[Pki-users] Unable to connect to Secure Admin Port

Dear all, For the past few days, I've been struggling trying to set up our dogtag-based PKI. Unfortunately, I am unable to access the Secure Admin Port / Configuration Wizard (https://...:9445/...), probably due to Tomcat failing to open SSL sockets. - Configuration : clean RHEL5u4 ; - Installed pki-ca-1.3.0 (tried 1.3.2 too) from EPEL, with all its dependencies (except jss-4.2.6, which is installed from EPEL-testing) ; - tomcatjss-1.2.0 is installed as a dependency too. There is no "tomcat5-native" package installed, and LANG is set to C, all to no avail. After manually creating user 'pkiuser' (pki-setup 1.3.1 does not automatically create this user) , "pkicreate" (with parameters from the root CA example) yields the following errors in /var/log/pki-ca/catalina.out : ... org.apache.coyote.http11.Http11BaseProtocol init SEVERE: Error initializing socket factory java.lang.ClassNotFoundException: Error loading SSL Implementation org.apache.tomcat.util.net.jss.JSSImplementation :java.lang.ClassNotFoundException: org.apache.tomcat.util.net.jss.JSSImplementation at org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplementation.java:79) at org.apache.coyote.http11.Http11BaseProtocol.checkSocketFactory(Http11BaseProtocol.java:731) at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:121) at org.apache.catalina.connector.Connector.initialize(Connector.java:1017) at org.apache.catalina.core.StandardService.initialize(StandardService.java:578) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782) at org.apache.catalina.startup.Catalina.load(Catalina.java:504) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) Feb 25, 2010 1:52:12 PM org.apache.catalina.startup.Catalina load SEVERE: Catalina.start LifecycleException: Protocol handler initialization failed: java.lang.ClassNotFoundException: Error loading SSL Implementation org.apache.tomcat.util.net.jss.JSSImplementation :java.lang.ClassNotFoundException: org.apache.tomcat.util.net.jss.JSSImplementation at org.apache.catalina.connector.Connector.initialize(Connector.java:1019) at org.apache.catalina.core.StandardService.initialize(StandardService.java:578) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782) at org.apache.catalina.startup.Catalina.load(Catalina.java:504) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) ... Strangely enough, connections are set up on e.g. the Agent Secure Port (9443), but neither on the EE Secure Port (9444) : # lsof |grep pkiuser |grep TCP java 28349 pkiuser 71u IPv6 1445890 TCP *:9180 (LISTEN) java 28349 pkiuser 76u IPv6 1445899 TCP *:9443 (LISTEN) java 28349 pkiuser 77u IPv6 1445900 TCP localhost.localdomain:9701 (LISTEN) Both '/etc/pki-ca/tomcat5.conf' and '/etc/pki-ca/server.xml' look valid (disclaimer: I am a Tomcat novice). Stracing (-e trace=file) the pki-cad process yields nothing useful, except for the fact that tomcatjss.jar seems to be nowhere accessed. When manually adding ":/usr/share/java/tomcatjss.jar" to the CLASSPATH variable in '/usr/bin/dtomcat5-pki-ca', Tomcat throws these exceptions in catalina.out : ... org.apache.coyote.http11.Http11BaseProtocol init INFO: Initializing Coyote HTTP/1.1 on http-9180 java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) Caused by: java.lang.NoClassDefFoundError: org/apache/tomcat/util/net/SSLImplementation at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:632) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142) at java.net.URLClassLoader.defineClass(URLClassLoader.java:277) at java.net.URLClassLoader.access$000(URLClassLoader.java:73) at java.net.URLClassLoader$1.run(URLClassLoader.java:212) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:205) at java.lang.ClassLoader.loadClass(ClassLoader.java:319) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294) at java.lang.ClassLoader.loadClass(ClassLoader.java:312) at java.lang.ClassLoader.loadClass(ClassLoader.java:312) at java.lang.ClassLoader.loadClass(ClassLoader.java:264) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:332) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:186) at org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplementation.java:73) at org.apache.coyote.http11.Http11BaseProtocol.checkSocketFactory(Http11BaseProtocol.java:731) at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:121) at org.apache.catalina.connector.Connector.initialize(Connector.java:1017) at org.apache.catalina.core.StandardService.initialize(StandardService.java:578) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782) at org.apache.catalina.startup.Catalina.load(Catalina.java:504) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) ... 6 more Caused by: java.lang.ClassNotFoundException: org.apache.tomcat.util.net.SSLImplementation at java.net.URLClassLoader$1.run(URLClassLoader.java:217) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:205) at java.lang.ClassLoader.loadClass(ClassLoader.java:319) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294) at java.lang.ClassLoader.loadClass(ClassLoader.java:264) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:332) ... 30 more As a last resort, I created a tomcat keystore too, but as this is nowhere mentioned in the docs, I guess this is way off. I would be grateful for any clue whatsoever. Best regards, Didier -- =================================================================== Didier Moens IT services Department for Molecular Biomedical Research (DMBR) VIB - Ghent University Fiers-Schell-Van Montagu Research Building Technologiepark 927 , B-9052 Zwijnaarde , Belgium tel ++32(9)3313605 fax ++32(9)3313609 mailto:Didier.Moens@dmbr.vib-UGent.be http://www.dmbr.UGent.be =================================================================== This message represents the official view of the voices in my head.