[Pki-users] Unable to connect to Secure Admin Port
Erwin Himawan
ehimawan at gmail.com
Tue Mar 9 00:06:52 UTC 2010
Hi Didier,
I am not familiar with Red Hat. I assumed Red Hat has some similarities
with Fedora 11.
If you do not mind, can you provide me with the last 20 lines of your
/var/log/pki-ca-install.... file? (Assuming you are using default file
location).
One other useful log is your directory server installation log. Do you
successfully configure your directory server?
Could you also make sure that you do not mix up your dogtag CS versions.
Another pointer, when you run your pkicreate, make sure that your fedora
directory serve is running.
(/etc/init.d/dirsrv status)
If the directory server is not running, you want to start it first;
/etc/init.d/dirsrv start.
Erwin
--------------------------------------------------
From: "Didier Moens" <Didier.Moens at dmbr.vib-UGent.be>
Sent: Thursday, February 25, 2010 7:33 AM
To: <pki-users at redhat.com>
Subject: [Pki-users] Unable to connect to Secure Admin Port
> Dear all,
>
>
> For the past few days, I've been struggling trying to set up our
> dogtag-based PKI. Unfortunately, I am unable to access the Secure Admin
> Port / Configuration Wizard (https://...:9445/...), probably due to
> Tomcat failing to open SSL sockets.
>
>
> - Configuration : clean RHEL5u4 ;
> - Installed pki-ca-1.3.0 (tried 1.3.2 too) from EPEL, with all its
> dependencies (except jss-4.2.6, which is installed from EPEL-testing) ;
> - tomcatjss-1.2.0 is installed as a dependency too.
>
> There is no "tomcat5-native" package installed, and LANG is set to C,
> all to no avail.
>
>
>
> After manually creating user 'pkiuser' (pki-setup 1.3.1 does not
> automatically create this user) , "pkicreate" (with parameters from the
> root CA example) yields the following errors in
> /var/log/pki-ca/catalina.out :
>
>
> ...
> org.apache.coyote.http11.Http11BaseProtocol init
> SEVERE: Error initializing socket factory
> java.lang.ClassNotFoundException: Error loading SSL Implementation
> org.apache.tomcat.util.net.jss.JSSImplementation
> :java.lang.ClassNotFoundException:
> org.apache.tomcat.util.net.jss.JSSImplementation
> at
> org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplementation.java:79)
> at
> org.apache.coyote.http11.Http11BaseProtocol.checkSocketFactory(Http11BaseProtocol.java:731)
> at
> org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:121)
> at
> org.apache.catalina.connector.Connector.initialize(Connector.java:1017)
> at
> org.apache.catalina.core.StandardService.initialize(StandardService.java:578)
> at
> org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:504)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
> Feb 25, 2010 1:52:12 PM org.apache.catalina.startup.Catalina load
> SEVERE: Catalina.start
> LifecycleException: Protocol handler initialization failed:
> java.lang.ClassNotFoundException: Error loading SSL Implementation
> org.apache.tomcat.util.net.jss.JSSImplementation
> :java.lang.ClassNotFoundException:
> org.apache.tomcat.util.net.jss.JSSImplementation
> at
> org.apache.catalina.connector.Connector.initialize(Connector.java:1019)
> at
> org.apache.catalina.core.StandardService.initialize(StandardService.java:578)
> at
> org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:504)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
> ...
>
>
> Strangely enough, connections are set up on e.g. the Agent Secure Port
> (9443), but neither on the EE Secure Port (9444) :
>
> # lsof |grep pkiuser |grep TCP
> java 28349 pkiuser 71u IPv6
> 1445890 TCP *:9180 (LISTEN)
> java 28349 pkiuser 76u IPv6
> 1445899 TCP *:9443 (LISTEN)
> java 28349 pkiuser 77u IPv6
> 1445900 TCP localhost.localdomain:9701 (LISTEN)
>
>
> Both '/etc/pki-ca/tomcat5.conf' and '/etc/pki-ca/server.xml' look valid
> (disclaimer: I am a Tomcat novice).
>
>
>
> Stracing (-e trace=file) the pki-cad process yields nothing useful,
> except for the fact that tomcatjss.jar seems to be nowhere accessed.
>
> When manually adding ":/usr/share/java/tomcatjss.jar" to the CLASSPATH
> variable in '/usr/bin/dtomcat5-pki-ca', Tomcat throws these exceptions
> in catalina.out :
>
> ...
> org.apache.coyote.http11.Http11BaseProtocol init
> INFO: Initializing Coyote HTTP/1.1 on http-9180
> java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
> Caused by: java.lang.NoClassDefFoundError:
> org/apache/tomcat/util/net/SSLImplementation
> at java.lang.ClassLoader.defineClass1(Native Method)
> at java.lang.ClassLoader.defineClass(ClassLoader.java:632)
> at
> java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
> at java.net.URLClassLoader.defineClass(URLClassLoader.java:277)
> at java.net.URLClassLoader.access$000(URLClassLoader.java:73)
> at java.net.URLClassLoader$1.run(URLClassLoader.java:212)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:319)
> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:312)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:312)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:264)
> at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:332)
> at java.lang.Class.forName0(Native Method)
> at java.lang.Class.forName(Class.java:186)
> at
> org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplementation.java:73)
> at
> org.apache.coyote.http11.Http11BaseProtocol.checkSocketFactory(Http11BaseProtocol.java:731)
> at
> org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:121)
> at
> org.apache.catalina.connector.Connector.initialize(Connector.java:1017)
> at
> org.apache.catalina.core.StandardService.initialize(StandardService.java:578)
> at
> org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:504)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
> ... 6 more
> Caused by: java.lang.ClassNotFoundException:
> org.apache.tomcat.util.net.SSLImplementation
> at java.net.URLClassLoader$1.run(URLClassLoader.java:217)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:319)
> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:264)
> at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:332)
> ... 30 more
>
>
>
> As a last resort, I created a tomcat keystore too, but as this is
> nowhere mentioned in the docs, I guess this is way off.
>
>
> I would be grateful for any clue whatsoever.
>
>
> Best regards,
> Didier
>
> --
> ===================================================================
> Didier Moens IT services
> Department for Molecular Biomedical Research (DMBR)
> VIB - Ghent University
> Fiers-Schell-Van Montagu Research Building
> Technologiepark 927 , B-9052 Zwijnaarde , Belgium
> tel ++32(9)3313605 fax ++32(9)3313609
> mailto:Didier.Moens at dmbr.vib-UGent.be http://www.dmbr.UGent.be
> ===================================================================
> This message represents the official view of the voices in my head.
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list