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp...

Server connection log: ``` FINE: JSSContext.createSSLEngine() FINE: JSSContextSpi.engineCreateSSLEngine() FINE: JSSEngine: constructor() FINE: JSSEngine: setKeyManager(org.mozilla.jss.provider.javax.crypto.JSSTokenKeyManager) FINE: JSSEngine: setTrustManagers( FINE: - org.mozilla.jss.provider.javax.crypto.JSSNativeTrustManager FINE: ) FINE: JSSKeyManager: getPrivateKey(HSM:sslserver) FINE: JSSEngine.setUseClientMode(false) FINE: JSSEngine: setEnabledProtocols(...

@fmarco76 Thanks! Yeah, in the past there was an idea to support multiple subsystems of the same type, so they will have different IDs (e.g. `ca1`, `ca2`) but the same...

@rcritten @tbordaz I think this is the issue I mentioned to you a few days ago. In upstream PKI CI we're only observing this issue in IPA tests which use...

@tbordaz Thanks for the info. @amore17 @flo-renaud @rcritten Which DS version was used in the above test? Is it possible to test with the latest DS?

@flo-renaud Thanks. In that case I would suggest switching to DS 3.0 as @tbordaz suggested. From PKI side it might be possible to change the sequential serial numbers to use...

Just FYI, I checked PKI CI execution history, here's the last commit where IPA installation was still successful (although there was a subsequent test failure): https://github.com/dogtagpki/pki/commit/043ab92c59e392fd6ce3fdb06a0898eb255138f6 https://github.com/dogtagpki/pki/actions/runs/8605380653/job/23581813228#step:6:268 Then here is...

FYI, recently @fmarco76 managed to drop VLV dependency from the code that we use to access the cert records in DS: https://github.com/dogtagpki/pki/pull/4735 With this change at least IPA installation was...

Could we close this ticket and create new tickets for those issues? We will need more specific steps to reproduce and logs too.