Bug 1214859

[root@cloud-qe-7 ~]# rpm -qi tomcatjss
Name        : tomcatjss
Version     : 7.1.2
Release     : 1.el7
Architecture: noarch
Install Date: Wed 26 Aug 2015 03:46:46 PM EDT
Group       : System Environment/Libraries
Size        : 49694
License     : LGPLv2+
Signature   : RSA/SHA256, Wed 05 Aug 2015 06:20:33 AM EDT, Key ID 938a80caf21541eb
Source RPM  : tomcatjss-7.1.2-1.el7.src.rpm
Build Date  : Thu 23 Apr 2015 05:16:52 PM EDT
Build Host  : ppc-020.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://pki.fedoraproject.org/
Summary     : JSSE implementation using JSS for Tomcat


[root@cloud-qe-7 ~]# rpm -qi nuxwdog
Name        : nuxwdog
Version     : 1.0.3
Release     : 2.el7
Architecture: x86_64
Install Date: Wed 26 Aug 2015 03:45:21 PM EDT
Group       : System Environment/Libraries
Size        : 119114
License     : LGPLv2 and (GPL+ or Artistic)
Signature   : RSA/SHA256, Wed 05 Aug 2015 04:36:27 AM EDT, Key ID 938a80caf21541eb
Source RPM  : nuxwdog-1.0.3-2.el7.src.rpm
Build Date  : Wed 17 Jun 2015 05:02:06 PM EDT
Build Host  : x86-018.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://www.redhat.com/certificate_system
Summary     : Watchdog server to start and stop processes, and prompt for passwords


[root@cloud-qe-7 ~]# rpm -qi pki-ca
Name        : pki-ca
Version     : 10.2.5
Release     : 5.el7
Architecture: noarch
Install Date: Wed 26 Aug 2015 03:46:58 PM EDT
Group       : System Environment/Daemons
Size        : 2429116
License     : GPLv2
Signature   : RSA/SHA256, Mon 17 Aug 2015 10:24:33 AM EDT, Key ID 938a80caf21541eb
Source RPM  : pki-core-10.2.5-5.el7.src.rpm
Build Date  : Wed 12 Aug 2015 09:51:40 PM EDT
Build Host  : ppc-034.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Certificate Authority

Verification steps:

[root@cloud-qe-7 ~]# pkispawn 

IMPORTANT:

    Interactive installation currently only exists for very basic deployments!

    For example, deployments intent upon using advanced features such as:

        * Cloning,
        * Elliptic Curve Cryptography (ECC),
        * External CA,
        * Hardware Security Module (HSM),
        * Subordinate CA,
        * etc.,

    must provide the necessary override parameters in a separate
    configuration file.

    Run 'man pkispawn' for details.

Subsystem (CA/KRA/OCSP/TKS/TPS) [CA]: 

Tomcat:
  Instance [pki-tomcat]: 
  HTTP port [8080]: 
  Secure HTTP port [8443]: 
  AJP port [8009]: 
  Management port [8005]: 

Administrator:
  Username [caadmin]: 
  Password: 
  Verify password: 
  Import certificate (Yes/No) [N]? 
  Export certificate to [/root/.dogtag/pki-tomcat/ca_admin.cert]: 
Directory Server:
  Hostname [cloud-qe-7.idmqe.lab.eng.bos.redhat.com]: 
  Use a secure LDAPS connection (Yes/No/Quit) [N]? 
  LDAP Port [389]: 
  Bind DN [cn=Directory Manager]: 
  Password: 
  Base DN [o=pki-tomcat-CA]: dc=pki-ca

Security Domain:
  Name [idmqe.lab.eng.bos.redhat.com Security Domain]: 

Begin installation (Yes/No/Quit)? yes

Log file: /var/log/pki/pki-ca-spawn.20150827105815.log
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
  InsecureRequestWarning)
Notice: Trust flag u is set automatically if the private key is present.
Created symlink from /etc/systemd/system/multi-user.target.wants/pki-tomcatd.target to /usr/lib/systemd/system/pki-tomcatd.target.

    ==========================================================================
                                INSTALLATION SUMMARY
    ==========================================================================

      Administrator's username:             caadmin
      Administrator's PKCS #12 file:
            /root/.dogtag/pki-tomcat/ca_admin_cert.p12

      To check the status of the subsystem:
            systemctl status pki-tomcatd

      To restart the subsystem:
            systemctl restart pki-tomcatd

      The URL for the subsystem is:
            https://cloud-qe-7.idmqe.lab.eng.bos.redhat.com:8443/ca

