HowTo: Restore missing pki-tomcatd certificates from /etc/pki/pki-tomcat/ca/CS.cfg

Solution Verified - Updated -


  • Accidentally removed certificates from /etc/pki/pki-tomcat/alias
  • [main] SEVERE: Object certificate not found. Error Certificate not found: ocspSigningCert cert-pki-ca in /var/log/pki/pki-tomcat/ca/debug.<date>.log
  • pki-tomcatd failed because ocspSigningCert is missing


  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 7
  • Red Hat Identity Management (IdM)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In