Hi Rob,
Please see below. Notice "Failed to create jss service: java.lang.SecurityException: Unable to initialize security library".
# getcert list | grep expires
expires: 2018-10-23 09:34:16 UTC
expires: 2018-10-23 09:33:16 UTC
expires: 2018-10-23 09:33:16 UTC
expires: 2018-10-24 09:33:15 UTC
expires: 2018-10-23 09:33:16 UTC
expires: 2019-03-03 19:54:22 UTC
expires: 2019-03-03 19:54:22 UTC
expires: 2019-03-03 19:54:22 UTC
expires: unknown
root bioldap-p1 /var/log/pki-ca
# ps -ef | grep tomcat pkiuser 18739 1 0 13:02 ? 00:00:04 /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath :/usr/share/tomcat6/bin/bootstrap.jar:/usr/share/tomcat6/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/var/lib/pki-ca -Dcatalina.home=/usr/share/tomcat6 -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat6/temp -Djava.util.logging.config.file=/var/lib/pki-ca/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start root 20364 14505 0 13:23 pts/3 00:00:00 grep tomcat root bioldap-p1 /var/log/pki-ca # |
[31/May/2017:13:02:04][main]: ============================================ [31/May/2017:13:02:04][main]: ===== DEBUG SUBSYSTEM INITIALIZED ======= [31/May/2017:13:02:04][main]: ============================================ Failed to create jss service: java.lang.SecurityException: Unable to initialize security library at com.netscape.cmscore.security.JssSubsystem.init(JssSubsystem.java:272) at com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:866) at com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:795) at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:306) at com.netscape.certsrv.apps.CMS.init(CMS.java:153) at com.netscape.certsrv.apps.CMS.start(CMS.java:1530) at com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:85) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1173) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:993) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4425) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4738) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1041) at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:964) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) at org.apache.catalina.core.StandardHost.start(StandardHost.java:722) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:516) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:593) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) |
# tail -f access [31/May/2017:12:55:13 -0500] conn=3 op=0 BIND dn="cn=Directory Manager" method=128 version=2 [31/May/2017:12:55:13 -0500] conn=3 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [31/May/2017:12:55:13 -0500] conn=3 op=1 SRCH base="ou=sessions,ou=Security Domain,o=ipaca" scope=2 filter="(objectClass=securityDomainSessi onEntry)" attrs="cn" [31/May/2017:12:55:13 -0500] conn=3 op=1 RESULT err=0 tag=101 nentries=0 etime=0 [31/May/2017:12:55:13 -0500] conn=3 op=2 UNBIND [31/May/2017:12:55:13 -0500] conn=3 op=2 fd=64 closed - U1 [31/May/2017:12:57:03 -0500] conn=4 fd=64 slot=64 connection from 10.106.178.59 to 10.106.178.56 [31/May/2017:12:57:03 -0500] conn=4 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [31/May/2017:12:57:03 -0500] conn=4 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [31/May/2017:12:57:03 -0500] conn=4 op=-1 fd=64 closed - SSL peer cannot verify your certificate. |
# tail -f errors [31/May/2017:12:48:42 -0500] - slapd started. Listening on All Interfaces port 7389 for LDAP requests [31/May/2017:12:48:42 -0500] - Listening on All Interfaces port 7390 for LDAPS requests [31/May/2017:12:48:42 -0500] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 [31/May/2017:12:48:42 -0500] NSMMReplicationPlugin - agmt="cn=masterAgreement1-biogendb-p2.wgap.ibm.com-pki-ca" (biogend ion bind with SIMPLE auth failed: LDAP error -11 (Connect error) (TLS error -8054:You are attempting to import a cert wi erial as an existing cert, but that is not the same cert.) [31/May/2017:12:48:45 -0500] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 [31/May/2017:12:48:51 -0500] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 [31/May/2017:12:49:03 -0500] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 [31/May/2017:12:49:27 -0500] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 [31/May/2017:12:50:15 -0500] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 [31/May/2017:12:51:51 -0500] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 ^C |