I'm running centos 6.3
# uname -r
2.6.32-279.5.2.el6.x86_64

pki-ca: unrecognized service


There are tons of errors in /var/log/pki-ca/*, some of them are:
/var/log/pki-ca/system:11605.main - [30/Aug/2012:16:34:56 EDT] [3] [3] Cannot 
build CA chain. Error java.security.cert.CertificateException: Certificate is 
not a PKCS #11 certificate
/var/log/pki-ca/system:11605.main - [30/Aug/2012:16:34:56 EDT] [13] [3] authz 
instance DirAclAuthz initialization failed and skipped, error=Property 
internaldb.ldapconn.port missing value
/var/log/pki-ca/system:11605.http-9445-1 - [30/Aug/2012:16:35:01 EDT] [3] [3] 
Cannot build CA chain. Error java.security.cert.CertificateException: 
Certificate is not a PKCS #11 certificate
/var/log/pki-ca/system:11605.http-9445-1 - [30/Aug/2012:16:35:10 EDT] [3] [3] 
CASigningUnit: Object certificate not found. Error 
org.mozilla.jss.crypto.ObjectNotFoundException
/var/log/pki-ca/system:3281.main - [31/Aug/2012:17:54:28 EDT] [8] [3] In Ldap 
(bound) connection pool to host cushing.psych.yale.edu port 7389, Cannot 
connect to LDAP server. Error: netscape.ldap.LDAPException: failed to connect 
to server ldap://cushing.psych.yale.edu:7389 (91)

/var/log/pki-ca/catalina.2012-09-03.log:SEVERE: Error initializing socket 
factory
/var/log/pki-ca/catalina.2012-09-03.log:java.lang.ClassNotFoundException: Error 
loading SSL Implementation org.apache.tomcat.util.net.jss.JSSImplementation 
:java.lang.ClassNotFoundException: org.mozilla.jss.ssl.SSLSocket
/var/log/pki-ca/catalina.2012-09-03.log:LifecycleException:  Protocol handler 
initialization failed: java.lang.ClassNotFoundException: Error loading SSL 
Implementation org.apache.tomcat.util.net.jss.JSSImplementation 
:java.lang.ClassNotFoundException: org.mozilla.jss.ssl.SSLSocket
/var/log/pki-ca/catalina.2012-09-03.log:SEVERE: Error deploying web application 
directory ca


Thanks,
George


>________________________________
> From: John Dennis <jden...@redhat.com>
>To: george he <george_...@yahoo.com> 
>Cc: "freeipa-users@redhat.com" <freeipa-users@redhat.com> 
>Sent: Tuesday, September 4, 2012 10:40 AM
>Subject: Re: [Freeipa-users] ipa host-del
> 
>On 09/04/2012 10:23 AM, george he wrote:
>> First of all, i don't see any java process after ipactl stop.
>> 
>> Then I turned on debug and this is what I get on terminal:
>> # ipa host-del hnl09.psych.yale.edu
>> ......
>> ipa: DEBUG: approved_usage = SSLServer intended_usage = SSLServer
>> ipa: DEBUG: cert valid True for "CN=cushing.psych.yale.edu,O=PSYCH.YALE.EDU"
>> ipa: DEBUG: handshake complete, peer = 130.132.167.68:443
>> ipa: DEBUG: Caught fault 4301 from server
>> http://cushing.psych.yale.edu/ipa/xml: Certificate operation cannot be
>> completed: Unable to communicate with CMS (Service Temporarily Unavailable)
>> ipa: DEBUG: Destroyed connection context.xmlclient
>> ipa: ERROR: Certificate operation cannot be completed: Unable to
>> communicate with CMS (Service Temporarily Unavailable)
>> 
>> So there's a "fault 4301" being caught.
>> And this is at the end of /var/log/httpd/error_log:
>> [Tue Sep 04 10:17:05 2012] [error] ipa: DEBUG: approved_usage =
>> SSLServer intended_usage = SSLServer
>> [Tue Sep 04 10:17:05 2012] [error] ipa: DEBUG: cert valid True for
>> "CN=cushing.psych.yale.edu,O=PSYCH.YALE.EDU"
>> [Tue Sep 04 10:17:05 2012] [error] ipa: DEBUG: handshake complete, peer
>> = 130.132.167.68:443
>> [Tue Sep 04 10:17:05 2012] [error] (111)Connection refused: proxy: AJP:
>> attempt to connect to 127.0.0.1:9447 (localhost) failed
>> [Tue Sep 04 10:17:05 2012] [error] ap_proxy_connect_backend disabling
>> worker for (localhost)
>> [Tue Sep 04 10:17:05 2012] [error] proxy: AJP: failed to make connection
>> to backend: localhost
>> [Tue Sep 04 10:17:05 2012] [error] ipa: INFO: ad...@psych.yale.edu:
>> host_del((u'hnl09.psych.yale.edu',), updatedns=False):
>> CertificateOperationError
>> [Tue Sep 04 10:17:05 2012] [error] ipa: DEBUG: response:
>> CertificateOperationError: Certificate operation cannot be completed:
>> Unable to communicate with CMS (Service Temporarily Unavailable)
>> [Tue Sep 04 10:17:05 2012] [error] ipa: DEBUG: Destroyed connection
>> context.ldap2
>> 
>> Thanks,
>> George
>
>It appears as if your CA instance is not running (pki-ca). Depending on which 
>OS you're running on could you verify pki-ca is running via either the service 
>or systemctl command. Do you see any errors in the log files found under 
>/var/log/pki-ca?
>
>-- John Dennis <jden...@redhat.com>
>
>Looking to carve out IT costs?
>www.redhat.com/carveoutcosts/
>
>
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to