[Pki-users] Unable to connect to Secure Admin Port
Didier Moens
Didier.Moens at dmbr.vib-UGent.be
Thu Feb 25 13:33:08 UTC 2010
Dear all,
For the past few days, I've been struggling trying to set up our
dogtag-based PKI. Unfortunately, I am unable to access the Secure Admin
Port / Configuration Wizard (https://...:9445/...), probably due to
Tomcat failing to open SSL sockets.
- Configuration : clean RHEL5u4 ;
- Installed pki-ca-1.3.0 (tried 1.3.2 too) from EPEL, with all its
dependencies (except jss-4.2.6, which is installed from EPEL-testing) ;
- tomcatjss-1.2.0 is installed as a dependency too.
There is no "tomcat5-native" package installed, and LANG is set to C,
all to no avail.
After manually creating user 'pkiuser' (pki-setup 1.3.1 does not
automatically create this user) , "pkicreate" (with parameters from the
root CA example) yields the following errors in
/var/log/pki-ca/catalina.out :
...
org.apache.coyote.http11.Http11BaseProtocol init
SEVERE: Error initializing socket factory
java.lang.ClassNotFoundException: Error loading SSL Implementation
org.apache.tomcat.util.net.jss.JSSImplementation
:java.lang.ClassNotFoundException:
org.apache.tomcat.util.net.jss.JSSImplementation
at
org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplementation.java:79)
at
org.apache.coyote.http11.Http11BaseProtocol.checkSocketFactory(Http11BaseProtocol.java:731)
at
org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:121)
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1017)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:578)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782)
at org.apache.catalina.startup.Catalina.load(Catalina.java:504)
at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
Feb 25, 2010 1:52:12 PM org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
LifecycleException: Protocol handler initialization failed:
java.lang.ClassNotFoundException: Error loading SSL Implementation
org.apache.tomcat.util.net.jss.JSSImplementation
:java.lang.ClassNotFoundException:
org.apache.tomcat.util.net.jss.JSSImplementation
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1019)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:578)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782)
at org.apache.catalina.startup.Catalina.load(Catalina.java:504)
at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
...
Strangely enough, connections are set up on e.g. the Agent Secure Port
(9443), but neither on the EE Secure Port (9444) :
# lsof |grep pkiuser |grep TCP
java 28349 pkiuser 71u IPv6
1445890 TCP *:9180 (LISTEN)
java 28349 pkiuser 76u IPv6
1445899 TCP *:9443 (LISTEN)
java 28349 pkiuser 77u IPv6
1445900 TCP localhost.localdomain:9701 (LISTEN)
Both '/etc/pki-ca/tomcat5.conf' and '/etc/pki-ca/server.xml' look valid
(disclaimer: I am a Tomcat novice).
Stracing (-e trace=file) the pki-cad process yields nothing useful,
except for the fact that tomcatjss.jar seems to be nowhere accessed.
When manually adding ":/usr/share/java/tomcatjss.jar" to the CLASSPATH
variable in '/usr/bin/dtomcat5-pki-ca', Tomcat throws these exceptions
in catalina.out :
...
org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-9180
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
Caused by: java.lang.NoClassDefFoundError:
org/apache/tomcat/util/net/SSLImplementation
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:632)
at
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:277)
at java.net.URLClassLoader.access$000(URLClassLoader.java:73)
at java.net.URLClassLoader$1.run(URLClassLoader.java:212)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
at java.lang.ClassLoader.loadClass(ClassLoader.java:319)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
at java.lang.ClassLoader.loadClass(ClassLoader.java:312)
at java.lang.ClassLoader.loadClass(ClassLoader.java:312)
at java.lang.ClassLoader.loadClass(ClassLoader.java:264)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:332)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:186)
at
org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplementation.java:73)
at
org.apache.coyote.http11.Http11BaseProtocol.checkSocketFactory(Http11BaseProtocol.java:731)
at
org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:121)
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1017)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:578)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782)
at org.apache.catalina.startup.Catalina.load(Catalina.java:504)
at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
... 6 more
Caused by: java.lang.ClassNotFoundException:
org.apache.tomcat.util.net.SSLImplementation
at java.net.URLClassLoader$1.run(URLClassLoader.java:217)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
at java.lang.ClassLoader.loadClass(ClassLoader.java:319)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
at java.lang.ClassLoader.loadClass(ClassLoader.java:264)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:332)
... 30 more
As a last resort, I created a tomcat keystore too, but as this is
nowhere mentioned in the docs, I guess this is way off.
I would be grateful for any clue whatsoever.
Best regards,
Didier
--
===================================================================
Didier Moens IT services
Department for Molecular Biomedical Research (DMBR)
VIB - Ghent University
Fiers-Schell-Van Montagu Research Building
Technologiepark 927 , B-9052 Zwijnaarde , Belgium
tel ++32(9)3313605 fax ++32(9)3313609
mailto:Didier.Moens at dmbr.vib-UGent.be http://www.dmbr.UGent.be
===================================================================
This message represents the official view of the voices in my head.
More information about the Pki-users
mailing list