Rebuilding the pki-tomcat Password File

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 7

Issue

The pki-tomcat password file /etc/pki/pki-tomcat/alias/pwdfile.txt has been removed or deleted.

Resolution

  1. Create the pwdfile.txt as root:

    # touch /etc/pki/pki-tomcat/alias/pwdfile.txt

    It should have the following ownership and rights:

    -r-------- 1 pkiuser pkiuser 13 Aug  1  2017 /etc/pki/pki-tomcat/alias/pwdfile.txt

    This can be achieved via the chown and chmod commands:

    # chown pkiuser:pkiuser /etc/pki/pki-tomcat/alias/pwdfile.txt
# chmod 600 /etc/pki/pki-tomcat/alias/pwdfile.txt

  2. The content of /etc/pki/pki-tomcat/alias/pwdfile.txt should be the exact value shown by internal= in /var/lib/pki/pki-tomcat/conf/password.conf

    # cat  /var/lib/pki/pki-tomcat/conf/password.conf

    Concatenating this file should give you an output with two entries:

    internal=SomeLongStringOfRandomLettersNumbersAndSymbols
replicationdb=StringOfNumbers

    Copy/Paste the the string to the right of internal= into /etc/pki/pki-tomcat/alias/pwdfile.txt excluding internal=

    Or run the following to do everything automatically with one command:

    # cat  /var/lib/pki/pki-tomcat/conf/password.conf |grep internal| cut -d = -f2 > /etc/pki/pki-tomcat/alias/pwdfile.txt

  3. Verify

    # certutil -K -d /etc/pki/pki-tomcat/alias -f /var/lib/pki/pki-tomcat/alias/pwdfile.txt

Root Cause

The pki-tomcat password file was accidentally deleted.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments