[Users] Trusted Pools and CentOS 6 packages

Nicolae Paladi n.paladi at gmail.com
Fri Nov 15 15:49:31 UTC 2013


Hi,

just FYI, another detail:
I was trying to build the latest version on a different host using the
instructions from
https://github.com/OpenAttestation/OpenAttestation/wiki/Build-and-Install-OpenAttestation-%282.0%29

and also had some trouble there; right now the issue is that the TPM I have
does not have an endorsement credential;
could this be an issue with the RHEL packages as well?

/Nicolae.



On 15 November 2013 16:31, Nicolae Paladi <n.paladi at gmail.com> wrote:

> Hi,
>
> ok I understand that this may seem really strange now, but I have deployed
> this on a different, clear host with CentOS which has not had oat installed
> earlier; again both appraiser and client are on the same host.
>
> The only think in the tomcat6 log is:
>
> before invoke........................
>
>
> Here's the error trace:
>
> oat client attestation config   ...ok
> oat client provisioner config   ...ok
> oat client installation  ...ok
> oat appraiser hostname: beijing.sics.se
> ### ecStorage = NVRAM###
> Performing TPM provisioning...Error getting PubEK:
> gov.niarl.his.privacyca.TpmModule$TpmModuleException:
> TpmModule.setCredential returned nonzero error: 2()
> DONE
> Successfully initialized TPM
> Performing HIS identity provisioning...FAILED
> gov.niarl.his.privacyca.TpmModule$TpmModuleException:
> TpmModule.getCredential returned nonzero error: 2()
>         at
> gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)
>         at
> gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.java:217)
> Failed to receive AIC from Privacy CA, error 1
> Registering identity with server...FAILED
> java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file
> or directory)
>         at java.io.FileInputStream.open(Native Method)
>         at java.io.FileInputStream.<init>(FileInputStream.java:140)
>         at java.io.FileInputStream.<init>(FileInputStream.java:96)
>         at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
>         at
> gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99)
> Failed to register identity with appraiser, error 1
>
> Any ideas?..
>
> Cheers,
> /Nicolae
>
>
>
>
> On 15 November 2013 10:45, Wei, Gang <gang.wei at intel.com> wrote:
>
>> So you will not see below error after copying the .cer & .jks again,
>> right?
>>
>> ### ecStorage = NVRAM###
>> Performing TPM provisioning...FAILED
>> javax.xml.ws.WebServiceException: Failed to access the WSDL at:
>>
>> https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2FactorySe
>> rvice?wsdl<https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2FactoryService?wsdl>.
>> It failed with:
>>         Connection refused.
>>
>> As to below errors:
>>
>> Performing HIS identity provisioning...FAILED
>> java.util.NoSuchElementException
>>         at java.util.StringTokenizer.nextToken(StringTokenizer.java:349)
>>         at
>> gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:215)
>>         at
>>
>> gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:292)
>>         at
>>
>> gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j
>> ava:225)
>> Failed to receive AIC from Privacy CA, error 1
>> Registering identity with server...FAILED
>> java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file
>> or directory)
>>         at java.io.FileInputStream.open(Native Method)
>>         at java.io.FileInputStream.<init>(FileInputStream.java:137)
>>         at java.io.FileInputStream.<init>(FileInputStream.java:96)
>>         at
>> gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
>>         at
>>
>> gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99
>> )
>> Failed to register identity with appraiser, error 1
>>
>> Missing of aik.cer is the subsequence of HIS identity provisioning
>> failure.
>> The key is:
>> java.util.NoSuchElementException
>>         at java.util.StringTokenizer.nextToken(StringTokenizer.java:349)
>>         at
>> gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:215)
>>
>> Which is mostly caused by incorrect tpm owner auth. This is actually the
>> issue occurred in your first try. So I doubt the oat-client rpm you
>> reinstalled is still the old one in your local cache.
>>
>> Please try to uninstall oat-client, yum clean, then yum install
>> oat-client,
>> and then try again.
>>
>> Thanks
>> Jimmy
>>
>>
>> > -----Original Message-----
>> > From: Nicolae Paladi [mailto:n.paladi at gmail.com]
>> > Sent: Friday, November 15, 2013 4:08 PM
>> > To: Wei, Gang
>> > Cc: Doron Fediuck; users at ovirt.org
>> > Subject: Re: [Users] Trusted Pools and CentOS 6 packages
>> >
>> > Hi,
>> >
>> > I have done that and reran provisioner.sh with the same result.
>> >
>> > As I understand, I am copying the files _PrivacyCA.cer_ and
>> _TrustStore.jks_ to
>> > /usr/share/oat-client,
>> > while the java error complains about the missing file _aik.cer_, as
>> follows:
>> >
>> > java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such
>> file
>> or
>> > directory)
>> > at java.io.FileInputStream.open(Native Method)
>> > at java.io.FileInputStream.<init>(FileInputStream.java:146)
>> > at java.io.FileInputStream.<init>(FileInputStream.java:101)
>> > at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
>> > at
>>
>> gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99
>> )
>> >
>> > is the file _aik.cer_ supposed to be generated at some point here?
>> >
>> > Just to clarify, I am using CentOS 6.4, TruSerS and tpm-tools.
>> >
>> > Cheers,
>> > /Nicolae.
>> >
>> >
>> >
>> > On 15 November 2013 03:23, Wei, Gang <gang.wei at intel.com> wrote:
>> >
>> >
>> >       So, just as what I suggested in last mail, please copy the files
>> from server
>> > to client again and run provisioner.sh:
>> >
>> >
>> >
>> >       1.3.1 copy PrivacyCA.cer and TrustStore.jks from appraiser to
>> client.
>> >
>> >       Copy :/var/lib/oat-appraiser/ClientFiles/PrivacyCA.cer
>> > to :/usr/share/oat-client/
>> >
>> >       Copy :/var/lib/oat-appraiser/ClientFiles/TrustStore.jks
>> > to :/usr/share/oat-client/
>> >
>> >       Notes: please repeat above steps in case you have re-deployed your
>> oat
>> > appraiser.
>> >
>> >
>> >
>> >       Thanks
>> >
>> >       Jimmy
>> >
>> >
>> >
>> >       From: Nicolae Paladi [mailto:n.paladi at gmail.com]
>> >       Sent: Thursday, November 14, 2013 6:30 PM
>> >
>> >
>> >       To: Wei, Gang
>> >       Cc: Doron Fediuck; users at ovirt.org
>> >       Subject: Re: [Users] Trusted Pools and CentOS 6 packages
>> >
>> >
>> >
>> >
>> >
>> >       Hi,
>> >
>> >
>> >
>> >
>> >
>> >       As far as I see, port 8443 is not occupied and tomcat6 is running:
>> >
>> >
>> >
>> >       root at host /usr/share/oat-client/script # netstat -anp | grep 8443
>> >
>> >       root at host /usr/share/oat-client/script # service tomcat6 status
>> >
>> >       tomcat6 (pid 30950) is running...                          [  OK
>>  ]
>> >
>> >
>> >
>> >
>> >
>> >       Also, just in case, I've checked if disabling iptables helps, and
>> it
>> doesn't;
>> >
>> >
>> >
>> >
>> >
>> >       In the error trace, there is a line:
>> >
>> >       java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No
>> such file
>> > or directory)
>> >
>> >
>> >
>> >       and indeed, there is not file aik.cer at
>> /usr/share/oat-client/aik.cer; when
>> > is it supposed to
>> >
>> >       be generated?
>> >
>> >
>> >
>> >       cheers,
>> >
>> >       /Nicolae
>> >
>> >
>> >
>> >
>> >
>> >       On 14 November 2013 04:32, Wei, Gang <gang.wei at intel.com> wrote:
>> >
>> >       And you need to copy files from server to client before you try to
>> run
>> >       provisioner.sh every time you run OAT_configure.sh again.
>> >
>> >       Jimmy
>> >
>> >
>> >
>> >       > -----Original Message-----
>> >       > From: Wei, Gang
>> >       > Sent: Thursday, November 14, 2013 11:26 AM
>> >       > To: Nicolae Paladi
>> >       > Cc: Doron Fediuck; users at ovirt.org; Wei, Gang
>> >       > Subject: RE: [Users] Trusted Pools and CentOS 6 packages
>> >       >
>> >       > Can you try netstat -anp | grep 8443? Maybe it is occupied by
>> apache.
>> >       >
>> >       > Meanwhile check whether tomcat is up.
>> >       >
>> >       > Jimmy
>> >       >
>> >       >
>> >       > > -----Original Message-----
>> >       > > From: Nicolae Paladi [mailto:n.paladi at gmail.com]
>> >       > > Sent: Wednesday, November 13, 2013 10:43 PM
>> >       > > To: Wei, Gang
>> >       > > Cc: Doron Fediuck; users at ovirt.org
>> >       > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages
>> >       > >
>> >       > > Hi,
>> >       > >
>> >       > > I am using port 8443, since no other process -- as far as I
>> know
>> -- is
>> >       > using it;
>> >       > >
>> >       > > below you will find all of the requested configuration files:
>> >       > >
>> >       > > Contents of /etc/oat_client/*:
>> >       > > log4j.properties: http://pastebin.com/MQLM68vs
>> >       > > OAT.properties: http://pastebin.com/LwHihxah
>> >       > > OATprovisioner.properties: http://pastebin.com/0x5TShtZ
>> >       > > TPMModule.properties: http://pastebin.com/hvw9gfRE
>> >       > >
>> >       > >
>> >       > > server.xml: http://pastebin.com/VZ9Vk6iC
>> >       > > OAT_client.sh: http://pastebin.com/St4yCGcF
>> >       > >
>> >       > > provisioner.sh: http://pastebin.com/RedqQt8V
>> >       > >
>> >       > >
>> >       > > cheers,
>> >       > > /Nicolae.
>> >       > >
>> >       > >
>> >       > > On 13 November 2013 14:47, Wei, Gang <gang.wei at intel.com>
>> > wrote:
>> >       > >
>> >       > >
>> >       > >     This time it failed earlier. Looks like the PCA
>> webservice2
>> was not
>> >       > >     listening on 8443 port. Have you replaced the port 8443
>> with
>> > 8442 in
>> >       > > server
>> >       > >     side ($TOMCAT_HOME/conf/server.xml) but not change it in
>> > client side
>> >       > >     (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443
>> port is
>> >       > occupied
>> >       > >     by another app?
>> >       > >
>> >       > >     Please copy the content from your current server.xml,
>> > OAT_client.sh,
>> >       > >     provisioner.sh and /etc/oat-client/* into the content of
>> your reply
>> >       > for
>> >       > >     analysis. (don't attach *.sh as attachments, that will get
>> filtered
>> >       > by my
>> >       > >     company's mailing system).
>> >       > >
>> >       > >     Thanks
>> >       > >     Jimmy
>> >       > >
>> >       > >
>> >       > >
>> >       > >     > -----Original Message-----
>> >       > >     > From: Nicolae Paladi [mailto:n.paladi at gmail.com]
>> >       > >     > Sent: Wednesday, November 13, 2013 7:01 PM
>> >       > >     > To: Wei, Gang
>> >       > >     > Cc: Doron Fediuck; users at ovirt.org
>> >       > >     > Subject: Re: [Users] Trusted Pools and CentOS 6 packages
>> >       > >     >
>> >       > >
>> >       > >     > Hi,
>> >       > >     >
>> >       > >     > thank you for the feedback;
>> >       > >     > I've gone through the steps again, but obtained the
>> exactly
>> > same
>> >       > > problem:
>> >       > >     >
>> >       > >     > 1. I removed all of the previously installed packaged
>> related to
>> >       > OAT.
>> >       > >     >
>> >       > >     > 2. I followed the tutorial, until this command:
>> >       > >     >
>> >       > >     > bash provisioner.sh
>> >       > >     >
>> >       > >     > provisioner.sh: line 7: systemctl: command not found
>> >       > >     > ### ecStorage = NVRAM###
>> >       > >     > Performing TPM provisioning...FAILED
>> >       > >     > javax.xml.ws.WebServiceException: Failed to access the
>> WSDL
>> > at:
>> >       > >     >
>> >       > >
>> >       >
>> >
>> https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor
>> >       > >     > yService?wsdl. It failed with:
>> >       > >     >         Connection refused.
