[Pki-users] PKI CA web services not functional (Dog Tag 9.0 CentOS 6)
Jim Galvin
mirspace2000 at gmail.com
Fri Dec 28 17:42:01 UTC 2012
ALCON,
I am working my way through setting up a CentOS 6 64-bit workstation with
389 Directory Services and Dog Tag CS 9.0 for a test environment. I have
the DS service up and running and have installed the "pki-core" RPMs and
additonal Fedora Core 15 RPM files for pki-console and pki-ra. I
successfully configured the CA and created the appropriate certificates. I
can see the CA elements in the 389console so I know that CS <-> LDAP
communications are successful. I can also use the pki-console to see that a
CA certificate and its related key pair are available.
My problems are related to the web side of the CA service. I cannot access
the web-based services: FQDN:9444/ca/ee/ca (SSL End User Services) or
FQDN:9443/ca/agent/ca/ (Agent Services (does prompt for a certifiate))
which are display as hyperlinks from CA Services page FQDN:45/ca/services.
When I click these links I get a blank page. Also, the CA Services page
shows "XXXXXX" and "XXXXXX® Certificate System" in the page heading. I
assume something about Dog Tag should be there.
To add some additional content I went ahead and installed the pki-ra RPM
and attempted to configure the instance. When accessing the pki-ra
administrative configuration page (this works) the RA cannot contact the
existing Security Domain at FQDN:9445. This is confusing as the pkiconsole
can connect at FQDN:9445/ca, so something must be working. :-)
Any assistance would be most grateful. Thank you for your time and efforts.
[root at FQDN ~]# service pki-cad status
pki-ca (pid 1857) is running... [ OK ]
Unsecure Port = http://FQDN:9180/ca/ee/ca
Secure Agent Port = https://FQDN:9443/ca/agent/ca
Secure EE Port = https://FQDN:9444/ca/ee/ca
Secure Admin Port = https://FQDN:9445/ca/services
EE Client Auth Port = https://FQDN:9446/ca/eeca/ca
PKI Console Port = pkiconsole https://FQDN:9445/ca
Tomcat Port = 9701 (for shutdown)
PKI Instance Name: pki-ca
PKI Subsystem Type: Root CA (Security Domain)
Registered PKI Security Domain Information:
==========================================================================
Name: FQDN Domain
URL: https://FQDN:9445
==========================================================================
[root at FQDN ~]# getenforce
Permissive
[root at FQDN ~]# service iptables status
iptables: Firewall is not running.
root at FQDN ~]# netstat -an|more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 0.0.0.0:9830 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:5672 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:*
LISTEN
tcp 0 0 192.168.1.94:22 192.168.1.109:56448
ESTABLISHED
tcp 0 0 ::ffff:127.0.0.1:9701 :::*
LISTEN
tcp 0 0 :::9445 :::*
LISTEN
tcp 0 0 :::389 :::*
LISTEN
tcp 0 0 :::9446 :::*
LISTEN
tcp 0 0 :::5672 :::*
LISTEN
tcp 0 0 :::22 :::*
LISTEN
tcp 0 0 ::1:25 :::*
LISTEN
tcp 0 0 :::9180 :::*
LISTEN
tcp 0 0 :::9443 :::*
LISTEN
tcp 0 0 :::9444 :::*
LISTEN
[root at FQDN ~]# more /var/log/pki-ca/system
2310.main - [28/Dec/2012:07:47:08 EST] [3] [3] Cannot build CA chain. Error
java.security.cert.CertificateException: Certificate is not a PKCS #11
certificate
2310.main - [28/Dec/2012:07:47:09 EST] [13] [3] authz instance DirAclAuthz
initialization failed and skipped, error=Property internaldb.ldapconn.port
missing value
2310.http-9445-7 - [28/Dec/2012:07:51:37 EST] [3] [3] Cannot build CA
chain. Error java.security.cert.CertificateException: Certificate is not a
PKCS #11 certificate
2310.http-9445-7 - [28/Dec/2012:07:53:26 EST] [3] [3] CASigningUnit: Object
certificate not found. Error org.mozilla.jss.crypto.ObjectNotFoundException
3256.http-9445-7 - [28/Dec/2012:09:05:06 EST] [20] [3] JSS Import
certificate org.mozilla.jss.CryptoManager$NicknameConflictException
