hi,
digging further, the tomcat service does not start because the of this error:
server[48368]: org.xml.sax.SAXParseException; systemId: file:/var/lib/pki/pki-tomcat/conf/server.xml; lineNumber: 86; columnNumber: 861; Error at line [86] column [861]: [Cannot invoke "Object.getClass()" because the return value of "org.apache.catalina.connector.Connector.getProtocolHandler()" is null]
If I check the server.xml, there is no colum 861 in line 86, the last char is 860
<Connector name="Secure" port="8443" protocol="org.dogtagpki.jss.tomcat.Http11NioProtocol" SSLEnabled="true" sslImplementationName="org.dogtagpki.jss.tomcat.JSSImplementation" scheme="https" secure="true" connectionTimeout="80000" keepAliveTimeout="300000" maxHttpHeaderSize="8192" acceptCount="100" maxThreads="150" minSpareThreads="25" enableLookups="false" disableUploadTimeout="true" enableOCSP="false" ocspResponderURL="
http://kdc.sub.domain.tld:8080/ca/ocsp" ocspResponderCertNickname="ocspSigningCert cert-pki-ca" ocspCacheSize="1000" ocspMinCacheEntryDuration="7200" ocspMaxCacheEntryDuration="14400" ocspTimeout="10" serverCertNickFile="/var/lib/pki/pki-tomcat/conf/serverCertNick.conf" passwordFile="/var/lib/pki/pki-tomcat/conf/password.conf" passwordClass="org.dogtagpki.jss.tomcat.PlainPasswordFile" certdbDir="/var/lib/pki/pki-tomcat/alias">
This line looks similar (replacying the ocsp url) to other ipa ca servers I manage, so I do not know where this is coming from.
If I run this as root it starts but apparently not well enough, because then the ExecStartPost command /usr/libexec/ipa/ipa-pki-wait-running fails with a 404
Any clues?
Regards,
Natxo