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       >
>> > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP
>> >       > >     > arser.java:162)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       >
>> > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
>> >       > >     > ava:144)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       >
>> > com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav
>> >       > >     > a:265)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       >
>> >
>> com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       >
>> >
>> com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       >
>> > com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav
>> >       > > a:104
>> >       > >     > )
>> >       > >     >         at javax.xml.ws.Service.<init>(Service.java:77)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       >
>> > gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe
>> >       > > bSer
>> >       > >     >
>> >       > >
>> >       >
>> > vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryService
>> >       > > Servi
>> >       > >     > ce.java:42)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       >
>> > gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe
>> >       > > bSer
>> >       > >     >
>> >       > >
>> >       >
>> >
>> vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli
>> >       > >     > entInvoker.java:32)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >
>> gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:20
>> > 5)
>> >       > >     > Caused by: java.net.ConnectException: Connection refused
>> >       > >     >         at java.net.PlainSocketImpl.socketConnect(Native
>> > Method)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       >
>> > java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav
>> >       > > a:339
>> >       > >     > )
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       >
>> > java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI
>> >       > > mpl.j
>> >       > >     > ava:200)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >
>> java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:1
>> > 82)
>> >       > >     >         at
>> >       > > java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
>> >       > >     >         at java.net.Socket.connect(Socket.java:579)
>> >       > >     >         at
>> >       > > sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> > sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160)
>> >       > >     >         at
>> > sun.net.NetworkClient.doConnect(NetworkClient.java:180)
>> >       > >     >         at
>> >       > > sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
>> >       > >     >         at
>> >       > > sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
>> >       > >     >         at
>> >       > >     >
>> >       >
>> sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)
>> >       > >     >         at
>> >       > >     >
>> > sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       >
>> > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt
>> >       > >     > tpClient(AbstractDelegateHttpsURLConnection.java:191)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       >
>> > sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec
>> >       > >     > tion.java:932)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       >
>> > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A
>> >       > >     > bstractDelegateHttpsURLConnection.java:177)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       >
>> > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn
>> >       > >     > ection.java:1300)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       >
>> > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU
>> >       > >     > RLConnectionImpl.java:254)
>> >       > >     >         at java.net.URL.openStream(URL.java:1037)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       >
>> > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD
>> >       > >     > LParser.java:804)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       >
>> > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL
>> >       > >     > Parser.java:262)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       >
>> > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
>> >       > >     > ava:129)
>> >       > >     >         ... 8 more
>> >       > >     > Failed to initialize the TPM, error 1
>> >       > >     > Performing HIS identity provisioning...FAILED
>> >       > >     > gov.niarl.his.privacyca.TpmModule$TpmModuleException:
>> >       > >     > TpmModule.getCredential returned nonzero error: 2()
>> >       > >     >         at
>> >       > >     >
>> >       >
>> gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       >
>> >
>>
>> gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j
>> >       > >     ava:
>> >       > >     > 217)
>> >       > >     > Failed to receive AIC from Privacy CA, error 1
>> >       > >     > Registering identity with server...FAILED
>> >       > >     > java.io.FileNotFoundException:
>> /usr/share/oat-client/aik.cer
>> > (No
>> >       > such file
>> >       > >     or
>> >       > >     > directory)
>> >       > >     >         at java.io.FileInputStream.open(Native Method)
>> >       > >     >         at
>> >       > java.io.FileInputStream.<init>(FileInputStream.java:146)
>> >       > >     >         at
>> >       > java.io.FileInputStream.<init>(FileInputStream.java:101)
>> >       > >     >         at
>> >       > >
>> gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
>> >       > >     >         at
>> >       > >     >
>> >       > >
>> >       > >
>> >       >
>> >
>>
>> gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
>> >       > > 9
>> >       > >     )
>> >       > >     > Failed to register identity with appraiser, error 1
>> >       > >     >
>> >       > >
>> >       > >     > Should I have updated anything else?
>> >       > >     >
>> >       > >     > cheers,
>> >       > >     > /Nicolae.
>> >       > >     >
>> >       > >     >
>> >       > >     >
>> >       > >     > On 1 November 2013 10:14, Wei, Gang <gang.wei at intel.com
>> >
>> > wrote:
>> >       > >     >
>> >       > >     >
>> >       > >     >       This is indeed an issue caused by the
>> incompatibility
>> >       > between
>> >       > > OAT
>> >       > >     tpm
>> >       > >     > access
>> >       > >     >       code & tpm-tools(tpm_takeownership -z). It has
>> > already been
>> >       > > fixed.
>> >       > >     > Please
>> >       > >     >       follow below wiki and try again.
>> >       > >     >
>> >       > >
>> >       >
>> > https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
>> >       > >     > Recipe.
>> >       > >     >
>> >       > >     >       Thanks
>> >       > >     >       Jimmy
>> >       > >     >
>> >       > >     >       Nicolae Paladi wrote on 2013-10-28:
>> >       > >     >
>> >       > >     >       > Hi, I've followed the recipe
>> >       > >     >       >
>> >       > >     >
>> >       > >
>> >       >
>> > (
>> https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec
>> >       > >     >
>> >       > >     >       > i pe) but didn't get it to run yet; I think a
>> step
>> is
>> >       > missing --
>> >       > >     the AIK
>> >       > >     >
>> >       > >     >       > is not available is /usr/share/oat-client (it
>> was
>> not
>> >       > available in
>> >       > >     >       > /var/lig/oat-appraiser/ClientFiles either);
>> when I
>> try
>> > to
>> >       > run
>> >       > >     >       > provisioner.sh, I get the following:
>> provisioner.sh: line
>> >       > 7:
>> >       > >     systemctl:
>> >       > >     >       > command not found ### ecStorage = NVRAM###
>> > Performing
>> >       > > TPM
>> >       > >     >       > provisioning...710 DONE Successfully initialized
>> TPM
>> >       > > Performing
>> >       > >     HIS
>> >       > >     >       > identity provisioning...FAILED
>> >       > > java.util.NoSuchElementException
>> >       > >     >       >         at
>> >       > >     >
>> java.util.StringTokenizer.nextToken(StringTokenizer.java:349)
>> >       > >     >       >         at
>> >       > >     >       >
>> >       > >     >
>> >       > >
>> >       >
>> > gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21
>> >       > >     >       > 5)
>> >       > >     >       >         at
>> >       > >     >       >
>> >       > >     >
>> >       > >
>> >       >
>> >
>> gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29
>> >       > >     >       > 2)
>> >       > >     >       >         at
>> >       > >     >       >
>> >       > >
>> >       >
>> gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione
>> >       > >     >
>> >       > >     >       > r.java: 225) Failed to receive AIC from Privacy
>> CA,
>> > error
>> >       > 1
>> >       > >     Registering
>> >       > >     >
>> >       > >     >       > identity with server...FAILED
>> >       > java.io.FileNotFoundException:
>> >       > >     >       > /usr/share/oat-client/aik.cer (No such file or
>> > directory)
>> >       > >     >       >         at java.io.FileInputStream.open(Native
>> > Method)
>> >       > >     >       >         at
>> >       > >     java.io.FileInputStream.<init>(FileInputStream.java:137)
>> >       > >     >       >         at
>> >       > > java.io.FileInputStream.<init>(FileInputStream.java:96)
>> >       > >     >       >         at
>> >       > >     >
>> >       > gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
>> >       > >     >       >         at
>> >       > >     >       >
>> >       > >     >
>> >       > >
>> >       >
>> >
>>
>> gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
>> >       > >     > 9
>> >       > >     >       )
>> >       > >     >       > Failed to register identity with appraiser,
>> error
>> 1
>> >       > >     >       >
>> >       > >     >       >
>> >       > >     >       >
>> >       > >     >       > Thanks,
>> >       > >     >       > /Nicolae
>> >       > >     >       >
>> >       > >     >       >
>> >       > >     >       > On 27 October 2013 22:55, Nicolae Paladi
>> >       > > <n.paladi at gmail.com>
>> >       > >     wrote:
>> >       > >     >       >
>> >       > >     >       >
>> >       > >     >       >       Awesome, thanks!
>> >       > >     >       >
>> >       > >     >       >       I'll try this out in the morning
>> >       > >     >       >
>> >       > >     >       >       /Nicolae
>> >       > >     >       >
>> >       > >     >       >
>> >       > >     >       >       On 27 October 2013 17:03, Wei, Gang
>> >       > > <gang.wei at intel.com>
>> >       > >     > wrote:
>> >       > >     >       >
>> >       > >     >       >
>> >       > >     >       >               Please refer to
>> >       > >     >       >
>> >       > >     >       >
>> >       > >     >
>> >       > >
>> >       >
>> > https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
>> >       > >     >       > Recipe.
>> >       > >     >       >
>> >       > >     >       >               Jimmy
>> >       > >     >
>> >       > >     >
>> >       > >
>> >       > >
>> >       > >
>> >
>> >
>> >
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20131115/baf834a2/attachment-0001.html>


More information about the Users mailing list