[root at ca-l pki-ca]# more /var/log/pki-ca/localhost.2012-12-28.log
Dec 28, 2012 7:47:27 AM org.apache.catalina.core.ApplicationContext log
INFO: Use of the properties initialization parameter 'properties' has been
deprecated by 'org.apache.velocity.properties'
Dec 28, 2012 7:47:28 AM org.apache.catalina.core.ApplicationContext log
INFO: Use of the properties initialization parameter 'properties' has been
deprecated by 'org.apache.velocity.properties'
Dec 28, 2012 7:56:07 AM org.apache.catalina.core.ApplicationContext log
SEVERE: Servlet castart threw unload() exception
javax.servlet.ServletException: Servlet.destroy() for servlet castart threw
exception
at
org.apache.catalina.core.StandardWrapper.unload(StandardWrapper.java:1413)
at
org.apache.catalina.core.StandardWrapper.stop(StandardWrapper.java:1739)
at
org.apache.catalina.core.StandardContext.stop(StandardContext.java:4601)
at
org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:924)
at
org.apache.catalina.startup.HostConfig.undeployApps(HostConfig.java:1319)
at org.apache.catalina.startup.HostConfig.stop(HostConfig.java:1290)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:323)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1086)
at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1098)
at org.apache.catalina.core.StandardEngine.stop(StandardEngine.java:448)
at
org.apache.catalina.core.StandardService.stop(StandardService.java:584)
at org.apache.catalina.core.StandardServer.stop(StandardServer.java:744)
at org.apache.catalina.startup.Catalina.stop(Catalina.java:643)
at org.apache.catalina.startup.Catalina.start(Catalina.java:618)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.lang.NullPointerException
at
com.netscape.ca.CertificateAuthority.shutdown(CertificateAuthority.java:496)
at
com.netscape.cmscore.apps.CMSEngine.shutdownSubsystems(CMSEngine.java:1609)
at com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine.java:1552)
at com.netscape.certsrv.apps.CMS.shutdown(CMS.java:199)
at
com.netscape.cms.servlet.base.CMSStartServlet.destroy(CMSStartServlet.java:108)
at
org.apache.catalina.core.StandardWrapper.unload(StandardWrapper.java:1394)
... 20 more
Dec 28, 2012 9:43:03 AM org.apache.catalina.core.ApplicationContext log
SEVERE: Servlet castart threw unload() exception
javax.servlet.ServletException: Servlet.destroy() for servlet castart threw
exception
at
org.apache.catalina.core.StandardWrapper.unload(StandardWrapper.java:1413)
at
org.apache.catalina.core.StandardWrapper.stop(StandardWrapper.java:1739)
at
org.apache.catalina.core.StandardContext.stop(StandardContext.java:4601)
at
org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:924)
at
org.apache.catalina.startup.HostConfig.undeployApps(HostConfig.java:1319)
at org.apache.catalina.startup.HostConfig.stop(HostConfig.java:1290)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:323)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1086)
at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1098)
at org.apache.catalina.core.StandardEngine.stop(StandardEngine.java:448)
at
org.apache.catalina.core.StandardService.stop(StandardService.java:584)
at org.apache.catalina.core.StandardServer.stop(StandardServer.java:744)
at org.apache.catalina.startup.Catalina.stop(Catalina.java:643)
at org.apache.catalina.startup.Catalina.start(Catalina.java:618)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.lang.NoSuchMethodError
at java.lang.Thread.destroy(Thread.java:979)
at
com.netscape.cmscore.jobs.JobsScheduler.shutdown(JobsScheduler.java:448)
at
com.netscape.cmscore.apps.CMSEngine.shutdownSubsystems(CMSEngine.java:1609)
at com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine.java:1551)
at com.netscape.certsrv.apps.CMS.shutdown(CMS.java:199)
at
