Hi Dave,
You may find the following link useful:
https://uimon.cern.ch/twiki/bin/view/LCG/TheLCGTroubleshootingGuide#How_to_replace_host_certificates
Last resort is to perform YAIM's configure_node script again, this will
certainly do the trick, but it may interfere with the customizations you have
done. You may also try to execute the following YAIM functions:
config_host_certs
config_rgma_server
config_rgma_client
Best regards, Antun
-----
Antun Balaz
Research Assistant
E-mail: [log in to unmask]
Web: http://scl.phy.bg.ac.yu/
Phone: +381 11 3160260, Ext. 152
Fax: +381 11 3162190
Scientific Computing Laboratory
Institute of Physics, Belgrade, Serbia
-----
---------- Original Message -----------
From: "Kant, D (Dave)" <[log in to unmask]>
To: [log in to unmask]
Sent: Wed, 6 Dec 2006 12:58:10 -0000
Subject: [LCG-ROLLOUT] Host Certificate renewal on RGMA MON
> Hi,
>
> I have renewed the host certificate on the APEL accounting
> archiver and tried to re-start the tomcat, then the flexy archiver service.
> The certificate looks fine and has been copied to the various
> locations. But, we have lots of certificate related errors when
> starting tomcat services. Any suggestions?
>
> Dave
>
> [root@goc01 grid-security]# ls -l `locate hostkey`
> -r-------- 1 root root 1202 Dec 6 10:41
/etc/grid-security/hostkey.pem
> -r-------- 1 tomcat4 tomcat4 1202 Dec 6 10:46 /etc/tomcat5/hostkey.pem
> -r-------- 1 rgma rgma 1202 Dec 6 10:45
/opt/glite/var/rgma/.certs/hostkey.pem
>
> [root@goc01 grid-security]# ls -l `locate hostcert`
> -r-------- 1 root root 1989 Dec 6 10:40
/etc/grid-security/hostcert.pem
> -r-------- 1 tomcat4 tomcat4 1989 Dec 6 10:44
/etc/tomcat5/hostcert.pem
> -r-------- 1 rgma rgma 1989 Dec 6 10:45
/opt/glite/var/rgma/.certs/hostcert.pem
>
> [root@goc01 grid-security]# openssl verify -CApath /etc/grid-
> security/certificates/ hostcert.pem hostcert.pem: OK
>
> [root@goc01 grid-security]# tail -150
> /usr/share/tomcat5/logs/catalina.out | less
>
> INFO: Installing web application at context path /webdav from URL
file:/var/lib/tomcat5/webapps/webdav
> java.io.IOException: problem creating RSA private key:
> java.io.IOException: No password finder specified, but a password is
> required at
> org.bouncycastle.openssl.PEMReader.readObject(PEMReader.java:113)
> at
> org.glite.security.util.PrivateKeyReader.read(PrivateKeyReader.java:78)
at
org.glite.security.util.KeyStoreGenerator.generate(KeyStoreGenerator.java:59)
at
org.glite.security.trustmanager.UpdatingKeyManager.loadKeystore(UpdatingKeyManager.java:190)
at
org.glite.security.trustmanager.UpdatingKeyManager.<init>(UpdatingKeyManager.java:106)
at
org.glite.security.trustmanager.ContextWrapper.initKeyManagers(ContextWrapper.java:338)
at
org.glite.security.trustmanager.ContextWrapper.init(ContextWrapper.java:285)
at
org.glite.security.trustmanager.ContextWrapper.<init>(ContextWrapper.java:161)
at
org.glite.security.trustmanager.tomcat.TMSSLServerSocketFactory.initProxy(TMSSLServerSocketFactory.java:298)
at
org.glite.security.trustmanager.tomcat.TMSSLServerSocketFactory.init(TMSSLServerSocketFactory.java:185)
at
org.glite.security.trustmanager.tomcat.TMSSLServerSocketFactory.createSocket(TMSSLServerSocketFactory.java:106)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:259)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:281)
at
org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:171)
at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1527)
at
org.apache.catalina.core.StandardService.start(StandardService.java:489)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313)
at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324) at
org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287) at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425) SEVERE: Server
socket factory creation failed: java.security.cert.CertificateException:
Identity reading failed: problem creating RSA private key: jav
> a.io.IOException: No password finder specified, but a password is required
> java.security.cert.CertificateException: Identity reading failed:
> problem creating RSA private key: java.io.IOException: No password
> finder specified, but a password is required at
>
org.glite.security.trustmanager.UpdatingKeyManager.loadKeystore(UpdatingKeyManager.java:216)
at
org.glite.security.trustmanager.UpdatingKeyManager.<init>(UpdatingKeyManager.java:106)
at
org.glite.security.trustmanager.ContextWrapper.initKeyManagers(ContextWrapper.java:338)
at
org.glite.security.trustmanager.ContextWrapper.init(ContextWrapper.java:285)
at
org.glite.security.trustmanager.ContextWrapper.<init>(ContextWrapper.java:161)
at
org.glite.security.trustmanager.tomcat.TMSSLServerSocketFactory.initProxy(TMSSLServerSocketFactory.java:298)
at
org.glite.security.trustmanager.tomcat.TMSSLServerSocketFactory.init(TMSSLServerSocketFactory.java:185)
at
org.glite.security.trustmanager.tomcat.TMSSLServerSocketFactory.createSocket(TMSSLServerSocketFactory.java:106)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:259)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:281)
at
org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:171)
at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1527)
at
org.apache.catalina.core.StandardService.start(StandardService.java:489)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313)
at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324) at
org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287) at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)
> 06-Dec-2006 12:50:57 org.apache.coyote.http11.Http11Protocol start
------- End of Original Message -------
|