[Pki-users] Unable to connect to Secure Admin Port

Erwin Himawan ehimawan at gmail.com
Tue Mar 9 00:06:52 UTC 2010 

Hi Didier,

I am not familiar with Red Hat.  I assumed Red Hat has some similarities 
with Fedora 11.

If you do not mind, can you provide me with the last 20 lines of your 
/var/log/pki-ca-install.... file? (Assuming you are using default file 
location).
One other useful log is your directory server installation log.  Do you 
successfully configure your directory server?

Could you also make sure that you do not mix up your dogtag CS versions.

Another pointer, when you run your pkicreate, make sure that your fedora 
directory serve is running.
(/etc/init.d/dirsrv status)

If the directory server is not running, you want to start it first; 
/etc/init.d/dirsrv start.

Erwin


--------------------------------------------------
From: "Didier Moens" <Didier.Moens at dmbr.vib-UGent.be>
Sent: Thursday, February 25, 2010 7:33 AM
To: <pki-users at redhat.com>
Subject: [Pki-users] Unable to  connect to Secure Admin Port

> Dear all,
>
>
> For the past few days, I've been struggling trying to set up our
> dogtag-based PKI. Unfortunately, I am unable to access the Secure Admin
> Port / Configuration Wizard (https://...:9445/...), probably due to
> Tomcat failing to open SSL sockets.
>
>
> - Configuration : clean RHEL5u4 ;
> - Installed pki-ca-1.3.0 (tried 1.3.2 too)  from EPEL, with all its
> dependencies (except jss-4.2.6, which is installed from EPEL-testing) ;
> - tomcatjss-1.2.0 is installed as a dependency too.
>
> There is no "tomcat5-native" package installed, and LANG is set to C,
> all to no avail.
>
>
>
> After manually creating user 'pkiuser' (pki-setup 1.3.1 does not
> automatically create this user) , "pkicreate" (with parameters from the
> root CA example) yields the following errors in
> /var/log/pki-ca/catalina.out :
>
>
> ...
> org.apache.coyote.http11.Http11BaseProtocol init
> SEVERE: Error initializing socket factory
> java.lang.ClassNotFoundException: Error loading SSL Implementation
> org.apache.tomcat.util.net.jss.JSSImplementation
> :java.lang.ClassNotFoundException:
> org.apache.tomcat.util.net.jss.JSSImplementation
>        at
> org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplementation.java:79)
>        at
> org.apache.coyote.http11.Http11BaseProtocol.checkSocketFactory(Http11BaseProtocol.java:731)
>        at
> org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:121)
>        at
> org.apache.catalina.connector.Connector.initialize(Connector.java:1017)
>        at
> org.apache.catalina.core.StandardService.initialize(StandardService.java:578)
>        at
> org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782)
>        at org.apache.catalina.startup.Catalina.load(Catalina.java:504)
>        at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>        at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>        at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>        at java.lang.reflect.Method.invoke(Method.java:616)
>        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
>        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
> Feb 25, 2010 1:52:12 PM org.apache.catalina.startup.Catalina load
> SEVERE: Catalina.start
> LifecycleException:  Protocol handler initialization failed:
> java.lang.ClassNotFoundException: Error loading SSL Implementation
> org.apache.tomcat.util.net.jss.JSSImplementation
> :java.lang.ClassNotFoundException:
> org.apache.tomcat.util.net.jss.JSSImplementation
>        at
> org.apache.catalina.connector.Connector.initialize(Connector.java:1019)
>        at
> org.apache.catalina.core.StandardService.initialize(StandardService.java:578)
>        at
> org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782)
>        at org.apache.catalina.startup.Catalina.load(Catalina.java:504)
>        at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>        at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>        at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>        at java.lang.reflect.Method.invoke(Method.java:616)
>        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
>        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
> ...
>
>
> Strangely enough, connections are set up on e.g. the Agent Secure Port
> (9443), but neither on the EE Secure Port (9444) :
>
> # lsof |grep pkiuser |grep TCP
> java      28349   pkiuser   71u     IPv6
> 1445890                 TCP *:9180 (LISTEN)