com.netscape.cms.servlet.base.CMSStartServlet.destroy(CMSStartServlet.java:108)
at
org.apache.catalina.core.StandardWrapper.unload(StandardWrapper.java:1394)
... 20 more
Dec 28, 2012 11:06:53 AM org.apache.catalina.core.ApplicationContext log
SEVERE: Servlet castart threw unload() exception
javax.servlet.ServletException: Servlet.destroy() for servlet castart threw
exception
at
org.apache.catalina.core.StandardWrapper.unload(StandardWrapper.java:1413)
at
org.apache.catalina.core.StandardWrapper.stop(StandardWrapper.java:1739)
at
org.apache.catalina.core.StandardContext.stop(StandardContext.java:4601)
at
org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:924)
at
org.apache.catalina.startup.HostConfig.undeployApps(HostConfig.java:1319)
at org.apache.catalina.startup.HostConfig.stop(HostConfig.java:1290)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:323)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1086)
at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1098)
at org.apache.catalina.core.StandardEngine.stop(StandardEngine.java:448)
at
org.apache.catalina.core.StandardService.stop(StandardService.java:584)
at org.apache.catalina.core.StandardServer.stop(StandardServer.java:744)
at org.apache.catalina.startup.Catalina.stop(Catalina.java:643)
at org.apache.catalina.startup.Catalina.start(Catalina.java:618)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.lang.NoSuchMethodError
at java.lang.Thread.destroy(Thread.java:979)
at
com.netscape.cmscore.jobs.JobsScheduler.shutdown(JobsScheduler.java:448)
at
com.netscape.cmscore.apps.CMSEngine.shutdownSubsystems(CMSEngine.java:1609)
at com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine.java:1551)
at com.netscape.certsrv.apps.CMS.shutdown(CMS.java:199)
at
com.netscape.cms.servlet.base.CMSStartServlet.destroy(CMSStartServlet.java:108)
at
org.apache.catalina.core.StandardWrapper.unload(StandardWrapper.java:1394)
... 20 more
Dec 28, 2012 11:59:32 AM org.apache.catalina.core.ApplicationContext log
SEVERE: Servlet castart threw unload() exception
javax.servlet.ServletException: Servlet.destroy() for servlet castart threw
exception
at
org.apache.catalina.core.StandardWrapper.unload(StandardWrapper.java:1413)
at
org.apache.catalina.core.StandardWrapper.stop(StandardWrapper.java:1739)
at
org.apache.catalina.core.StandardContext.stop(StandardContext.java:4601)
at
org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:924)
at
org.apache.catalina.startup.HostConfig.undeployApps(HostConfig.java:1319)
at org.apache.catalina.startup.HostConfig.stop(HostConfig.java:1290)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:323)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1086)
at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1098)
at org.apache.catalina.core.StandardEngine.stop(StandardEngine.java:448)
at
org.apache.catalina.core.StandardService.stop(StandardService.java:584)
at org.apache.catalina.core.StandardServer.stop(StandardServer.java:744)
at org.apache.catalina.startup.Catalina.stop(Catalina.java:643)
at org.apache.catalina.startup.Catalina.start(Catalina.java:618)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.lang.NoSuchMethodError
at java.lang.Thread.destroy(Thread.java:979)
at
com.netscape.cmscore.jobs.JobsScheduler.shutdown(JobsScheduler.java:448)
at
com.netscape.cmscore.apps.CMSEngine.shutdownSubsystems(CMSEngine.java:1609)
at com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine.java:1551)
at com.netscape.certsrv.apps.CMS.shutdown(CMS.java:199)
at
com.netscape.cms.servlet.base.CMSStartServlet.destroy(CMSStartServlet.java:108)
at
org.apache.catalina.core.StandardWrapper.unload(StandardWrapper.java:1394)
... 20 more
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20121228/ecd12cdb/attachment.htm>
More information about the Pki-users
mailing list