Rebuilding the pki-tomcat Password File

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 7

Issue

The pki-tomcat password file /etc/pki/pki-tomcat/alias/pwdfile.txt has been removed or deleted.

Resolution

  1. Create the pwdfile.txt as root:

    # touch /etc/pki/pki-tomcat/alias/pwdfile.txt
    

    It should have the following ownership and rights:

    -r-------- 1 pkiuser pkiuser 13 Aug  1  2017 /etc/pki/pki-tomcat/alias/pwdfile.txt
    

    This can be achieved via the chown and chmod commands:

    # chown pkiuser:pkiuser /etc/pki/pki-tomcat/alias/pwdfile.txt
    # chmod 600 /etc/pki/pki-tomcat/alias/pwdfile.txt
    
  2. The content of /etc/pki/pki-tomcat/alias/pwdfile.txt should be the exact value shown by internal= in /var/lib/pki/pki-tomcat/conf/password.conf

    # cat  /var/lib/pki/pki-tomcat/conf/password.conf 
    

    Concatenating this file should give you an output with two entries:

    internal=SomeLongStringOfRandomLettersNumbersAndSymbols
    replicationdb=StringOfNumbers
    

    Copy/Paste the the string to the right of internal= into /etc/pki/pki-tomcat/alias/pwdfile.txt excluding internal=

    Or run the following to do everything automatically with one command:

    # cat  /var/lib/pki/pki-tomcat/conf/password.conf |grep internal| cut -d = -f2 > /etc/pki/pki-tomcat/alias/pwdfile.txt
    
  3. Verify

    # certutil -K -d /etc/pki/pki-tomcat/alias -f /var/lib/pki/pki-tomcat/alias/pwdfile.txt
    

Root Cause

The pki-tomcat password file was accidentally deleted.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments