One more info. After starting tomcat-pki i have a exception in
catalina.2017-07-29.log:

Jul 29, 2017 10:06:58 AM org.apache.catalina.core.ContainerBase
addChildInternal
SCHWERWIEGEND: ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: Failed to start component
[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/pki]]
  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:153)
  at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
  at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
  at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
  at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
  at java.security.AccessController.doPrivileged(Native Method)
  at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
  at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
  at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
  at
org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
  at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
  at java.util.concurrent.FutureTask.run(FutureTask.java:266)
  at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
  at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
  at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.catalina.LifecycleException: Error in resourceStart()
  at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5387)
  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
  ... 14 more

Jul 29, 2017 10:06:58 AM org.apache.catalina.startup.HostConfig
deployDescriptor
SCHWERWIEGEND: Error deploying configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/pki.xml
java.lang.IllegalStateException: ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: Failed to start component
[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/pki]]
  at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:903)
  at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
  at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
  at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
  at java.security.AccessController.doPrivileged(Native Method)
  at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
  at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
  at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
  at
org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
  at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
  at java.util.concurrent.FutureTask.run(FutureTask.java:266)
  at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
  at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
  at java.lang.Thread.run(Thread.java:748)

I think thats we reason why CA not available, but there is no info whats
the underlying problem is.

Michael


Am 09.08.2017 um 13:32 schrieb Michael Gusek via FreeIPA-users:
>
> Hello Rob,
>
> i can understand why CA won't start with expired certs. Actually my
> system date is a day before expiring (expiring date is 30 Jul 2017,
> system date now 29 Jul 2017), but CA won't start. How to "ensure that
> the CA comes up" ?
>
> Michael
>
>
> Am 08.08.2017 um 17:40 schrieb Rob Crittenden:
>> Michael Gusek via FreeIPA-users wrote:
>>> Hi Fraser,
>>>
>>> at the moment, i can't provide this logfile, i've moved that back to
>>> have only new log lines. But a new new logfile is not created ??? In my
>>> old logfile i have some lines after switch to basic auth, but before
>>> setting time to past:
>>>
>> The CA won't start with expired certs.
>>
>> I'd set the time back to the past and ensure that the CA comes up. The
>> debug log in that case should tell you what is going on. Be sure that
>> ntpd is stopped.
>>
>> Restarting certmonger should be sufficient to have it try renewal as it
>> will see on startup that the certs need to be refreshed.
>>
>> rob
>
>
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

-- 

________________________________________________


*Michael**Gusek*| System Administrator| Webtrekk GmbH |
*t*+49 30 755 415 302| *f *+49 30 755 415 100 | *w *www.webtrekk.com
<https://www.webtrekk.com/?wt_mc=signature.-.-.-.homepageURL>
Amtsgericht/Local Court Berlin, HRB 93435 B | Geschäftsführer/CEO
Christian Sauer


_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to