Re: [Freeipa-users] ipa host-del

Tue, 04 Sep 2012 13:22:45 -0700 

george he wrote:

I'm running centos 6.3
# uname -r
2.6.32-279.5.2.el6.x86_64

pki-ca: unrecognized service

There are tons of errors in /var/log/pki-ca/*, some of them are:
/var/log/pki-ca/system:11605.main - [30/Aug/2012:16:34:56 EDT] [3] [3]
Cannot build CA chain. Error java.security.cert.CertificateException:
Certificate is not a PKCS #11 certificate
/var/log/pki-ca/system:11605.main - [30/Aug/2012:16:34:56 EDT] [13] [3]
authz instance DirAclAuthz initialization failed and skipped,
error=Property internaldb.ldapconn.port missing value
/var/log/pki-ca/system:11605.http-9445-1 - [30/Aug/2012:16:35:01 EDT]
[3] [3] Cannot build CA chain. Error
java.security.cert.CertificateException: Certificate is not a PKCS #11
certificate
/var/log/pki-ca/system:11605.http-9445-1 - [30/Aug/2012:16:35:10 EDT]
[3] [3] CASigningUnit: Object certificate not found. Error
org.mozilla.jss.crypto.ObjectNotFoundException
/var/log/pki-ca/system:3281.main - [31/Aug/2012:17:54:28 EDT] [8] [3] In
Ldap (bound) connection pool to host cushing.psych.yale.edu port 7389,
Cannot connect to LDAP server. Error: netscape.ldap.LDAPException:
failed to connect to server ldap://cushing.psych.yale.edu:7389 (91)

/var/log/pki-ca/catalina.2012-09-03.log:SEVERE: Error initializing
socket factory
/var/log/pki-ca/catalina.2012-09-03.log:java.lang.ClassNotFoundException: Error
loading SSL Implementation
org.apache.tomcat.util.net.jss.JSSImplementation
:java.lang.ClassNotFoundException: org.mozilla.jss.ssl.SSLSocket
/var/log/pki-ca/catalina.2012-09-03.log:LifecycleException:  Protocol
handler initialization failed: java.lang.ClassNotFoundException: Error
loading SSL Implementation
org.apache.tomcat.util.net.jss.JSSImplementation
:java.lang.ClassNotFoundException: org.mozilla.jss.ssl.SSLSocket
/var/log/pki-ca/catalina.2012-09-03.log:SEVERE: Error deploying web
application directory ca
The problem looks to be that the dogtag 389-ds instance is not started. I'd try: service dirsrv restart PKI-IPA 

Then service pki-cad restart

rob


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to