Pki-users May 2025

users@lists.dogtagpki.org

2 participants
2 discussions

update-crypto-policies to FUTURE breaks install.

by contact＠entrepreneuraj.com

On a fresh install of Alma Linux 9.6 I ran update-crypto-policies --set FUTURE then rebooted my system. I then attempted to install FreeIPA Server which failed due with the following message: 2025-05-29T12:26:11Z DEBUG The ipa-server-install command failed, exception: RuntimeError: CA configuration failed. 2025-05-29T12:26:11Z ERROR CA configuration failed. 2025-05-29T12:26:11Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information I looked further back in the logs to find: INFO: Creating new temp SSL server cert for ipa1.man-gb.eajglobal.net DEBUG: Command: pki -d /var/lib/pki/pki-tomcat/conf/alias -f /var/lib/pki/pki-tomcat/conf/password.conf nss-cert-request --subject cn=ipa1.man-gb.eajglobal.net,o=2025-05-29 13:25:36 --csr /tmp/tmpdvz_k8lc/sslserver.csr --key-type RSA --key-size 2048 --hash SHA256 --debug FINE: Initializing NSS FINE: Logging into internal token FINE: Using internal token FINE: NSSDatabase: Creating RSA key FINE: NSSDatabase: - size: 2048 FINE: CryptoUtil: Generating KRA key pair FINE: CryptoUtil: - temporary: null FINE: CryptoUtil: - sensitive: null FINE: CryptoUtil: - extractable: null FINE: CryptoUtil: generateRSAKeyPair with key usage FINE: CryptoUtil: generateRSAKeyPair with key usage mask FINE: CryptoUtil: - key size: 2048 WARNING: Ignored jss.crypto.Policy violation: unsafe RSA key size of 2048. Policy.RSA_MINIMUM_KEY_SIZE dictates a minimum of 4096 FINE: NSSDatabase: Creating PKCS #10 request FINE: NSSDatabase: - subjecct: cn=ipa1.man-gb.eajglobal.net,o=2025-05-29 13:25:36 FINE: NSSDatabase: - algorithm: SHA256withRSA FINE: CryptoUtil: Creating PKCS #10 request FINE: CryptoUtil: - algorithm: SHA256withRSA java.security.InvalidKeyException: Token exception occurred: Unable to create signing context: (-8011) Unknown error at org.mozilla.jss.provider.java.security.JSSSignatureSpi.engineInitSign(JSSSignatureSpi.java:60) at java.base/java.security.Signature$Delegate.engineInitSign(Signature.java:1370) at java.base/java.security.Signature.initSign(Signature.java:635) at com.netscape.cmsutil.crypto.CryptoUtil.createPKCS10Request(CryptoUtil.java:1124) at org.dogtagpki.nss.NSSDatabase.createPKCS10Request(NSSDatabase.java:1109) at com.netscape.cmstools.nss.NSSCertRequestCLI.execute(NSSCertRequestCLI.java:152) at org.dogtagpki.cli.CommandCLI.execute(CommandCLI.java:58) at org.dogtagpki.cli.CLI.execute(CLI.java:353) at org.dogtagpki.cli.CLI.execute(CLI.java:353) at org.dogtagpki.cli.CLI.execute(CLI.java:353) at com.netscape.cmstools.cli.MainCLI.execute(MainCLI.java:680) at com.netscape.cmstools.cli.MainCLI.main(MainCLI.java:719) Caused by: org.mozilla.jss.crypto.TokenException: Unable to create signing context: (-8011) Unknown error at org.mozilla.jss.pkcs11.PK11Signature.initSigContext(Native Method) at org.mozilla.jss.pkcs11.PK11Signature.engineInitSign(PK11Signature.java:133) at org.mozilla.jss.crypto.Signature.initSign(Signature.java:56) at org.mozilla.jss.provider.java.security.JSSSignatureSpi.engineInitSign(JSSSignatureSpi.java:56) ... 11 more ERROR: CalledProcessError: Command '['runuser', '-u', 'pkiuser', '--', 'pki', '-d', '/var/lib/pki/pki-tomcat/conf/alias', '-f', '/var/lib/pki/pki-tomcat/conf/password.conf', 'nss-cert-request', '--subject', 'cn=ipa1.man-gb.eajglobal.net,o=2025-05-29 13:25:36', '--csr', '/tmp/tmpdvz_k8lc/sslserver.csr', '--key-type', 'RSA', '--key-size', '2048', '--hash', 'SHA256', '--debug']' returned non-zero exit status 255. File "/usr/lib/python3.9/site-packages/pki/server/pkispawn.py", line 594, in main deployer.spawn() File "/usr/lib/python3.9/site-packages/pki/server/deployment/__init__.py", line 5986, in spawn scriptlet.spawn(self) File "/usr/lib/python3.9/site-packages/pki/server/deployment/scriptlets/configuration.py", line 114, in spawn deployer.create_temp_sslserver_cert() File "/usr/lib/python3.9/site-packages/pki/server/deployment/__init__.py", line 3403, in create_temp_sslserver_cert nssdb.create_request( File "/usr/lib/python3.9/site-packages/pki/nssdb.py", line 1009, in create_request self.__create_request( File "/usr/lib/python3.9/site-packages/pki/nssdb.py", line 1608, in __create_request self.run(cmd, check=True, runas=True) File "/usr/lib/python3.9/site-packages/pki/nssdb.py", line 332, in run result = subprocess.run( File "/usr/lib64/python3.9/subprocess.py", line 528, in run raise CalledProcessError(retcode, process.args, 2025-05-29T12:26:11Z CRITICAL Failed to configure CA instance 2025-05-29T12:26:11Z CRITICAL See the installation logs and the following files/directories for more information: 2025-05-29T12:26:11Z CRITICAL /var/log/pki/pki-tomcat The only log file in /var/log/pki or it's sub directories that had any logs was pki-ca-spawn, the logs are as follows: 2025-05-29 13:25:36 INFO: Connecting to LDAP server at ldap://ipa1.man-gb.eajglobal.net:389 2025-05-29 13:25:36 INFO: Connecting to LDAP server at ldap://ipa1.man-gb.eajglobal.net:389 2025-05-29 13:25:36 INFO: BEGIN spawning CA subsystem in pki-tomcat instance 2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat 2025-05-29 13:25:36 INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf 2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf 2025-05-29 13:25:36 INFO: Loading external certs from /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: File does not exist: /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: Reusing pkiuser group (GID: 17) 2025-05-29 13:25:36 INFO: Reusing pkiuser user (UID: 17) 2025-05-29 13:25:36 DEBUG: Retrieving UID for 'pkiuser' 2025-05-29 13:25:36 DEBUG: UID of 'pkiuser' is 17 2025-05-29 13:25:36 DEBUG: Retrieving GID for 'pkiuser' 2025-05-29 13:25:36 DEBUG: GID of 'pkiuser' is 17 2025-05-29 13:25:36 INFO: Initialization 2025-05-29 13:25:36 INFO: Setting up infrastructure 2025-05-29 13:25:36 INFO: Preparing pki-tomcat instance 2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat 2025-05-29 13:25:36 INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf 2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf 2025-05-29 13:25:36 INFO: Loading external certs from /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: File does not exist: /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/bin to /usr/share/tomcat/bin 2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/tomcat/bin /var/lib/pki/pki-tomcat/bin 2025-05-29 13:25:36 INFO: Creating /etc/pki/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: mkdir /etc/pki/pki-tomcat 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf to /etc/pki/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: ln -s /etc/pki/pki-tomcat /var/lib/pki/pki-tomcat/conf 2025-05-29 13:25:36 INFO: Creating /var/log/pki/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/log/pki/pki-tomcat 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/logs to /var/log/pki/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: ln -s /var/log/pki/pki-tomcat /var/lib/pki/pki-tomcat/logs 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/lib to /usr/share/pki/server/lib 2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/pki/server/lib /var/lib/pki/pki-tomcat/lib 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/common 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/common 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/common/lib to /usr/share/pki/server/common/lib 2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/pki/server/common/lib /var/lib/pki/pki-tomcat/common/lib 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/temp 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/temp 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/work 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/work 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/certs 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/certs 2025-05-29 13:25:36 INFO: Copying /etc/tomcat/server.xml to /var/lib/pki/pki-tomcat/conf/server.xml 2025-05-29 13:25:36 DEBUG: Command: cp /etc/tomcat/server.xml /var/lib/pki/pki-tomcat/conf/server.xml 2025-05-29 13:25:36 INFO: Removing LockOutRealm 2025-05-29 13:25:36 INFO: Removing UserDatabase 2025-05-29 13:25:36 INFO: Updating AccessLogValve 2025-05-29 13:25:36 INFO: Configuring Tomcat admin port 2025-05-29 13:25:36 INFO: Removing AprLifecycleListener 2025-05-29 13:25:36 INFO: Adding PKIListener 2025-05-29 13:25:36 INFO: Configuring HTTP connector 2025-05-29 13:25:36 INFO: Adding HTTPS connector 2025-05-29 13:25:36 INFO: Adding SSL host configuration 2025-05-29 13:25:36 INFO: Adding SSL certificate configuration 2025-05-29 13:25:36 INFO: Adding RewriteValve 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/Catalina 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/Catalina 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/Catalina/localhost 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/Catalina/localhost 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf/Catalina/localhost/rewrite.config to /usr/share/pki/server/conf/Catalina/localhost/rewrite.config 2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/pki/server/conf/Catalina/localhost/rewrite.config /var/lib/pki/pki-tomcat/conf/Catalina/localhost/rewrite.config 2025-05-29 13:25:36 INFO: Adding AJP connector for IPv4 2025-05-29 13:25:36 INFO: Adding AJP connector for IPv6 2025-05-29 13:25:36 INFO: Updating AccessLogValve 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf/catalina.properties to /usr/share/pki/server/conf/catalina.properties 2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/pki/server/conf/catalina.properties /var/lib/pki/pki-tomcat/conf/catalina.properties 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf/context.xml to /etc/tomcat/context.xml 2025-05-29 13:25:36 DEBUG: Command: ln -s /etc/tomcat/context.xml /var/lib/pki/pki-tomcat/conf/context.xml 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf/logging.properties to /usr/share/pki/server/conf/logging.properties 2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/pki/server/conf/logging.properties /var/lib/pki/pki-tomcat/conf/logging.properties 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf/web.xml to /etc/tomcat/web.xml 2025-05-29 13:25:36 DEBUG: Command: ln -s /etc/tomcat/web.xml /var/lib/pki/pki-tomcat/conf/web.xml 2025-05-29 13:25:36 INFO: Using specified server NSS database password 2025-05-29 13:25:36 INFO: Using specified internal database password 2025-05-29 13:25:36 INFO: Generating random replication manager password 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/password.conf 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/alias 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/alias 2025-05-29 13:25:36 INFO: Creating NSS database: /var/lib/pki/pki-tomcat/conf/alias 2025-05-29 13:25:36 DEBUG: Command: certutil -N -d /var/lib/pki/pki-tomcat/conf/alias -f /tmp/tmp2c_5a4u2/internal_password.txt 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/alias to /var/lib/pki/pki-tomcat/conf/alias 2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/conf/alias /var/lib/pki/pki-tomcat/alias 2025-05-29 13:25:36 INFO: Creating /etc/sysconfig/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/sysconfig/pki-tomcat 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/tomcat.conf 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /var/lib/pki/pki-tomcat/conf/tomcat.conf 2025-05-29 13:25:36 INFO: Deploying ROOT web application 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/Catalina/localhost/ROOT.xml 2025-05-29 13:25:36 INFO: Deploying pki web application 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/Catalina/localhost/pki.xml 2025-05-29 13:25:36 INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: mkdir /etc/sysconfig/pki/tomcat/pki-tomcat 2025-05-29 13:25:36 INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/setup/pkidaemon_registry /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat 2025-05-29 13:25:36 INFO: Creating /etc/systemd/system/pki-tomcatd(a)pki-tomcat.service.d 2025-05-29 13:25:36 DEBUG: Command: mkdir /etc/systemd/system/pki-tomcatd(a)pki-tomcat.service.d 2025-05-29 13:25:36 DEBUG: Command: systemctl daemon-reload 2025-05-29 13:25:36 INFO: Linking /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd(a)pki-tomcat.service to /lib/systemd/system/pki-tomcatd@.service 2025-05-29 13:25:36 DEBUG: Command: ln -s /lib/systemd/system/pki-tomcatd@.service /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd(a)pki-tomcat.service 2025-05-29 13:25:36 INFO: Creating CA subsystem 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/ca 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/registry to /etc/sysconfig/pki/tomcat/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: ln -s /etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat/ca/registry 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/ca 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/ca 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/conf to /var/lib/pki/pki-tomcat/conf/ca 2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/conf/ca /var/lib/pki/pki-tomcat/ca/conf 2025-05-29 13:25:36 INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/conf/ca/CS.cfg 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/registry.cfg to /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/registry.cfg /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/logs/ca 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/logs/ca 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/logs to /var/lib/pki/pki-tomcat/logs/ca 2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/logs/ca /var/lib/pki/pki-tomcat/ca/logs 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/logs/ca/archive 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/logs/ca/archive 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/logs/ca/signedAudit 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/logs/ca/signedAudit 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/alias to /var/lib/pki/pki-tomcat/alias 2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/ca/alias 2025-05-29 13:25:36 INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca 2025-05-29 13:25:36 DEBUG: Command: mkdir /etc/sysconfig/pki/tomcat/pki-tomcat/ca 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/server/etc/default.cfg to /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/server/etc/default.cfg /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg 2025-05-29 13:25:36 INFO: Creating /tmp/tmpmh3m7z49/CS.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/CS.cfg /tmp/tmpmh3m7z49/CS.cfg 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/emails to /var/lib/pki/pki-tomcat/conf/ca/emails 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/ca/emails 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJob /var/lib/pki/pki-tomcat/conf/ca/emails/ExpiredUnpublishJob 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJobItem /var/lib/pki/pki-tomcat/conf/ca/emails/ExpiredUnpublishJobItem 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA /var/lib/pki/pki-tomcat/conf/ca/emails/certIssued_CA 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA.html /var/lib/pki/pki-tomcat/conf/ca/emails/certIssued_CA.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA /var/lib/pki/pki-tomcat/conf/ca/emails/certIssued_RA 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA.html /var/lib/pki/pki-tomcat/conf/ca/emails/certIssued_RA.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certRequestRejected.html /var/lib/pki/pki-tomcat/conf/ca/emails/certRequestRejected.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA /var/lib/pki/pki-tomcat/conf/ca/emails/certRevoked_CA 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA.html /var/lib/pki/pki-tomcat/conf/ca/emails/certRevoked_CA.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA /var/lib/pki/pki-tomcat/conf/ca/emails/certRevoked_RA 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA.html /var/lib/pki/pki-tomcat/conf/ca/emails/certRevoked_RA.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/euJob1.html /var/lib/pki/pki-tomcat/conf/ca/emails/euJob1.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/euJob1Item.html /var/lib/pki/pki-tomcat/conf/ca/emails/euJob1Item.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/publishCerts.html /var/lib/pki/pki-tomcat/conf/ca/emails/publishCerts.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/publishCertsItem.html /var/lib/pki/pki-tomcat/conf/ca/emails/publishCertsItem.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA /var/lib/pki/pki-tomcat/conf/ca/emails/reqInQueue_CA 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA.html /var/lib/pki/pki-tomcat/conf/ca/emails/reqInQueue_CA.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA /var/lib/pki/pki-tomcat/conf/ca/emails/reqInQueue_RA 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA.html /var/lib/pki/pki-tomcat/conf/ca/emails/reqInQueue_RA.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/riq1Item.html /var/lib/pki/pki-tomcat/conf/ca/emails/riq1Item.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/riq1Summary.html /var/lib/pki/pki-tomcat/conf/ca/emails/riq1Summary.