On Thu, Nov 8, 2018 at 11:32 PM Fraser Tweedale <ftweedal@redhat.com> wrote:

Naxto, could you please provide Dogtag debug log from
/var/log/pki/pki-tomcat/ca/debug and, if there is any traceback in
the journal at the time of this error, please give detail of that
too (`journalctl -u pki-tomcatd@pki-tomcat`).


aha, I see an error now in the debug log:

[08/Nov/2018:22:15:55][ajp-bio-127.0.0.1-8009-exec-1]: EnrollProfile: createRequests: begins
[08/Nov/2018:22:15:55][ajp-bio-127.0.0.1-8009-exec-1]: Start parsePKCS10(): -----BEGIN CERTIFICATE REQUEST-----
MIICVjCCAT4CAQAwETEPMA0GA1UEAwwGdXNlcjUwMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAkWjUxl0qInlYB4TiZ7GkJkgBdomTTzk5GfK76ZizbsGV
4xyPmUgf+7eEO3GEvkGiBPJxk0NVJuamuEJTIXtn7h7Wgz6ghCE0uCCupjAJqa57
Hdm3h3GvofwWuE442YIRHvXydaSkrCAGsL/M3g4tVi7Xn+jTaWrzKsAeqJxQVRPD
h4R9bN4BIzXL+62qGI9jriM8dJEWCrGFzg6viCujRlybkhQhiLxCGvS8lO3HQ7tF
lDRZN6Ey/nvFxIC1MtGZgrN3nj/Z37nIBWF4s20CcJau8mfalJQEFjqLkjMh7X8K
hWKrSdNj43nBTlO0So3qezs4roLkZFSN1hQnCG/pCQIDAQABoAAwDQYJKoZIhvcN
AQELBQADggEBAH22PLW7Tuc6y5VxIpnaqdsborbp+Twr/kPoDnibJPjV8JBYqC4G
iQCHDJn+uuJSpiBxTUtYX45CscOiwD8kiDoYIH/DCXUqPAhRudsBpJWDn9TKeFC5
b0PrwuN5cDo+yKYZW590eLL8/xdjtb9p/M3AU5tSJTbG3dCA5Rp4MdgE97pOYkPg
3kUHR19YjH/GnZHeuv8Af+WIJVMvDVGKF+MvJEImSjg/ZQUV6hzBI+oAWr9Hj21q
KABjiO5AhMyo+uC6WXajkltzUP30cbBlNl0Z34Dw452Ym5uILWAF+ZmlT0sp0Mg4
lwNPSwst5mhUtQL7AmNHYHg7cAAgXx9Xql0=
-----END CERTIFICATE REQUEST-----

[08/Nov/2018:22:15:55][ajp-bio-127.0.0.1-8009-exec-1]: EnrollProfile: parsePKCS10: signature verification enabled
[08/Nov/2018:22:15:55][ajp-bio-127.0.0.1-8009-exec-1]: EnrollProfile: parsePKCS10 setting thread token
[08/Nov/2018:22:15:55][ajp-bio-127.0.0.1-8009-exec-1]: EnrollProfile: Unable to parse PKCS #10 request: java.security.SignatureException: PKCS10: PKCS10: Request Subject: CN=user50: Invalid PKCS #10 signature
java.security.SignatureException: PKCS10: PKCS10: Request Subject: CN=user50: Invalid PKCS #10 signature

the journalctl output:
Nov 08 22:37:13 kdc1.unix.asenjo.nl server[10677]: PKCS10: PKCS10: Request Subject: CN=user50: sig.verify() failed
Nov 08 23:40:01 kdc1.unix.asenjo.nl server[10677]: Creating session 23596D3C3AFFCDE19F5B386C288E8290
Nov 08 23:40:01 kdc1.unix.asenjo.nl server[10677]: Principal: GenericPrincipal[ipara(Certificate Manager Agents,Registration Manager Agents,)]
Nov 08 23:40:01 kdc1.unix.asenjo.nl server[10677]: Destroying session 5E49B1956B6902F7DFD52236F5A1A783



Thanks,
Fraser


--
--
Groeten,
natxo