[Pki-users] trouble getting 10.6.6 up
Endi Sukma Dewata
edewata at redhat.com
Mon Aug 27 14:52:54 UTC 2018
Hi Timo,
The key alias should point to the SSL certificate and key in the NSS
database. Could you confirm that you have an "sslserver" certificate?
Could you also show me how the SSL Connector element looks like in
the server.xml? Thanks.
--
Endi S. Dewata
----- Original Message -----
>
> Hi,
>
> I've updated dogtag, jss, tomcatjss, ldapjdk to latest versions on Ubuntu,
> and now pkispawn fails and catalina.out has:
>
> SEVERE: Failed to initialize connector
> [Connector[org.dogtagpki.tomcat.Http11NioProtocol-8443]]
> org.apache.catalina.LifecycleException: Failed to initialize component
> [Connector[org.dogtagpki.tomcat.Http11NioPr
> otocol-8443]]
> at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:113)
> at
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
> at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
> at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:632)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:655)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)
> Caused by: org.apache.catalina.LifecycleException: Protocol handler
> initialization failed
> at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:996)
> at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> ... 12 more
> Caused by: java.lang.IllegalArgumentException: Alias name [sslserver] does
> not identify a key entry
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87)
> at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:226)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1086)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:268)
> at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
> at
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68)
> at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
> ... 13 more
> Caused by: java.io.IOException: Alias name [sslserver] does not identify a
> key entry
> at
> org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:229)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
> ... 20 more
>
> so apparently I'm missing something, probably related to PKCS#11 keystore
> work..
>
>
> Also, the 60s timeout waiting for the server to reply doesn't seem to work at
> least here:
>
> 2018-08-26 19:45:43 pkispawn : INFO ........... checking
> https://ubudevel:8443/ca
> 2018-08-26 20:51:29 pkispawn : ERROR ........... server did not start
> after 60s
>
>
>
> --
> t
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
More information about the Pki-users
mailing list