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1.txt /var/lib/pki/pki-tomcat/conf/ca/emails/rnJob1.txt 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Item.txt /var/lib/pki/pki-tomcat/conf/ca/emails/rnJob1Item.txt 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Summary.txt /var/lib/pki/pki-tomcat/conf/ca/emails/rnJob1Summary.txt 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/emails to /var/lib/pki/pki-tomcat/conf/ca/emails 2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/conf/ca/emails /var/lib/pki/pki-tomcat/ca/emails 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/profiles to /var/lib/pki/pki-tomcat/conf/ca/profiles 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/ca/profiles 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/ca/profiles/ca 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/DomainController.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/DomainController.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/ECAdminCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/ECAdminCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/acmeServerCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/acmeServerCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAdminCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caAdminCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentFileSigning.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caAgentFileSigning.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentServerCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caAgentServerCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAuditSigningCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caAuditSigningCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCACert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCACert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCECUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECserverCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCECserverCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECserverCertWithCRLDP.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCECserverCertWithCRLDP.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECsubsystemCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCECsubsystemCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCauditSigningCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCauditSigningCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCcaCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCcaIssuanceProtectionCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCcaIssuanceProtectionCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraStorageCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCkraStorageCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraTransportCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCkraTransportCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCocspCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCocspCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCserverCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCserverCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCserverCertWithCRLDP.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCserverCertWithCRLDP.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCsubsystemCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCsubsystemCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCrossSignedCACert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCrossSignedCACert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirBasedDualCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDirBasedDualCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirPinUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDirPinUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDirUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserRenewal.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDirUserRenewal.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDualCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualRAuserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDualRAuserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAdminCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECAdminCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAgentServerCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECAgentServerCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirPinUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECDirPinUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECDirUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDualCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECDualCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECFullCMCUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECFullCMCUserSignedCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECInternalAuthServerCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECServerCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCertWithCRLDP.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECServerCertWithCRLDP.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECServerCertWithSCT.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECSimpleCMCUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSubsystemCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECSubsystemCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncECUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caEncECUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caEncUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caFullCMCSharedTokenCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caFullCMCUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caFullCMCUserSignedCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caIPAserviceCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInstallCACert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInstallCACert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthOCSPCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthOCSPCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthServerCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthSubsystemCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthSubsystemCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthTransportCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthTransportCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caJarSigningCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caJarSigningCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caManualRenewal.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caManualRenewal.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOCSPCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caOCSPCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOtherCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caOtherCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRACert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRACert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRARouterCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRARouterCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAagentCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRAagentCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAserverCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRAserverCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRouterCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRouterCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSSLClientSelfRenewal.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSSLClientSelfRenewal.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCertWithCRLDP.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerCertWithCRLDP.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerCertWithSCT.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_DirUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerKeygen_DirUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_UserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerKeygen_UserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSignedLogCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSignedLogCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningECUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSigningECUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSigningUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSimpleCMCUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caStorageCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caStorageCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSubsystemCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSubsystemCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTPSCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTPSCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenMSLoginEnrollment.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenMSLoginEnrollment.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTransportCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTransportCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUUIDdeviceCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caUUIDdeviceCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserSMIMEcapCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caUserSMIMEcapCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/estServiceCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/estServiceCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/AdminCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/AdminCert.cfg 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/profiles to /var/lib/pki/pki-tomcat/conf/ca/profiles 2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/conf/ca/profiles /var/lib/pki/pki-tomcat/ca/profiles 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/flatfile.txt to /var/lib/pki/pki-tomcat/conf/ca/flatfile.txt 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/flatfile.txt /var/lib/pki/pki-tomcat/conf/ca/flatfile.txt 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/rsaAdminCert.profile to /var/lib/pki/pki-tomcat/conf/ca/adminCert.profile 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/rsaAdminCert.profile /var/lib/pki/pki-tomcat/conf/ca/adminCert.profile 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/caAuditSigningCert.profile to /var/lib/pki/pki-tomcat/conf/ca/caAuditSigningCert.profile 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/caAuditSigningCert.profile /var/lib/pki/pki-tomcat/conf/ca/caAuditSigningCert.profile 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/caCert.profile to /var/lib/pki/pki-tomcat/conf/ca/caCert.profile 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/caCert.profile /var/lib/pki/pki-tomcat/conf/ca/caCert.profile 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/caOCSPCert.profile to /var/lib/pki/pki-tomcat/conf/ca/caOCSPCert.profile 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/caOCSPCert.profile /var/lib/pki/pki-tomcat/conf/ca/caOCSPCert.profile 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/rsaServerCert.profile to /var/lib/pki/pki-tomcat/conf/ca/serverCert.profile 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/rsaServerCert.profile /var/lib/pki/pki-tomcat/conf/ca/serverCert.profile 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/rsaSubsystemCert.profile to /var/lib/pki/pki-tomcat/conf/ca/subsystemCert.profile 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/rsaSubsystemCert.profile /var/lib/pki/pki-tomcat/conf/ca/subsystemCert.profile 