Hello.
>> 2021-01-05 01:07:32 [main] WARNING: Failed to scan
>> [file:/usr/share/java/el-api-3.0.jar] from classloader hierarchy
>> java.io.IOException:
>>
>> Caused by: java.nio.file.NoSuchFileException:
>> /usr/share/java/el-api-3.0.jar
>Figure out which jar is trying to search that and we'd at least get rid
> of this error. dogtag 10.10.2-1 at least should use the correct el-api from
> tomcat9 now, but there's probably some other package which still doesn't.
There was no el-api-3.0.jar on my system for some reason
I'm install libel-api-java.
And also I installed libjemalloc2 and created a link ln -s
/usr/lib/x86_64-linux-gnu/ /usr/lib/x86_64-linux-gnu/dirsrv/lib, because in the
log I saw a message about the absence of the
/usr/lib/x86_64-linux-gnu/dirsrv/lib/libjemalloc.so.2
Now in the log / var / lib / pki / pki-tomcat / ca / logs / debug I see an error
2021-01-06 12:18:33 [http-nio-8080-exec-15] WARNING: Certificate request
deferred: defer request
2021-01-06 12:18:33 [http-nio-8080-exec-15] INFO: Updating certificate request
2021-01-06 12:18:34 [https-jsse-nio-8443-exec-3] INFO: Getting SSL client
certificate.
2021-01-06 12:18:34 [https-jsse-nio-8443-exec-3] SEVERE: ReviewReqServlet: You
did not provide a valid certificate for this operation
You did not provide a valid certificate for this operation
at
com.netscape.cms.servlet.base.CMSServlet.getSSLClientCertificate(CMSServlet.java:843)
at
com.netscape.cms.servlet.base.CMSServlet.getSSLClientCertificate(CMSServlet.java:825)
at
com.netscape.cms.servlet.base.CMSServlet.authenticate(CMSServlet.java:1685)
at
com.netscape.cms.servlet.base.CMSServlet.authenticate(CMSServlet.java:1627)
at
com.netscape.cms.servlet.profile.ProfileReviewServlet.process(ProfileReviewServlet.java:120)
at
com.netscape.cms.servlet.base.CMSServlet.service(CMSServlet.java:494)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
at
com.netscape.cms.tomcat.ExternalAuthenticationValve.invoke(ExternalAuthenticationValve.java:82)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1597)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at
java.base/java.lang.Thread.run(Thread.java:834)
2021-01-06 12:18:34 [https-jsse-nio-8443-exec-3] SEVERE: Failed to authorize:
You did not provide a valid certificate for this operation.
2021-01-06 12:18:34 [https-jsse-nio-8443-exec-4] INFO: DBSSession: reading
cn=7,ou=ca,ou=requests,o=ipaca
2021-01-06 12:23:09 [Timer-0] INFO: SessionTimer: checking security domain
sessions
Debug output
[13/30]: requesting RA certificate from CA
Starting external process
args=['/usr/bin/openssl', 'pkcs7', '-inform', 'DER', '-print_certs', '-out',
'/var/lib/ipa/tmpuk9b5gsr']
Process finished, return code=0
stdout=
stderr=
Starting external process
args=['/usr/bin/openssl', 'pkcs12', '-nokeys', '-clcerts', '-in',
'/root/ca-agent.p12', '-out', '/var/lib/ipa/tmpaf4g9v4s', '-passin',
'file:/tmp/tmpitfnlm4x']
Process finished, return code=0
stdout=
stderr=
Starting external process
args=['/usr/bin/openssl', 'pkcs12', '-nocerts', '-in', '/root/ca-agent.p12',
'-out', '/var/lib/ipa/tmp08qoxv6b', '-passin', 'file:/tmp/tmp_d6rjgv7',
'-nodes']
Process finished, return code=0
stdout=
stderr=
certmonger request is in state dbus.String('GENERATING_KEY_PAIR',
variant_level=1)
certmonger request is in state dbus.String('CA_REJECTED', variant_level=1)
Cert request 20210106091833 failed: CA_REJECTED (Server at
"https://srv-freeipa01.domain.linux:8443/ca/agent/ca//profileProcess"; replied:
1: You did not provide a valid certificate for this operation)
Giving up on cert request 20210106091833
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/ipaserver/install/service.py", line 606,
in start_creation
run_step(full_msg, method)
File "/usr/lib/python3/dist-packages/ipaserver/install/service.py", line 592,
in run_step
method()
File "/usr/lib/python3/dist-packages/ipaserver/install/cainstance.py", line
877, in __request_ra_certificate
reqId = certmonger.request_and_wait_for_cert(
File "/usr/lib/python3/dist-packages/ipalib/install/certmonger.py", line 409,
in request_and_wait_for_cert
raise RuntimeError(
RuntimeError: Certificate issuance failed (CA_REJECTED: Server at
"https://srv-freeipa01.domain.linux:8443/ca/agent/ca//profileProcess"; replied:
1: You did not provide a valid certificate for this operation)
[error] RuntimeError: Certificate issuance failed (CA_REJECTED: Server at
"https://srv-freeipa01.domain.linux:8443/ca/agent/ca//profileProcess"; replied:
1: You did not provide a valid certificate for this operation)
[error] RuntimeError: Certificate issuance failed (CA_REJECTED: Server at
"https://srv-freeipa01.domain.linux:8443/ca/agent/ca//profileProcess"; replied:
1: You did not provide a valid certificate for this operation)
