<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:Helvetica;
        panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
        {font-family:SimSun;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
        {font-family:SimSun;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:SimSun;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
h3
        {mso-style-priority:9;
        mso-style-link:"Heading 3 Char";
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:13.5pt;
        font-family:SimSun;
        font-weight:bold;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:SimSun;}
span.EmailStyle17
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.Heading3Char
        {mso-style-name:"Heading 3 Char";
        mso-style-priority:9;
        mso-style-link:"Heading 3";
        font-family:SimSun;
        font-weight:bold;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=ZH-CN link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:#1F497D'>So, just as what I suggested in last mail, please copy the files from server to client again and run provisioner.sh:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:12.0pt;margin-right:0cm;margin-bottom:11.25pt;margin-left:0cm;background:white'><b><span lang=EN-US style='font-size:18.0pt;font-family:"Helvetica","sans-serif";color:#333333'>1.3.1 copy PrivacyCA.cer and TrustStore.jks from appraiser to client.<o:p></o:p></span></b></p><p class=MsoNormal style='mso-margin-top-alt:11.25pt;margin-right:0cm;margin-bottom:11.25pt;margin-left:0cm;line-height:18.75pt;background:white'><span lang=EN-US style='font-size:11.5pt;font-family:"Helvetica","sans-serif";color:#333333'>Copy :/var/lib/oat-appraiser/ClientFiles/PrivacyCA.cer to :/usr/share/oat-client/<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:11.25pt;margin-right:0cm;margin-bottom:11.25pt;margin-left:0cm;line-height:18.75pt;background:white'><span lang=EN-US style='font-size:11.5pt;font-family:"Helvetica","sans-serif";color:#333333'>Copy :/var/lib/oat-appraiser/ClientFiles/TrustStore.jks to :/usr/share/oat-client/<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:11.25pt;margin-right:0cm;margin-bottom:11.25pt;margin-left:0cm;line-height:18.75pt;background:white'><b><i><span lang=EN-US style='font-size:11.5pt;font-family:"Helvetica","sans-serif";color:#333333'>Notes: please repeat above steps in case you have re-deployed your oat appraiser.</span></i></b><span lang=EN-US style='font-size:11.5pt;font-family:"Helvetica","sans-serif";color:#333333'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN style='font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN style='font-family:"Calibri","sans-serif";color:#1F497D'>Thanks<o:p></o:p></span></p><p class=MsoNormal><span lang=EN style='font-family:"Calibri","sans-serif";color:#1F497D'>Jimmy<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Nicolae Paladi [mailto:n.paladi@gmail.com] <br><b>Sent:</b> Thursday, November 14, 2013 6:30 PM<br><b>To:</b> Wei, Gang<br><b>Cc:</b> Doron Fediuck; users@ovirt.org<br><b>Subject:</b> Re: [Users] Trusted Pools and CentOS 6 packages<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p><div><p class=MsoNormal><span lang=EN-US>Hi,&nbsp;<o:p></o:p></span></p><div><p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>As far as I see, port 8443 is not occupied and tomcat6 is running:<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p></div><div><div><p class=MsoNormal><span lang=EN-US>root@host /usr/share/oat-client/script # netstat -anp | grep 8443<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>root@host /usr/share/oat-client/script # service tomcat6 status<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>tomcat6 (pid 30950) is running... &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;[ &nbsp;OK &nbsp;]<o:p></o:p></span></p></div></div><div><p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>Also, just in case, I've checked if disabling iptables helps, and it doesn't;<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>In the error trace, there is a line:&nbsp;<o:p></o:p></span></p></div><div><p class=MsoNormal><b><span lang=EN-US>java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory)</span></b><span lang=EN-US><o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>and indeed, there is not file aik.cer at /usr/share/oat-client/aik.cer; when is it supposed to<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>be generated?<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>cheers,<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>/Nicolae<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p></div></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US><o:p>&nbsp;</o:p></span></p><div><p class=MsoNormal><span lang=EN-US>On 14 November 2013 04:32, Wei, Gang &lt;<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>&gt; wrote:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>And you need to copy files from server to client before you try to run<br>provisioner.sh every time you run OAT_configure.sh again.<br><br>Jimmy<o:p></o:p></span></p><div><div><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US><br><br>&gt; -----Original Message-----<br>&gt; From: Wei, Gang<br>&gt; Sent: Thursday, November 14, 2013 11:26 AM<br>&gt; To: Nicolae Paladi<br>&gt; Cc: Doron Fediuck; <a href="mailto:users@ovirt.org">users@ovirt.org</a>; Wei, Gang<br>&gt; Subject: RE: [Users] Trusted Pools and CentOS 6 packages<br>&gt;<br>&gt; Can you try netstat -anp | grep 8443? Maybe it is occupied by apache.<br>&gt;<br>&gt; Meanwhile check whether tomcat is up.<br>&gt;<br>&gt; Jimmy<br>&gt;<br>&gt;<br>&gt; &gt; -----Original Message-----<br>&gt; &gt; From: Nicolae Paladi [mailto:<a href="mailto:n.paladi@gmail.com">n.paladi@gmail.com</a>]<br>&gt; &gt; Sent: Wednesday, November 13, 2013 10:43 PM<br>&gt; &gt; To: Wei, Gang<br>&gt; &gt; Cc: Doron Fediuck; <a href="mailto:users@ovirt.org">users@ovirt.org</a><br>&gt; &gt; Subject: Re: [Users] Trusted Pools and CentOS 6 packages<br>&gt; &gt;<br>&gt; &gt; Hi,<br>&gt; &gt;<br>&gt; &gt; I am using port 8443, since no other process -- as far as I know -- is<br>&gt; using it;<br>&gt; &gt;<br>&gt; &gt; below you will find all of the requested configuration files:<br>&gt; &gt;<br>&gt; &gt; Contents of /etc/oat_client/*:<br>&gt; &gt; log4j.properties: <a href="http://pastebin.com/MQLM68vs" target="_blank">http://pastebin.com/MQLM68vs</a><br>&gt; &gt; OAT.properties: <a href="http://pastebin.com/LwHihxah" target="_blank">http://pastebin.com/LwHihxah</a><br>&gt; &gt; OATprovisioner.properties: <a href="http://pastebin.com/0x5TShtZ" target="_blank">http://pastebin.com/0x5TShtZ</a><br>&gt; &gt; TPMModule.properties: <a href="http://pastebin.com/hvw9gfRE" target="_blank">http://pastebin.com/hvw9gfRE</a><br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt; server.xml: <a href="http://pastebin.com/VZ9Vk6iC" target="_blank">http://pastebin.com/VZ9Vk6iC</a><br>&gt; &gt; OAT_client.sh: <a href="http://pastebin.com/St4yCGcF" target="_blank">http://pastebin.com/St4yCGcF</a><br>&gt; &gt;<br>&gt; &gt; provisioner.sh: <a href="http://pastebin.com/RedqQt8V" target="_blank">http://pastebin.com/RedqQt8V</a><br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt; cheers,<br>&gt; &gt; /Nicolae.<br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt; On 13 November 2013 14:47, Wei, Gang &lt;<a href="mailto:gang.wei@intel.com">gang.wei@intel.com</a>&gt; wrote:<br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt; &nbsp; &nbsp; This time it failed earlier. Looks like the PCA webservice2 was not<br>&gt; &gt; &nbsp; &nbsp; listening on 8443 port. Have you replaced the port 8443 with 8442 in<br>&gt; &gt; server<br>&gt; &gt; &nbsp; &nbsp; side ($TOMCAT_HOME/conf/server.xml) but not change it in client side<br>&gt; &gt; &nbsp; &nbsp; (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is<br>&gt; occupied<br>&gt; &gt; &nbsp; &nbsp; by another app?<br>&gt; &gt;<br>&gt; &gt; &nbsp; &nbsp; Please copy the content from your current server.xml, OAT_client.sh,<br>&gt; &gt; &nbsp; &nbsp; provisioner.sh and /etc/oat-client/* into the content of your reply<br>&gt; for<br>&gt; &gt; &nbsp; &nbsp; analysis. (don't attach *.sh as attachments, that will get filtered<br>&gt; by my<br>&gt; &gt; &nbsp; &nbsp; company's mailing system).<br>&gt; &gt;<br>&gt; &gt; &nbsp; &nbsp; Thanks<br>&gt; &gt; &nbsp; &nbsp; Jimmy<br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; -----Original Message-----<br>&gt; &gt; &nbsp; &nbsp; &gt; From: Nicolae Paladi [mailto:<a href="mailto:n.paladi@gmail.com">n.paladi@gmail.com</a>]<br>&gt; &gt; &nbsp; &nbsp; &gt; Sent: Wednesday, November 13, 2013 7:01 PM<br>&gt; &gt; &nbsp; &nbsp; &gt; To: Wei, Gang<br>&gt; &gt; &nbsp; &nbsp; &gt; Cc: Doron Fediuck; <a href="mailto:users@ovirt.org">users@ovirt.org</a><br>&gt; &gt; &nbsp; &nbsp; &gt; Subject: Re: [Users] Trusted Pools and CentOS 6 packages<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; Hi,<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; thank you for the feedback;<br>&gt; &gt; &nbsp; &nbsp; &gt; I've gone through the steps again, but obtained the exactly same<br>&gt; &gt; problem:<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; 1. I removed all of the previously installed packaged related to<br>&gt; OAT.<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; 2. I followed the tutorial, until this command:<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; bash provisioner.sh<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; provisioner.sh: line 7: systemctl: command not found<br>&gt; &gt; &nbsp; &nbsp; &gt; ### ecStorage = NVRAM###<br>&gt; &gt; &nbsp; &nbsp; &gt; Performing TPM provisioning...FAILED<br>&gt; &gt; &nbsp; &nbsp; &gt; javax.xml.ws.WebServiceException: Failed to access the WSDL at:<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; <a href="https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor" target="_blank">https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor</a><br>&gt; &gt; &nbsp; &nbsp; &gt; yService?wsdl. It failed with:<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; Connection refused.