      PKI instances will be enabled upon system boot

    ==========================================================================

[root@cloud-qe-7 ~]# systemctl stop pki-tomcatd
[root@cloud-qe-7 ~]# pki-server instance-nuxwdog-enable pki-tomcat
----------------------------------------
Nuxwdog enabled for instance pki-tomcat.
----------------------------------------
[root@cloud-qe-7 ~]# cat /var/lib/pki/pki-tomcat/conf/password.conf 
internal=930824051813
internaldb=Secret123
replicationdb=-315257593
[root@cloud-qe-7 ~]# systemctl restart pki-tomcatd-nuxwdog
[pki-tomcat] Please provide the password for internal: ************
[pki-tomcat] Please provide the password for internaldb: *********
[pki-tomcat] Please provide the password for replicationdb: **********
[root@cloud-qe-7 ~]# systemctl status pki-tomcatd-nuxwdog
● pki-tomcatd-nuxwdog - PKI Tomcat Server pki-tomcat Started by Nuxwdog
   Loaded: loaded (/usr/lib/systemd/system/pki-tomcatd-nuxwdog@.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2015-08-27 11:38:37 EDT; 12s ago
  Process: 22667 ExecStart=/bin/nuxwdog -f /etc/pki/%i/nuxwdog.conf (code=exited, status=0/SUCCESS)
  Process: 22485 ExecStartPre=/usr/bin/pkidaemon start tomcat %i (code=exited, status=0/SUCCESS)
 Main PID: 22670 (nuxwdog)
   CGroup: /system.slice/system-pki\x2dtomcatd\x2dnuxwdog.slice/pki-tomcatd-nuxwdog
           ├─22670 /bin/nuxwdog -f /etc/pki/pki-tomcat/nuxwdog.conf
           └─22671 java -DRESTEASY_LIB=/usr/share/java/resteasy-base -Djava.l...

Aug 27 11:38:17 cloud-qe-7.idmqe.lab.eng.bos.redhat.com systemd[1]: Starting ...
Aug 27 11:38:17 cloud-qe-7.idmqe.lab.eng.bos.redhat.com pkidaemon[22485]: SUC...
Aug 27 11:38:17 cloud-qe-7.idmqe.lab.eng.bos.redhat.com pkidaemon[22485]: SUC...
Aug 27 11:38:37 cloud-qe-7.idmqe.lab.eng.bos.redhat.com systemd[1]: Started P...
Hint: Some lines were ellipsized, use -l to show in full.
[root@cloud-qe-7 ~]# systemctl stop pki-tomcatd-nuxwdog
[root@cloud-qe-7 ~]# pki-server instance-nuxwdog-disable pki-tomcat
-----------------------------------------
Nuxwdog disabled for instance pki-tomcat.
-----------------------------------------
[root@cloud-qe-7 ~]# systemctl start pki-tomcatd
[root@cloud-qe-7 ~]# systemctl status pki-tomcatd
● pki-tomcatd - PKI Tomcat Server pki-tomcat
   Loaded: loaded (/lib/systemd/system/pki-tomcatd@.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2015-08-27 11:39:45 EDT; 9s ago
  Process: 23298 ExecStartPre=/usr/bin/pkidaemon start tomcat %i (code=exited, status=0/SUCCESS)
 Main PID: 23477 (java)
   CGroup: /system.slice/system-pki\x2dtomcatd.slice/pki-tomcatd
           └─23477 java -DRESTEASY_LIB=/usr/share/java/resteasy-base -classpa...

Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: Aug 27...
Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: INFO: ...
Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: Aug 27...
Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: INFO: ...
Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: Aug 27...
Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: INFO: ...
Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: PKILis...
Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: PKILis...
Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: Aug 27...
Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: INFO: ...
Hint: Some lines were ellipsized, use -l to show in full.
[root@cloud-qe-7 ~]# systemctl status pki-tomcatd -l
● pki-tomcatd - PKI Tomcat Server pki-tomcat
   Loaded: loaded (/lib/systemd/system/pki-tomcatd@.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2015-08-27 11:39:45 EDT; 21s ago
  Process: 23298 ExecStartPre=/usr/bin/pkidaemon start tomcat %i (code=exited, status=0/SUCCESS)
 Main PID: 23477 (java)
   CGroup: /system.slice/system-pki\x2dtomcatd.slice/pki-tomcatd
           └─23477 java -DRESTEASY_LIB=/usr/share/java/resteasy-base -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.security.manager -Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy org.apache.catalina.startup.Bootstrap start

Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: Aug 27, 2015 11:39:53 AM org.apache.catalina.startup.HostConfig deployDescriptor
Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: INFO: Deployment of configuration descriptor /etc/pki/pki-tomcat/Catalina/localhost/ca.xml has finished in 3,422 ms
Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: Aug 27, 2015 11:39:53 AM org.apache.coyote.AbstractProtocol start
Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: INFO: Starting ProtocolHandler ["http-bio-8080"]
Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: Aug 27, 2015 11:39:53 AM org.apache.coyote.AbstractProtocol start
Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: INFO: Starting ProtocolHandler ["http-bio-8443"]
Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: PKIListener: org.apache.catalina.core.StandardServer[after_start]
Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: PKIListener: Subsystem CA is running.
Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: Aug 27, 2015 11:39:53 AM org.apache.catalina.startup.Catalina start
Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: INFO: Server startup in 7061 ms

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2188.html