Tomcat4 does not load

  • 3234091
  • 24-Sep-2007
  • 30-Apr-2012

Environment

Novell NetWare 6.5

Situation

Tomcat4 does not load
Unable to create .keystore file - Error importing certificate to keystore: sys:\adminsrv\conf\.keystore

Resolution

There are a number of things that must be working for us to create the .keystore file.

  • SSL must work. An easy way to test that is to load the Remote Manager on port 8009. The address for this is https://ipaddressof server:8009. If you can get to that page you know that at least SSL CertificateIP is valid and working.
  • Second you will want to make sure that secure LDAP is working. An easy way to test this is to open a browser and type in the url https://ipaddressof server:636. Accept the security prompt and on the web page you will see something like this: "0$1.3.6.1.4.1.1466.20036". This means that you have a secure ldap port.
  • Next make sure that there is a valid root certificate located in SYS:\public. The name of the file is RootCert.der by default. If this file does not exist, it will need to be exported. Open ConsoleOne. Browse to the Security Container. You should see an object with your Tree name and "CA". Right click on that object, select properties, and select the Certificate tab. In the bottom right hand corner select to "Export". Continue clicking next until you finish. By default it creates a file on your local hard drive. The path and file name will be similar to this: "C:\TreeName CA-PublicKeyCert.der". Rename this file to "RootCert.der. Copy the file to your SYS:\public directory.
  • Last but not least we need to check your hosts and hostname files. Browse to SYS:\etc. Open HOSTS and HOSTNAME with wordpad. In the HOSTS file make sure you have the correct ipaddress for your server located at the bottom of the file. Near the top of the file you will need the loopback address. The HOSTS file should look similar to the format below. Save the file. In the HOSTNAME file make sure the correct ipaddress and fully qualified DNS name are correct. Make sure there are no extra or extended characters in the file before saving. From the server console type "Reset Server" to apply the changes.
# SYS:ETC\HOSTS
#
# Mappings of host names and host aliases to IP address.
#
127.0.0.1 loopback lb localhost
# normal loopback address
#
# examples from Novell network
#
  • Once the server has completely come back at the server console type "java -exit". Wait 30 seconds and retype "java -exit". You should see java loading on the screen. Now type "tckeygen" at the console. If you see a line that says "Exporting the Host certificate from:localhost" and"java: Class com.novell.application.tomcat.util.EDirectoryIntegrator exited successfully" twice that means the .keystore file was created successfully, if not then you may want to go to the SYS:\ADMINSRV\CONF directory and delete the .keystore file, and rerun the TCKEYGEN at the server console prompt. Now at the server console type "Tomcat4". After a moment and checking the logger screen you will see port 9010. Back at the server console type"tcadmup" to load the tomcat manager. Checking the logger screen you should see port 9009.
  • If the above does not work then it is possible to edit the tckeygen.ncf file along with the server.xml file to get the certificates exported successfully. Open the sys:\system\tckeygen.ncf and edit where it says "-servername=localhost" and change localhost to be the ipaddress of the server. Open the sys:\tomcat\4\conf\server.xml file and do a search for port 636. Where it says"ldap://localhost:636change localhost to be the ipaddress of the server. Save both files. Unload tomcat with java -exit, wait 30 seconds and run java -exit again. Rerun tckeygen.ncf from the server console again. .

Additional Information

originally TID10091686