Hi, in your first email you pasted the output of getcert list, and it's reporting only 7 certificates. It's likely that your server is using certmonger for the pkinit cert, the 5 certs for PKI and the RA cert, meaning that the HTTP and LDAP server certificates are externally signed and not tracked by certmonger.
You need to check the LDAP server cert: certutil -L -d /etc/dirsrv/slapd-YOUR-DOMAIN -n 'Server-Cert' and the HTTP server cert: openssl x509 -noout -text -in /var/lib/ipa/certs/httpd.crt If they are expired they need to be renewed with your external CA and replaced. flo On Tue, Mar 12, 2024 at 3:27 AM Omar Pagan via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > and this is from the ca/debug file: > 2024-03-12 02:18:41 [main] SEVERE: Unable to start CA engine: Unable to > connect to LDAP server: Unable to create socket: > org.mozilla.jss.ssl.SSLSocketException: > org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8181) > Peer's Certificate has expired. > Unable to connect to LDAP server: Unable to create socket: > org.mozilla.jss.ssl.SSLSocketException: > org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8181) > Peer's Certificate has expired. > at > com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:305) > at > com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:263) > at > com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:226) > at > com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:195) > at org.dogtagpki.server.ca > .CAEngine.initDatabase(CAEngine.java:199) > at com.netscape.cmscore.apps.CMSEngine.start(CMSEngine.java:1105) > at > com.netscape.cmscore.apps.CMSEngine.contextInitialized(CMSEngine.java:1688) > at > org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4685) > at > org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5146) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) > at > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:717) > at > org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:129) > at > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:150) > at > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:140) > at java.security.AccessController.doPrivileged(Native Method) > at > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:688) > at > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705) > at > org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:631) > at > org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1831) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) > at > java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112) > at > org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:526) > at > org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:425) > at > org.apache.catalina.startup.HostConfig.start(HostConfig.java:1576) > at > org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309) > at > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) > at > org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423) > at > org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366) > at > org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:936) > at > org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:841) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) > at > org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1384) > at > org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1374) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) > at > java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134) > at > org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:909) > at > org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) > at > org.apache.catalina.core.StandardService.startInternal(StandardService.java:421) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) > at > org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) > at org.apache.catalina.startup.Catalina.start(Catalina.java:633) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:343) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474) > Caused by: netscape.ldap.LDAPException: Unable to create socket: > org.mozilla.jss.ssl.SSLSocketException: > org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8181) > Peer's Certificate has expired. (-1) > at > com.netscape.cmscore.ldapconn.PKISocketFactory.makeSocket(PKISocketFactory.java:202) > at netscape.ldap.LDAPConnSetupMgr.connectServer(Unknown Source) > at netscape.ldap.LDAPConnSetupMgr.openSerial(Unknown Source) > at netscape.ldap.LDAPConnSetupMgr.connect(Unknown Source) > at netscape.ldap.LDAPConnSetupMgr.openConnection(Unknown Source) > at netscape.ldap.LDAPConnThread.connect(Unknown Source) > at netscape.ldap.LDAPConnection.connect(Unknown Source) > at netscape.ldap.LDAPConnection.connect(Unknown Source) > at netscape.ldap.LDAPConnection.connect(Unknown Source) > at > com.netscape.cmscore.ldapconn.LdapBoundConnection.<init>(LdapBoundConnection.java:108) > at > com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:287) > ... 51 more > > 2024-03-12 02:18:41 [main] INFO: Shutting down CA subsystem > 2024-03-12 02:18:41 [main] SEVERE: Exception sending context initialized > event to listener instance of class [org.dogtagpki.server.ca.CAEngine] > java.lang.NullPointerException > at > com.netscape.cmscore.apps.CMSEngine.shutdownAuthSubsystem(CMSEngine.java:1291) > at > com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine.java:1368) > at org.dogtagpki.server.ca.CAEngine.shutdown(CAEngine.java:1741) > at > com.netscape.cmscore.apps.CMSEngine.contextInitialized(CMSEngine.java:1692) > at > org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4685) > at > org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5146) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) > at > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:717) > at > org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:129) > at > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:150) > at > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:140) > at java.security.AccessController.doPrivileged(Native Method) > at > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:688) > at > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705) > at > org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:631) > at > org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1831) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) > at > java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112) > at > org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:526) > at > org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:425) > at > org.apache.catalina.startup.HostConfig.start(HostConfig.java:1576) > at > org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309) > at > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) > at > org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423) > at > org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366) > at > org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:936) > at > org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:841) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) > at > org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1384) > at > org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1374) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) > at > java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134) > at > org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:909) > at > org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) > at > org.apache.catalina.core.StandardService.startInternal(StandardService.java:421) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) > at > org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) > at org.apache.catalina.startup.Catalina.start(Catalina.java:633) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:343) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474) > > 2024-03-12 02:18:41 [main] INFO: Shutting down CA subsystem > 2024-03-12 02:18:41 [main] SEVERE: Exception sending context destroyed > event to listener instance of class [org.dogtagpki.server.ca.CAEngine] > java.lang.NullPointerException > at > com.netscape.cmscore.apps.CMSEngine.shutdownAuthSubsystem(CMSEngine.java:1291) > at > com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine.java:1368) > at org.dogtagpki.server.ca.CAEngine.shutdown(CAEngine.java:1741) > at > com.netscape.cmscore.apps.CMSEngine.contextDestroyed(CMSEngine.java:1699) > at > org.apache.catalina.core.StandardContext.listenerStop(StandardContext.java:4732) > at > org.apache.catalina.core.StandardContext.stopInternal(StandardContext.java:5396) > at > org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:257) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:187) > at > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:717) > at > org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:129) > at > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:150) > at > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:140) > at java.security.AccessController.doPrivileged(Native Method) > at > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:688) > at > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705) > at > org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:631) > at > org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1831) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) > at > java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112) > at > org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:526) > at > org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:425) > at > org.apache.catalina.startup.HostConfig.start(HostConfig.java:1576) > at > org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309) > at > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) > at > org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423) > at > org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366) > at > org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:936) > at > org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:841) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) > at > org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1384) > at > org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1374) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) > at > java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134) > at > org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:909) > at > org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) > at > org.apache.catalina.core.StandardService.startInternal(StandardService.java:421) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) > at > org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) > at org.apache.catalina.startup.Catalina.start(Catalina.java:633) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:343) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474) > -- > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue