IPA: pki-tomcatd service start failing with error UNKNOWN CA"
Issue
Pki-tomcatd
service start is failing with below error.
[12/May/2021:15:56:07][localhost-startStop-1]: ldapconn/PKISocketFactory.makeSSLSocket: begins
[12/May/2021:15:56:07][localhost-startStop-1]: SSLClientCertificateSelectionCB: Setting desired cert nickname to: subsystemCert cert-pki-ca
[12/May/2021:15:56:07][localhost-startStop-1]: LdapJssSSLSocket: set client auth cert nickname subsystemCert cert-pki-ca
[12/May/2021:15:56:07][localhost-startStop-1]: PKIClientSocketListener.alertSent: begins
[12/May/2021:15:56:07][localhost-startStop-1]: PKIClientSocketListener.alertSent: got description:48
[12/May/2021:15:56:07][localhost-startStop-1]: PKIClientSocketListener.alertSent: got reason:UNKNOWN_CA
[12/May/2021:15:56:07][localhost-startStop-1]: SignedAuditLogger: event CLIENT_ACCESS_SESSION_ESTABLISH
[12/May/2021:15:56:07][localhost-startStop-1]: LogFile: event type not selected: CLIENT_ACCESS_SESSION_ESTABLISH
[12/May/2021:15:56:07][localhost-startStop-1]: PKIClientSocketListener.alertSent: CS_CLIENT_ACCESS_SESSION_ESTABLISH_FAILURE
[12/May/2021:15:56:07][localhost-startStop-1]: PKIClientSocketListener.alertSent: clientIP=192.168.122.204 serverIP=192.168.122.204 serverPort=31746
reason=UNKNOWN_CA
[12/May/2021:15:56:07][localhost-startStop-1]: SignedAuditLogger: event CLIENT_ACCESS_SESSION_ESTABLISH
[12/May/2021:15:56:07][localhost-startStop-1]: LogFile: event type not selected: CLIENT_ACCESS_SESSION_ESTABLISH
org.mozilla.jss.ssl.SSLSocketException: org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8172) Peer's certificate issuer has been
marked as not trusted by the user.
.
.
Could not connect to LDAP server host ipa-x1.pao.mmracks.internal port 636 Error netscape.ldap.LDAPException: Unable to create socket:
org.mozilla.jss.ssl.SSLSocketException: org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8172) Peer's certificate issuer has been
marked as not trusted by the user. (-1)
Environment
- IPA 4.x
- Red Hat Enterprise Linux 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.