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/ca/proxy.conf 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/proxy.conf /var/lib/pki/pki-tomcat/conf/ca/proxy.conf 2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat 2025-05-29 13:25:36 INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf 2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf 2025-05-29 13:25:36 INFO: Loading instance Tomcat config: /var/lib/pki/pki-tomcat/conf/tomcat.conf 2025-05-29 13:25:36 INFO: Loading password config: /var/lib/pki/pki-tomcat/conf/password.conf 2025-05-29 13:25:36 INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/conf/ca/CS.cfg 2025-05-29 13:25:36 INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:25:36 INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat 2025-05-29 13:25:36 DEBUG: - user: pkiuser 2025-05-29 13:25:36 DEBUG: - group: pkiuser 2025-05-29 13:25:36 INFO: Loading external certs from /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: File does not exist: /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: Enabling HTTP proxy 2025-05-29 13:25:36 INFO: Setting proxy.securePort to 443 2025-05-29 13:25:36 INFO: Setting proxy.unsecurePort to 80 2025-05-29 13:25:36 INFO: Setting subsystem.1.class to com.netscape.cmscore.profile.LDAPProfileSubsystem 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(signing) 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(signing) 2025-05-29 13:25:36 INFO: Setting ca.signing.nickname to caSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.signing.tokenname to internal 2025-05-29 13:25:36 INFO: Setting ca.cert.signing.nickname to caSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.signing.defaultSigningAlgorithm to SHA256withRSA 2025-05-29 13:25:36 INFO: Setting ca.crl.MasterCRL.signingAlgorithm to SHA256withRSA 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(ocsp_signing) 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(ocsp_signing) 2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.nickname to ocspSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.tokenname to internal 2025-05-29 13:25:36 INFO: Setting ca.cert.ocsp_signing.nickname to ocspSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.defaultSigningAlgorithm to SHA256withRSA 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(sslserver) 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(sslserver) 2025-05-29 13:25:36 INFO: Setting ca.sslserver.nickname to Server-Cert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.sslserver.tokenname to internal 2025-05-29 13:25:36 INFO: Setting ca.cert.sslserver.nickname to Server-Cert cert-pki-ca 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(subsystem) 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(subsystem) 2025-05-29 13:25:36 INFO: Setting ca.subsystem.nickname to subsystemCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.subsystem.tokenname to internal 2025-05-29 13:25:36 INFO: Setting ca.cert.subsystem.nickname to subsystemCert cert-pki-ca 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(audit_signing) 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(audit_signing) 2025-05-29 13:25:36 INFO: Setting ca.audit_signing.nickname to auditSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.audit_signing.tokenname to internal 2025-05-29 13:25:36 INFO: Setting ca.cert.audit_signing.nickname to auditSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.signing.certnickname to caSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.signing.cacertnickname to caSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.certnickname to ocspSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.cacertnickname to ocspSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting log.instance.SignedAudit.signedAuditCertNickname to auditSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Injecting SAN: False 2025-05-29 13:25:36 INFO: SSL server cert SAN: 2025-05-29 13:25:36 INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/conf/ca/CS.cfg 2025-05-29 13:25:36 INFO: Storing registry config: /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:25:36 DEBUG: Command: mkdir /root/.dogtag 2025-05-29 13:25:36 DEBUG: Command: mkdir /root/.dogtag/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: mkdir /root/.dogtag/pki-tomcat/ca 2025-05-29 13:25:36 INFO: Creating password file: /root/.dogtag/pki-tomcat/ca/password.conf 2025-05-29 13:25:36 INFO: Storing PKCS #12 password in /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf 2025-05-29 13:25:36 DEBUG: Command: mkdir /root/.dogtag/pki-tomcat/ca/alias 2025-05-29 13:25:36 DEBUG: Command: certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf 2025-05-29 13:25:36 INFO: Creating SELinux contexts 2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/restorecon -R -v /var/lib/pki/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/restorecon -R -v /var/log/pki 2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/restorecon -R -v /var/log/pki/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/restorecon -R -v /etc/pki/pki-tomcat 2025-05-29 13:25:36 INFO: Generating system keys 2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat 2025-05-29 13:25:36 INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf 2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf 2025-05-29 13:25:36 INFO: Loading instance Tomcat config: /var/lib/pki/pki-tomcat/conf/tomcat.conf 2025-05-29 13:25:36 INFO: Loading password config: /var/lib/pki/pki-tomcat/conf/password.conf 2025-05-29 13:25:36 INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/conf/ca/CS.cfg 2025-05-29 13:25:36 INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:25:36 INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat 2025-05-29 13:25:36 