[Freeipa-users] ipa-server-certinstall ruined pki-tomcatd startup
Vladimir Kulev
me at lightoze.net
Wed Aug 14 23:26:12 UTC 2013
Hello,
After installing FreeIPA I followed instructions from
http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP to
use globally trusted certificates for HTTP/LDAP server interface to secure
other systems provisioning.
Then it went out that pki-tomcatd is not able to start anymore because of
this:
| NFO: Deploying web application directory
/var/lib/pki/pki-tomcat/webapps/ca
| SSLAuthenticatorWithFallback: Creating SSL authenticator with fallback
| SSLAuthenticatorWithFallback: Setting container
| SSLAuthenticatorWithFallback: Initializing authenticators
| SSLAuthenticatorWithFallback: Starting authenticators
| 01:48:31,313 DEBUG
(org.jboss.resteasy.plugins.providers.DocumentProvider:60) - Unable to
retrieve ServletContext: expandEntityReferences defaults to true
| 01:48:31,320 DEBUG
(org.jboss.resteasy.plugins.providers.DocumentProvider:60) - Unable to
retrieve ServletContext: expandEntityReferences defaults to true
| Internal Database Error encountered: Could not connect to LDAP server
host ipa.mydomain.com port 636 Error netscape.ldap.LDAPException: IO Error
creating JSS SSL Socket (-1)
Meanwhile dirsrv tells me "Peer does not recognize and trust the CA that
issued your certificate."
I tried to fix trust by adding various certificates with certutil
to /etc/dirsrv/slapd/ and /etc/pki/pki-tomcat/alias/, but nothing helped.
Does anyone have a suggestion how to fix the situation?
--
Best regards,
Vladimir Kulev
Mobile: +358400369346, +79215554422
Jabber: me at lightoze.net
Skype: lightoze
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130815/0a7ebe16/attachment.htm>
More information about the Freeipa-users
mailing list