<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP<br>&gt; &gt; &nbsp; &nbsp; &gt; arser.java:162)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j<br>&gt; &gt; &nbsp; &nbsp; &gt; ava:144)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav<br>&gt; &gt; &nbsp; &nbsp; &gt; a:265)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; com.sun.xml.ws.client.WSServiceDelegate.&lt;init&gt;(WSServiceDelegate.java:228)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; com.sun.xml.ws.client.WSServiceDelegate.&lt;init&gt;(WSServiceDelegate.java:176)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav<br>&gt; &gt; a:104<br>&gt; &gt; &nbsp; &nbsp; &gt; )<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at javax.xml.ws.Service.&lt;init&gt;(Service.java:77)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe<br>&gt; &gt; bSer<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; vice2FactoryServiceService.&lt;init&gt;(HisPrivacyCAWebService2FactoryService<br>&gt; &gt; Servi<br>&gt; &gt; &nbsp; &nbsp; &gt; ce.java:42)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe<br>&gt; &gt; bSer<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli<br>&gt; &gt; &nbsp; &nbsp; &gt; entInvoker.java:32)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205)<br>&gt; &gt; &nbsp; &nbsp; &gt; Caused by: java.net.ConnectException: Connection refused<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at java.net.PlainSocketImpl.socketConnect(Native Method)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav<br>&gt; &gt; a:339<br>&gt; &gt; &nbsp; &nbsp; &gt; )<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI<br>&gt; &gt; mpl.j<br>&gt; &gt; &nbsp; &nbsp; &gt; ava:200)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at java.net.Socket.connect(Socket.java:579)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at sun.net.NetworkClient.doConnect(NetworkClient.java:180)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; sun.net.www.http.HttpClient.openServer(HttpClient.java:432)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; sun.net.www.http.HttpClient.openServer(HttpClient.java:527)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; sun.net.www.protocol.https.HttpsClient.&lt;init&gt;(HttpsClient.java:275)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt; sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt<br>&gt; &gt; &nbsp; &nbsp; &gt; tpClient(AbstractDelegateHttpsURLConnection.java:191)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec<br>&gt; &gt; &nbsp; &nbsp; &gt; tion.java:932)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A<br>&gt; &gt; &nbsp; &nbsp; &gt; bstractDelegateHttpsURLConnection.java:177)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn<br>&gt; &gt; &nbsp; &nbsp; &gt; ection.java:1300)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU<br>&gt; &gt; &nbsp; &nbsp; &gt; RLConnectionImpl.java:254)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at java.net.URL.openStream(URL.java:1037)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD<br>&gt; &gt; &nbsp; &nbsp; &gt; LParser.java:804)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL<br>&gt; &gt; &nbsp; &nbsp; &gt; Parser.java:262)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j<br>&gt; &gt; &nbsp; &nbsp; &gt; ava:129)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; ... 8 more<br>&gt; &gt; &nbsp; &nbsp; &gt; Failed to initialize the TPM, error 1<br>&gt; &gt; &nbsp; &nbsp; &gt; Performing HIS identity provisioning...FAILED<br>&gt; &gt; &nbsp; &nbsp; &gt; gov.niarl.his.privacyca.TpmModule$TpmModuleException:<br>&gt; &gt; &nbsp; &nbsp; &gt; TpmModule.getCredential returned nonzero error: 2()<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt;<br>gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j<br>&gt; &gt; &nbsp; &nbsp; ava:<br>&gt; &gt; &nbsp; &nbsp; &gt; 217)<br>&gt; &gt; &nbsp; &nbsp; &gt; Failed to receive AIC from Privacy CA, error 1<br>&gt; &gt; &nbsp; &nbsp; &gt; Registering identity with server...FAILED<br>&gt; &gt; &nbsp; &nbsp; &gt; java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No<br>&gt; such file<br>&gt; &gt; &nbsp; &nbsp; or<br>&gt; &gt; &nbsp; &nbsp; &gt; directory)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at java.io.FileInputStream.open(Native Method)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; java.io.FileInputStream.&lt;init&gt;(FileInputStream.java:146)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; java.io.FileInputStream.&lt;init&gt;(FileInputStream.java:101)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; &gt;<br>&gt;<br>gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9<br>&gt; &gt; 9<br>&gt; &gt; &nbsp; &nbsp; )<br>&gt; &gt; &nbsp; &nbsp; &gt; Failed to register identity with appraiser, error 1<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; Should I have updated anything else?