The rebase broke Dogtag CA configuration on ipa-server-install
Mar 15 08:22:35 master1.ipa.test server[8656]: WARNING: Problem with JAR file [/usr/share/pki/server/common/lib/symkey.jar], exists: [false], canRead: [false]
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'enableOCSP' to 'false' did not find a matching property.
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspResponderURL' to 'http://master1.ipa.test:9080/ca/ocsp' did not find a matching property.
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspResponderCertNickname' to 'ocspSigningCert cert-pki-ca' did not find a matching property.
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspCacheSize' to '1000' did not find a matching property.
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspMinCacheEntryDuration' to '60' did not find a matching property.
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspMaxCacheEntryDuration' to '120' did not find a matching property.
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ocspTimeout' to '10' did not find a matching property.
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'strictCiphers' to 'true' did not find a matching property.
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'sslOptions' to 'ssl2=false,ssl3=false,tls=true' did not find a matching property.
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ssl2Ciphers' to '-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_C
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'ssl3Ciphers' to '-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'tlsCiphers' to '-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_3DES
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'sslVersionRangeStream' to 'tls1_0:tls1_2' did not find a matching property.
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'sslVersionRangeDatagram' to 'tls1_1:tls1_2' did not find a matching property.
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'sslRangeCiphers' to '-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'serverCertNickFile' to '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf' did not find a matching property.
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'passwordFile' to '/var/lib/pki/pki-tomcat/conf/password.conf' did not find a matching property.
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'passwordClass' to 'org.apache.tomcat.util.net.jss.PlainPasswordFile' did not find a matching property.
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'certdbDir' to '/var/lib/pki/pki-tomcat/alias' did not find a matching property.
Mar 15 08:22:36 master1.ipa.test server[8656]: WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Valve} Setting property 'resolveHosts' to 'false' did not find a matching property.
Mar 15 08:22:36 master1.ipa.test server[8656]: PKIListener: org.apache.catalina.core.StandardServer[before_init]
Mar 15 08:22:36 master1.ipa.test server[8656]: JSSSocketFactory init - exception thrown:java.lang.IllegalArgumentException: JSS SSLSocket SSLVersionRange: arguments out of range
This update has been submitted for testing by mharmsen.
This update has been pushed to testing.
Breaks ipa-server-install
server[112874]: JSSSocketFactory init - exception thrown:java.lang.IllegalArgumentException: JSS SSLSocket SSLVersionRange: arguments out of range
The rebase broke Dogtag CA configuration on ipa-server-install
Please note:
We discovered that upgrading just this jss will not work, as it is incompatible with the old tomcatjss.
Please re-verify this by installing all three of these components: * jss-4.4.0-1.fc25 * tomcatjss-7.2.1-1.fc25 (https://bodhi.fedoraproject.org/updates/FEDORA-2017-122cb7e152) * pki-core-10.4.0-1.fc25 (https://bodhi.fedoraproject.org/updates/FEDORA-2017-9c6007b406)
As this was discovered very recently, we should probably re-spin and add a Conflicts: tomcatjss < 7.2.1-1.
This update has been obsoleted by jss-4.4.0-2.fc25.