DEBUG: - user: pkiuser 2025-05-29 13:25:36 DEBUG: - group: pkiuser 2025-05-29 13:25:36 INFO: Loading external certs from /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: File does not exist: /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: Fapolicy folder not found. Rule configuration skipped 2025-05-29 13:25:36 INFO: Configuring subsystem 2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat 2025-05-29 13:25:36 INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf 2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf 2025-05-29 13:25:36 INFO: Loading instance Tomcat config: /var/lib/pki/pki-tomcat/conf/tomcat.conf 2025-05-29 13:25:36 INFO: Loading password config: /var/lib/pki/pki-tomcat/conf/password.conf 2025-05-29 13:25:36 INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/conf/ca/CS.cfg 2025-05-29 13:25:36 INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:25:36 INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat 2025-05-29 13:25:36 DEBUG: - user: pkiuser 2025-05-29 13:25:36 DEBUG: - group: pkiuser 2025-05-29 13:25:36 INFO: Loading external certs from /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: File does not exist: /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: Setting internaldb.ldapconn.secureConn to false 2025-05-29 13:25:36 INFO: Setting internaldb.ldapconn.host to ipa1.man-gb.eajglobal.net 2025-05-29 13:25:36 INFO: Setting internaldb.ldapconn.port to 389 2025-05-29 13:25:36 INFO: Setting internaldb.ldapauth.bindDN to cn=Directory Manager 2025-05-29 13:25:36 INFO: Setting internaldb.basedn to o=ipaca 2025-05-29 13:25:36 INFO: Setting internaldb.database to ipaca 2025-05-29 13:25:36 INFO: Setting dbs.request.id.generator to legacy 2025-05-29 13:25:36 INFO: Setting dbs.beginRequestNumber to 1 2025-05-29 13:25:36 INFO: Setting dbs.endRequestNumber to 10000000 2025-05-29 13:25:36 INFO: Setting dbs.requestIncrement to 10000000 2025-05-29 13:25:36 INFO: Setting dbs.requestLowWaterMark to 2000000 2025-05-29 13:25:36 INFO: Setting dbs.requestCloneTransferNumber to 10000 2025-05-29 13:25:36 INFO: Setting dbs.beginRequestNumber to 1 2025-05-29 13:25:36 INFO: Setting dbs.endRequestNumber to 10000000 2025-05-29 13:25:36 INFO: Setting dbs.requestRangeDN to ou=requests,ou=ranges 2025-05-29 13:25:36 INFO: Setting dbs.cert.id.generator to legacy 2025-05-29 13:25:36 INFO: Setting dbs.beginSerialNumber to 1 2025-05-29 13:25:36 INFO: Setting dbs.endSerialNumber to 10000000 2025-05-29 13:25:36 INFO: Setting dbs.serialIncrement to 10000000 2025-05-29 13:25:36 INFO: Setting dbs.serialLowWaterMark to 2000000 2025-05-29 13:25:36 INFO: Setting dbs.serialCloneTransferNumber to 10000 2025-05-29 13:25:36 INFO: Setting dbs.randomSerialNumberCounter to 0 2025-05-29 13:25:36 INFO: Setting dbs.beginSerialNumber to 1 2025-05-29 13:25:36 INFO: Setting dbs.endSerialNumber to 10000000 2025-05-29 13:25:36 INFO: Setting dbs.serialRangeDN to ou=certificateRepository,ou=ranges 2025-05-29 13:25:36 INFO: Setting dbs.beginReplicaNumber to 1 2025-05-29 13:25:36 INFO: Setting dbs.endReplicaNumber to 100 2025-05-29 13:25:36 INFO: Setting ca.defaultOcspUri to http://ipa-ca.eajglobal.uk/ca/ocsp 2025-05-29 13:25:36 INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/conf/ca/CS.cfg 2025-05-29 13:25:36 INFO: Storing registry config: /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:25:36 DEBUG: PKIDeployer.import_system_certs() 2025-05-29 13:25:36 DEBUG: import_system_cert 2025-05-29 13:25:36 DEBUG: import_system_cert 2025-05-29 13:25:36 DEBUG: import_system_cert 2025-05-29 13:25:36 DEBUG: import_system_cert 2025-05-29 13:25:36 DEBUG: import_system_cert 2025-05-29 13:25:36 INFO: Checking existing cert chain: caSigningCert External CA 2025-05-29 13:25:36 DEBUG: NSSDatabase.get_cert(caSigningCert External CA) begins 2025-05-29 13:25:36 DEBUG: Command: certutil -L -d /var/lib/pki/pki-tomcat/conf/alias -f /tmp/tmpvynqogd4/password.txt -n caSigningCert External CA -a 2025-05-29 13:25:36 DEBUG: stdout: -1 2025-05-29 13:25:36 DEBUG: NSSDatabase: stderr: certutil: Could not find cert: caSigningCert External CA : PR_FILE_NOT_FOUND_ERROR: File not found 2025-05-29 13:25:36 DEBUG: Cert not found: caSigningCert External CA 2025-05-29 13:25:36 INFO: Updating system certs 2025-05-29 13:25:36 INFO: Setting ca.signing.cacertnickname to caSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.signing.defaultSigningAlgorithm to SHA256withRSA 2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.defaultSigningAlgorithm to SHA256withRSA 2025-05-29 13:25:36 INFO: Setting ca.audit_signing.defaultSigningAlgorithm to SHA256withRSA 2025-05-29 13:25:36 INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/conf/ca/CS.cfg 2025-05-29 13:25:36 INFO: Storing registry config: /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(sslserver) 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(sslserver) 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_nssdb_cert_info(sslserver) 2025-05-29 13:25:36 DEBUG: NSSDatabase.get_cert_info(Server-Cert cert-pki-ca) begins 2025-05-29 13:25:36 DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) begins 2025-05-29 13:25:36 DEBUG: Command: certutil -L -d /var/lib/pki/pki-tomcat/conf/alias -f /tmp/tmpngg9k4eu/password.txt -n Server-Cert cert-pki-ca -a 2025-05-29 13:25:36 DEBUG: stdout: -1 2025-05-29 13:25:36 DEBUG: NSSDatabase: stderr: certutil: Could not find cert: Server-Cert cert-pki-ca : PR_FILE_NOT_FOUND_ERROR: File not found 2025-05-29 13:25:36 DEBUG: Cert not found: Server-Cert cert-pki-ca 2025-05-29 13:25:36 INFO: Updating /var/lib/pki/pki-tomcat/conf/serverCertNick.conf 2025-05-29 13:25:36 INFO: Updating serverCertNickFile in server.xml 2025-05-29 13:25:36 INFO: Creating new security domain 2025-05-29 13:25:36 INFO: Setting securitydomain.host