<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; cheers,<br>&gt; &gt; &nbsp; &nbsp; &gt; /Nicolae.<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; On 1 November 2013 10:14, Wei, Gang &lt;<a href="mailto:gang.wei@intel.com">gang.wei@intel.com</a>&gt; wrote:<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; This is indeed an issue caused by the incompatibility<br>&gt; between<br>&gt; &gt; OAT<br>&gt; &gt; &nbsp; &nbsp; tpm<br>&gt; &gt; &nbsp; &nbsp; &gt; access<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; code &amp; tpm-tools(tpm_takeownership -z). It has already been<br>&gt; &gt; fixed.<br>&gt; &gt; &nbsp; &nbsp; &gt; Please<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; follow below wiki and try again.<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; <a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-</a><br>&gt; &gt; &nbsp; &nbsp; &gt; Recipe.<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; Thanks<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; Jimmy<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; Nicolae Paladi wrote on 2013-10-28:<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; Hi, I've followed the recipe<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; (<a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec</a><br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; i pe) but didn't get it to run yet; I think a step is<br>&gt; missing --<br>&gt; &gt; &nbsp; &nbsp; the AIK<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; is not available is /usr/share/oat-client (it was not<br>&gt; available in<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; /var/lig/oat-appraiser/ClientFiles either); when I try to<br>&gt; run<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; provisioner.sh, I get the following: provisioner.sh: line<br>&gt; 7:<br>&gt; &gt; &nbsp; &nbsp; systemctl:<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; command not found ### ecStorage = NVRAM### Performing<br>&gt; &gt; TPM<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; provisioning...710 DONE Successfully initialized TPM<br>&gt; &gt; Performing<br>&gt; &gt; &nbsp; &nbsp; HIS<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; identity provisioning...FAILED<br>&gt; &gt; java.util.NoSuchElementException<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt; java.util.StringTokenizer.nextToken(StringTokenizer.java:349)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; 5)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; 2)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; r.java: 225) Failed to receive AIC from Privacy CA, error<br>&gt; 1<br>&gt; &gt; &nbsp; &nbsp; Registering<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; identity with server...FAILED<br>&gt; java.io.FileNotFoundException:<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; /usr/share/oat-client/aik.cer (No such file or directory)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at java.io.FileInputStream.open(Native Method)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; java.io.FileInputStream.&lt;init&gt;(FileInputStream.java:137)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; java.io.FileInputStream.&lt;init&gt;(FileInputStream.java:96)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; at<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt;<br>gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9<br>&gt; &gt; &nbsp; &nbsp; &gt; 9<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; )<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; Failed to register identity with appraiser, error 1<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; Thanks,<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; /Nicolae<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; On 27 October 2013 22:55, Nicolae Paladi<br>&gt; &gt; &lt;<a href="mailto:n.paladi@gmail.com">n.paladi@gmail.com</a>&gt;<br>&gt; &gt; &nbsp; &nbsp; wrote:<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; Awesome, thanks!<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; I'll try this out in the morning<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; /Nicolae<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; On 27 October 2013 17:03, Wei, Gang<br>&gt; &gt; &lt;<a href="mailto:gang.wei@intel.com">gang.wei@intel.com</a>&gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; wrote:<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Please refer to<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; <a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-</a><br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; Recipe.<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Jimmy<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt; &nbsp; &nbsp; &gt;<br>&gt; &gt;<br>&gt; &gt;<br>&gt; &gt;<o:p></o:p></span></p></div></div></div><p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p></div></div></div></body></html>