> java      28349   pkiuser   76u     IPv6
> 1445899                 TCP *:9443 (LISTEN)
> java      28349   pkiuser   77u     IPv6
> 1445900                 TCP localhost.localdomain:9701 (LISTEN)
>
>
> Both '/etc/pki-ca/tomcat5.conf' and '/etc/pki-ca/server.xml' look valid
> (disclaimer: I am a Tomcat novice).
>
>
>
> Stracing (-e trace=file)  the pki-cad process yields nothing useful,
> except for the fact that tomcatjss.jar seems to be nowhere accessed.
>
> When manually adding ":/usr/share/java/tomcatjss.jar" to the CLASSPATH
> variable in '/usr/bin/dtomcat5-pki-ca', Tomcat throws these exceptions
> in catalina.out :
>
> ...
> org.apache.coyote.http11.Http11BaseProtocol init
> INFO: Initializing Coyote HTTP/1.1 on http-9180
> java.lang.reflect.InvocationTargetException
>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>        at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>        at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>        at java.lang.reflect.Method.invoke(Method.java:616)
>        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
>        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
> Caused by: java.lang.NoClassDefFoundError:
> org/apache/tomcat/util/net/SSLImplementation
>        at java.lang.ClassLoader.defineClass1(Native Method)
>        at java.lang.ClassLoader.defineClass(ClassLoader.java:632)
>        at
> java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
>        at java.net.URLClassLoader.defineClass(URLClassLoader.java:277)
>        at java.net.URLClassLoader.access$000(URLClassLoader.java:73)
>        at java.net.URLClassLoader$1.run(URLClassLoader.java:212)
>        at java.security.AccessController.doPrivileged(Native Method)
>        at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
>        at java.lang.ClassLoader.loadClass(ClassLoader.java:319)
>        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
>        at java.lang.ClassLoader.loadClass(ClassLoader.java:312)
>        at java.lang.ClassLoader.loadClass(ClassLoader.java:312)
>        at java.lang.ClassLoader.loadClass(ClassLoader.java:264)
>        at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:332)
>        at java.lang.Class.forName0(Native Method)
>        at java.lang.Class.forName(Class.java:186)
>        at
> org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplementation.java:73)
>        at
> org.apache.coyote.http11.Http11BaseProtocol.checkSocketFactory(Http11BaseProtocol.java:731)
>        at
> org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:121)
>        at
> org.apache.catalina.connector.Connector.initialize(Connector.java:1017)
>        at
> org.apache.catalina.core.StandardService.initialize(StandardService.java:578)
>        at
> org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782)
>        at org.apache.catalina.startup.Catalina.load(Catalina.java:504)
>        at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
>        ... 6 more
> Caused by: java.lang.ClassNotFoundException:
> org.apache.tomcat.util.net.SSLImplementation
>        at java.net.URLClassLoader$1.run(URLClassLoader.java:217)
>        at java.security.AccessController.doPrivileged(Native Method)
>        at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
>        at java.lang.ClassLoader.loadClass(ClassLoader.java:319)
>        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
>        at java.lang.ClassLoader.loadClass(ClassLoader.java:264)
>        at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:332)
>        ... 30 more
>
>
>
> As a last resort, I created a tomcat keystore too, but as this is
> nowhere mentioned in the docs, I guess this is way off.
>
>
> I would be grateful for any clue whatsoever.
>
>
> Best regards,
> Didier
>
> -- 
> ===================================================================
> Didier Moens                                            IT services
> Department for Molecular Biomedical Research (DMBR)
> VIB - Ghent University
> Fiers-Schell-Van Montagu Research Building
> Technologiepark 927 , B-9052 Zwijnaarde , Belgium
> tel ++32(9)3313605  fax ++32(9)3313609
> mailto:Didier.Moens at dmbr.vib-UGent.be      http://www.dmbr.UGent.be
> ===================================================================
> This message represents the official view of the voices in my head.
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users

More information about the Pki-users mailing list