to ipa1.man-gb.eajglobal.net 2025-05-29 13:25:36 INFO: Setting securitydomain.httpport to 8080 2025-05-29 13:25:36 INFO: Setting securitydomain.httpsadminport to 8443 2025-05-29 13:25:36 INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/conf/ca/CS.cfg 2025-05-29 13:25:36 INFO: Storing registry config: /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:25:36 INFO: Removing existing database 2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-17-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-remove --force --debug 2025-05-29 13:25:38 INFO: Creating database 2025-05-29 13:25:38 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-17-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-create --debug 2025-05-29 13:25:40 INFO: Initializing database 2025-05-29 13:25:40 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-17-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-init --debug 2025-05-29 13:26:00 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-17-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-access-grant --debug uid=pkidbuser,ou=people,o=ipaca 2025-05-29 13:26:01 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-17-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-index-add --debug 2025-05-29 13:26:03 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-17-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-vlv-add --debug 2025-05-29 13:26:05 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-17-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-vlv-reindex --debug 2025-05-29 13:26:07 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-17-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-profile-import --input-folder /usr/share/pki/ca/profiles/ca --debug 2025-05-29 13:26:09 INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/conf/ca/CS.cfg 2025-05-29 13:26:09 INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:26:09 INFO: Request ID generator: legacy 2025-05-29 13:26:09 INFO: Enabling CA subsystem 2025-05-29 13:26:09 INFO: Deploying ca web application 2025-05-29 13:26:09 INFO: Creating /var/lib/pki/pki-tomcat/conf/Catalina/localhost/ca.xml 2025-05-29 13:26:09 INFO: Creating temporary SSL server cert 2025-05-29 13:26:09 INFO: Updating /var/lib/pki/pki-tomcat/conf/serverCertNick.conf 2025-05-29 13:26:09 INFO: Updating serverCertNickFile in server.xml 2025-05-29 13:26:09 INFO: Checking existing temp SSL server cert: temp Server-Cert cert-pki-ca 2025-05-29 13:26:09 DEBUG: NSSDatabase.get_cert(temp Server-Cert cert-pki-ca) begins 2025-05-29 13:26:09 DEBUG: Command: certutil -L -d /var/lib/pki/pki-tomcat/conf/alias -f /tmp/tmp9l_1_dt_/password.txt -n temp Server-Cert cert-pki-ca -a 2025-05-29 13:26:09 DEBUG: stdout: -1 2025-05-29 13:26:09 DEBUG: NSSDatabase: stderr: certutil: Could not find cert: temp Server-Cert cert-pki-ca : PR_FILE_NOT_FOUND_ERROR: File not found 2025-05-29 13:26:09 DEBUG: Cert not found: temp Server-Cert cert-pki-ca 2025-05-29 13:26:09 INFO: Creating new temp SSL server cert for ipa1.man-gb.eajglobal.net 2025-05-29 13:26:09 DEBUG: Command: pki -d /var/lib/pki/pki-tomcat/conf/alias -f /var/lib/pki/pki-tomcat/conf/password.conf nss-cert-request --subject cn=ipa1.man-gb.eajglobal.net,o=2025-05-29 13:25:36 --csr /tmp/tmpdvz_k8lc/sslserver.csr --key-type RSA --key-size 2048 --hash SHA256 --debug Restoring a snapshot prior to freeipa-server-install and setting update-crypto-policies --set DEFAULT and rebooting allows the install to run without issue.

3 months, 3 weeks

1
0
0 / 0

Problem with Java versions

by Arno Lehmann

Hi all, I have recently upgraded my dogtag's foundation to Fedora 41 and then found I had to do some maintenance work. The system is up to date: [root@ca2 ~]# pki-server --version PKI Server Command-Line Interface 11.6.0-1 [root@ca2 ~]# pki-server status <censored> Instance ID: <censored> Active: True Nuxwdog Enabled: False Unsecure Port: 8080 Secure Port: 8443 Tomcat Port: 8005 CA Subsystem: SD Manager: True SD Name: IT-Service Lehmann <censored> SD Registration URL: https://<xensored>.de:8443 Enabled: True <snip more details> The result trying my maintenance task was the following: # LANG=C pki-server ca-user-cert-find caadmin -i <censored> Error: LinkageError occurred while loading main class org.dogtagpki.server.cli.PKIServerCLI java.lang.UnsupportedClassVersionError: org/dogtagpki/server/cli/PKIServerCLI has been compiled by a more recent version of the Java Runtime (class file version 61.0), this version of the Java Runtime only recognizes class file versions up to 55.0 So I checked, found that the dogtag dev guide indicates that openjdk-17 should be a good choice. However, I found that I seem to use a current Java environment by default: [root@ca2 ~]# java --version openjdk 21.0.7 2025-04-15 OpenJDK Runtime Environment (Red_Hat-21.0.7.0.6-1) (build 21.0.7+6) OpenJDK 64-Bit Server VM (Red_Hat-21.0.7.0.6-1) (build 21.0.7+6, mixed mode, sharing) I also found that I have older versions installed still -- OpenJDK 11 and 1.8. I removed those using dnf, verified I use JDK17 by default with 'alternatives java', retried the pki-server program, and -- [root@ca2 ~]# LANG=C pki-server ca-user-cert-find caadmin -i <censored> runuser: failed to execute /usr/lib/jvm/jre-11-openjdk/bin/java: No such file or directory Looks like there's a particular ja aversion or path hardcoded somewhere, and after several generations of updates of this system, some inconsistency developed. The result being I can't play with my CA anymore. Any advice so I can continue playing, learning, and actually using my CA instance? Thanks, Arno -- Arno Lehmann IT-Service Lehmann Sandstr. 6, 49080 Osnabrück

4 months, 2 weeks

1
0
0 / 0

← Newer
1
Older →

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-users May 2025