Hi Timo, The key alias should point to the SSL certificate and key in the NSS database. Could you confirm that you have an "sslserver" certificate? Could you also show me how the SSL Connector element looks like in the server.xml? Thanks.
-- Endi S. Dewata ----- Original Message ----- > > Hi, > > I've updated dogtag, jss, tomcatjss, ldapjdk to latest versions on Ubuntu, > and now pkispawn fails and catalina.out has: > > SEVERE: Failed to initialize connector > [Connector[org.dogtagpki.tomcat.Http11NioProtocol-8443]] > org.apache.catalina.LifecycleException: Failed to initialize component > [Connector[org.dogtagpki.tomcat.Http11NioPr > otocol-8443]] > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:113) > at > > org.apache.catalina.core.StandardService.initInternal(StandardService.java:549) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) > at > > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) > at org.apache.catalina.startup.Catalina.load(Catalina.java:632) > at org.apache.catalina.startup.Catalina.load(Catalina.java:655) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) > Caused by: org.apache.catalina.LifecycleException: Protocol handler > initialization failed > at > > org.apache.catalina.connector.Connector.initInternal(Connector.java:996) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) > ... 12 more > Caused by: java.lang.IllegalArgumentException: Alias name [sslserver] does > not identify a key entry > at > > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116) > at > > org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87) > at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:226) > at > > org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1086) > at > > org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:268) > at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581) > at > > org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68) > at > > org.apache.catalina.connector.Connector.initInternal(Connector.java:993) > ... 13 more > Caused by: java.io.IOException: Alias name [sslserver] does not identify a > key entry > at > > org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:229) > at > > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) > ... 20 more > > so apparently I'm missing something, probably related to PKCS#11 keystore > work.. > > > Also, the 60s timeout waiting for the server to reply doesn't seem to work at > least here: > > 2018-08-26 19:45:43 pkispawn : INFO ........... checking > https://ubudevel:8443/ca > 2018-08-26 20:51:29 pkispawn : ERROR ........... server did not start > after 60s > > > > -- > t > > _______________________________________________ > Pki-users mailing list > Pki-users@redhat.com > https://www.redhat.com/mailman/listinfo/pki-users > _______________________________________________ Pki-users mailing list Pki-users@redhat.com https://www.redhat.com/mailman/listinfo/pki-users
