I have an installed system that was working fine (EDE 'designer' setup, recent SVN checkout (see below) with some changes to work on FC12. I cloned this system to another box to do some further testing, I tried to completely clear it out and start over (reusing just the installed code, nothing from the configuration) and set it back up again from scratch.
To clear things out and reset I did:
(change networking setup, reboot)
sipxconfig.sh --database drop
rm -rf $INSTALL/etc/sipxpbx/ssl/*
rm -rf $INSTALL/var/sipxdata/certdb/*
rm `grep -R -l $INSTALL/etc/sipxecs pbxdev12` [pbxdev12 was the OLD
machine name]
rm `grep -R -l $INSTALL/var/sipxdata pbxdev12`
sipxconfig.sh --database create
sipxconfig.sh --first-run
sipxecs-setup
sstart
hostname -f reports the correct hostname and /etc/hosts is set up without any
real hostname on either flavor of localhost (ipv4 or ipv6).
This keeps failing with an SSL certificate check error while trying to
distribute the config files from sipxconfig to the local machine as shown
below. Full log also included in case there is some other hint.
I realize that I must be missing clearing out something related to the SSL
certificates used internally to distribute config files, can anyone give a clue
what I might have missed? Is there some script/utility that 'zeroes' out a
system to just installed state (if I were using RPM's would an remove/install
of the sipxecs RPMS fully clear things? if so I'll look at what the pre/post
scripts do in them)?
Thanks for any tips,
-Eric Varsanyi
"2010-01-21T23:15:30.884000Z":3:JAVA:INFO:pbx.foo21.com:main:00000000:FirstRunTask:"Executing
first run tasks..."
"2010-01-21T23:15:30.888000Z":4:JAVA:INFO:pbx.foo21.com:main:00000000:DomainManagerImpl:"Attempting
to load initial domain-config from /home/sipxchange/sip1/INSTALL/etc/sipxpbx):"
"2010-01-21T23:15:32.510000Z":5:JAVA:INFO:pbx.foo21.com:background:00000000:SipxReplicationContextImpl:"Start
replication: File replication: domain-config"
"2010-01-21T23:15:32.968000Z":6:JAVA:INFO:pbx.foo21.com:background:00000000:XmlRpcClientInterceptor:"XML/RPC
File.replace with [pbx.foo21.com, /home/sipxchange/sip1/..., 420,
U0lQX0RPTUFJTl9OQU1FID...] on https://pbx.foo21.com:8092/RPC2";
"2010-01-21T23:15:34.008000Z":7:JAVA:ERR:pbx.foo21.com:background:00000000:XmlRpcClientInterceptor:"Exception
in XML/RPC call"
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1627)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:204)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:198)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:994)
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:142)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:533)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:471)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:904)
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1132)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1159)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1143)
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:423)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:858)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at
org.apache.xmlrpc.DefaultXmlRpcTransport.sendXmlRpc(DefaultXmlRpcTransport.java:83)
at
org.apache.xmlrpc.XmlRpcClientWorker.execute(XmlRpcClientWorker.java:71)
at org.apache.xmlrpc.XmlRpcClient.execute(XmlRpcClient.java:193)
at org.apache.xmlrpc.XmlRpcClient.execute(XmlRpcClient.java:184)
at
org.sipfoundry.sipxconfig.xmlrpc.XmlRpcClientInterceptor$1.call(XmlRpcClientInterceptor.java:118)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:636)
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:302)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:205)
at sun.security.validator.Validator.validate(Validator.java:235)
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:147)
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:230)
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:973)
... 21 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:191)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:255)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:297)
... 27 more
"2010-01-21T23:15:34.024000Z":8:JAVA:ERR:pbx.foo21.com:background:00000000:ReplicationManagerImpl:"File
replication failed: domain-config"
.. (many more like it)
----
URL: http://sipxecs.sipfoundry.org/rep/sipXecs/main
Repository Root: http://sipxecs.sipfoundry.org/rep/sipXecs
Repository UUID: ab1d8caa-1f67-47f1-9e81-24633a41865c
Revision: 17748
Node Kind: directory
Schedule: normal
Last Changed Author: fowlerp
Last Changed Rev: 17748
Last Changed Date: 2010-01-20 12:35:02 -0600 (Wed, 20 Jan 2010)
----
sipxconfig.log.gz
Description: GNU Zip compressed data
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
