Rebuilding the pki-tomcat Password File
Environment
- Red Hat Enterprise Linux 7
Issue
The pki-tomcat password file /etc/pki/pki-tomcat/alias/pwdfile.txt
has been removed or deleted.
Resolution
-
Create the
pwdfile.txt
as root:# touch /etc/pki/pki-tomcat/alias/pwdfile.txt
It should have the following ownership and rights:
-r-------- 1 pkiuser pkiuser 13 Aug 1 2017 /etc/pki/pki-tomcat/alias/pwdfile.txt
This can be achieved via the chown and chmod commands:
# chown pkiuser:pkiuser /etc/pki/pki-tomcat/alias/pwdfile.txt # chmod 600 /etc/pki/pki-tomcat/alias/pwdfile.txt
-
The content of
/etc/pki/pki-tomcat/alias/pwdfile.txt
should be the exact value shown byinternal=
in/var/lib/pki/pki-tomcat/conf/password.conf
# cat /var/lib/pki/pki-tomcat/conf/password.conf
Concatenating this file should give you an output with two entries:
internal=SomeLongStringOfRandomLettersNumbersAndSymbols replicationdb=StringOfNumbers
Copy/Paste the the string to the right of
internal=
into/etc/pki/pki-tomcat/alias/pwdfile.txt
excludinginternal=
Or run the following to do everything automatically with one command:
# cat /var/lib/pki/pki-tomcat/conf/password.conf |grep internal| cut -d = -f2 > /etc/pki/pki-tomcat/alias/pwdfile.txt
-
Verify
# certutil -K -d /etc/pki/pki-tomcat/alias -f /var/lib/pki/pki-tomcat/alias/pwdfile.txt
Root Cause
The pki-tomcat password file was accidentally deleted.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments