[Freeipa-users] pki-tomcatd stopped responding? Won't restart?
Dmitri Pal
dpal at redhat.com
Tue Mar 17 19:14:44 UTC 2015
On 03/17/2015 12:12 PM, Janelle wrote:
> On 3/17/15 9:06 AM, Martin Kosek wrote:
>> On 03/17/2015 04:35 PM, Janelle wrote:
>>> Hello,
>>>
>>> I have a server - a master (has CA) - and it does not want to
>>> restart after it
>>> has been running sometime. pki-tomcatd keeps failing. It starts up
>>> with these
>>> errors, then adds a lot more. Maybe this might point you to
>>> something that is
>>> know or a place I can start looking?
>>>
>>> Any ideas?
>>> ~J
>>>
>>> Mar 17, 2015 8:21:03 AM
>>> org.apache.catalina.startup.SetAllPropertiesRule begin
>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
>>> property
>>> 'enableOCSP' to 'false' did not find a matching property.
>>>
>>> Mar 17, 2015 8:21:03 AM
>>> org.apache.catalina.startup.SetAllPropertiesRule begin
>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
>>> property
>>> 'ocspResponderURL' to 'http://ipa-server.example.com:9080/ca/ocsp'
>>> did not find
>>> a matching property.
>>>
>>> Mar 17, 2015 8:21:03 AM
>>> org.apache.catalina.startup.SetAllPropertiesRule begin
>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
>>> property
>>> 'ocspResponderCertNickname' to 'ocspSigningCert cert-pki-ca' did not
>>> find a
>>> matching property.
>>>
>>> Mar 17, 2015 8:21:03 AM
>>> org.apache.catalina.startup.SetAllPropertiesRule begin
>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
>>> property
>>> 'ocspCacheSize' to '1000' did not find a matching property.
>>>
>>> Mar 17, 2015 8:21:03 AM
>>> org.apache.catalina.startup.SetAllPropertiesRule begin
>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
>>> property
>>> 'ocspMinCacheEntryDuration' to '60' did not find a matching property.
>>>
>>> Mar 17, 2015 8:21:03 AM
>>> org.apache.catalina.startup.SetAllPropertiesRule begin
>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
>>> property
>>> 'ocspMaxCacheEntryDuration' to '120' did not find a matching property.
>>>
>>> Mar 17, 2015 8:21:03 AM
>>> org.apache.catalina.startup.SetAllPropertiesRule begin
>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
>>> property
>>> 'ocspTimeout' to '10' did not find a matching property.
>>>
>>> Mar 17, 2015 8:21:03 AM
>>> org.apache.catalina.startup.SetAllPropertiesRule begin
>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
>>> property
>>> 'strictCiphers' to 'true' did not find a matching property.
>>> Mar 17, 2015 8:21:03 AM
>>> org.apache.catalina.startup.SetAllPropertiesRule begin
>>>
>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
>>> property
>>> 'sslOptions' to 'ssl2=true,ssl3=true,tls=true' did not find a
>>> matching property.
>>>
>> CCing folks from Dogtag team to know about this issue. However, I
>> think you
>> will need to provide more information before we continue with issues
>> - like
>> version of FreeIPA, pki-ca packages, what system you are running it on
>> (Fedora/RHEL/CentOS/...) and maybe whole logs pasted somewhere
>> (system and
>> catalina.out logs are usually most interesting ones).
> My bad --
>
> CentOS 7
> FreeIPA 4.1.3 from mosek
>
> The strange thing is -- 12 other servers - 3 of which are CA masters
> and no issues,
>
> ~J
>
Just some areas to check:
- versions of dogtag package
- versions of nss package
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list