Hi Fraser and the new guys! I think this may be it:
https://gist.github.com/alexpdp7/358626a92a07c787fbf246b2761dddb3#file-_var_log_pki_pki-tomcat_localhost-2018-11-07-log snip: SEVERE: Servlet.service() for servlet [caUpdateNumberRange] in context with path [/ca] threw exception [Could not initialize class sun.security.ssl.SSLContextImpl$TLSContext] with root cause java.lang.NoClassDefFoundError: Could not initialize class sun.security.ssl.SSLContextImpl$TLSContext at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:264) at java.security.Provider$Service.getImplClass(Provider.java:1634) at java.security.Provider$Service.newInstance(Provider.java:1592) at sun.security.jca.GetInstance.getInstance(GetInstance.java:236) at sun.security.jca.GetInstance.getInstance(GetInstance.java:164) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156) at org.apache.http.conn.ssl.SSLSocketFactory.getSocketFactory(SSLSocketFactory.java:171) at org.apache.http.impl.conn.SchemeRegistryFactory.createDefault(SchemeRegistryFactory.java:49) at org.apache.http.impl.client.AbstractHttpClient.createClientConnectionManager(AbstractHttpClient.java:306) at org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:466) at com.netscape.certsrv.client.PKIConnection.<init>(PKIConnection.java:114) at com.netscape.cms.servlet.csadmin.ConfigurationUtils.post(ConfigurationUtils.java:273) at com.netscape.cms.authentication.TokenAuthentication.sendAuthRequest(TokenAuthentication.java:216) at com.netscape.cms.authentication.TokenAuthentication.authenticate(TokenAuthentication.java:147) at com.netscape.cms.servlet.common.CMSGateway.checkAuthManager(CMSGateway.java:196) at com.netscape.cms.servlet.base.CMSServlet.authenticate(CMSServlet.java:1792) at com.netscape.cms.servlet.base.CMSServlet.authenticate(CMSServlet.java:1700) at com.netscape.cms.servlet.base.CMSServlet.authenticate(CMSServlet.java:1690) at com.netscape.cms.servlet.csadmin.UpdateNumberRange.process(UpdateNumberRange.java:88) This is not timestamped, but I guess it is the thing. Weird, I don't remember my provisioning does anything JRE-related, but I will do some digging myself. One more question: is this a replica created from a replica? > I fixed an issue quite recently that can occur under such a > scenario, the symptoms of which are similar to yours. > Nope, I think this is my original freeipa-server. I might have done something unlawful here, but I don't think so. BTW: On Thu, Nov 8, 2018 at 5:51 AM Fraser Tweedale <ftwee...@redhat.com> wrote: > (Which is fair enough; we didn't ask for this extra stuff until > now.) > I'm sorry- I could have actually poked at those logs myself (I am- or was- a Java web dev). Looking at my previous post, my "did the song and dance again" might have been impolite (if it does any good- this was more out of frustration because my provisioning setup is unnecessarily slow). FreeIPA is an awesome piece of software I get for free, I get support for free on this mailing list from the authors, so I don't think I'm entitled to much more. I suppose I'm also doing some free testing for RedHat, but I think I'm the one getting the most benefit out of this, so thank you guys and apologies. Cheers, Álex -- ___ {~._.~} ( Y ) ()~*~() mail: alex at corcoles dot net (_)-(_) http://alex.corcoles.net/
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
