Red Hat CERTIFICATE SYSTEM 7.2 - RELEASE NOTES Release Note page 15

Bug Number Description
and create a new secmod.db database.
58745 If two TPS instances are running on the same machine, stopping or restarting one in-
stance will automatically restart the other instance. It is recommended that only one
TPS instance run per machine.
58759 There are exception errors when trying to install a renewed certificate in the subsystem
certificate database through the administrative console. Instead of using the Console to
install renewed subsystem certificates, use the certutil utility.
58761 The HTML-based instance configuration wizard is only supported on Mozilla Firefox.
Using an unsupported browser can result in incorrect behavior. For example, in Mi-
crosoft Explorer, the pretty-print certificates and the certificate requests are displayed
on a single line.
58764
When setting up a clone, the Certificate System clone instance may record errors con-
cerning the ancestorid attribute in the error log:
[30/Oct/2006:11:04:00 -0800] - warning:
ancestorid not indexed on 21
[30/Oct/2006:11:04:00 -0800] - warning:
ancestorid not indexed on 21
[30/Oct/2006:11:04:00 -0800] - warning:
ancestorid not indexed on 21
These warnings can be ignored because they only indicate that the request repository
is empty at the time the clone is configured; they do not indicate a problem with the
clone instance.
58773
If a subsystem within a security domain needs to be re-installed, there may be a sub-
system user already created in the security domain CA's user database if the previous
installation was either successfully completed or stopped after the security domain was
selected. Since the user names are created based on the hostname and port number, if
the same port number is reused, the pre-existing entry prevents the next installation
from inserting its subsystem certificate into the subsystem user's entry in the security
domain. This causes the instance to fail to start because the authentication to the se-
curity domain fails. This can happen on any subsystem which is reinstalled, except for
the security domain CA itself.
To reinstall a subsystem without encountering these authentication errors, do the fol-
lowing:
1. When installation is aborted - or when completed, but it needs redone - remove the
instance. For example:
pkiremove -pki_instance_root=/var/lib
-pki_instance_name=rhpki-tps
2. Open the Console for the security domain CA, and remove the subsystem user from
the security domain CA user database:
Known Issues
15