Skip to main content

certutil crashes DAS

Please note these java.net forums are being decommissioned and use the new and improved forums at https://community.oracle.com/community/java.
5 replies [Last post]
jiggster
Offline
Joined: 2010-05-10

Hello everybody.

I'd like to share with you a weird problem I ran into when using certutil tool shipped with GlassFish. Scenario is: fresh appserver installation (v 2.1.1) with default domain1 domain. Starting & stopping DAS works faultlessly. Then I try to manually export the default DAS certificate using the command below:

appserver-install-dir/lib/upgrade/certutil -L -d appserver-instance-dir/config -n s1as -a -o sjsas.crt

When I execute this command I always get the following error: "certutil: could not find certificate named "s1as": security library: bad database." and an empty sjsas.crt file is created. What is even more surprising is the fact that after executing this command I cannot start my domain because of:

[#|2011-04-14T09:03:10.461+0200|WARNING|sun-appserver2.1|javax.enterprise.system.stream.err|_ThreadID=10;_ThreadName=main;_RequestID=547c2689-3102-4944-87f3-4ebb23ea482a;|java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.enterprise.server.PELaunch.main(PELaunch.java:415)
Caused by: java.lang.UnsatisfiedLinkError: no nspr4 in java.library.path
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1734)
at java.lang.Runtime.loadLibrary0(Runtime.java:823)
at java.lang.System.loadLibrary(System.java:1028)
at com.sun.enterprise.ee.security.EESecuritySupportImpl.loadNSSNativeLibrary(EESecuritySupportImpl.java:176)
at com.sun.enterprise.ee.security.EESecuritySupportImpl.initNSS(EESecuritySupportImpl.java:133)
at com.sun.enterprise.ee.security.EESecuritySupportImpl.<init>(EESecuritySupportImpl.java:95)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at com.sun.enterprise.pluggable.PluggableFeatureFactoryBaseImpl.invoke(PluggableFeatureFactoryBaseImpl.java:84)
at $Proxy0.getSecuritySupport(Unknown Source)
at com.sun.enterprise.security.SecurityUtil.getSecuritySupport(SecurityUtil.java:364)
at com.sun.enterprise.security.SSLUtils.<clinit>(SSLUtils.java:102)
at com.sun.enterprise.security.SecurityLifecycle.onInitialization(SecurityLifecycle.java:101)
at com.sun.enterprise.server.ApplicationServer.onInitialization(ApplicationServer.java:265)
at com.sun.enterprise.server.ondemand.OnDemandServer.onInitialization(OnDemandServer.java:103)
at com.sun.enterprise.server.PEMain.run(PEMain.java:399)
at com.sun.enterprise.server.PEMain.main(PEMain.java:336)
... 5 more
|#]

Recreating (deleting & creating again) domain resolves the problem until the certutil is used again. Your suggestions are greatly appreciated!
Regards,
AG

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Nithya Subraman...
Offline
Joined: 2011-03-21

Hi,

Can you please try with the certutil utility that comes with the NSS
libraries , after setting the LD_LIBRARY_PATH to point to the location
of the NSS libraries.This location can be identified from the value of
AS_NSS_LIB in asenv.conf

Thanks
Nithya

On Thursday 14 April 2011 12:49 PM, forums@java.net wrote:
> Hello everybody.
>
>
>
> I'd like to share with you a weird problem I ran into when using
> *certutil*
> tool shipped with GlassFish. Scenario is: fresh appserver installation (v
> 2.1.1) with default domain1 domain. Starting & stopping DAS works
> faultlessly. Then I try to manually export the default DAS certificate
> using
> the command below:
>
>
>
> appserver-install-dir/lib/upgrade/certutil -L -d
> appserver-instance-dir/config -n s1as -a -o sjsas.crt
>
>
> When I execute this command I always get the following error: "certutil:
> could not find certificate named "s1as": security library: bad
> database." and
> an empty sjsas.crt file is created. What is even more surprising is
> the fact
> that after executing this command I cannot start my domain because of:
>
>
>
> [#|2011-04-14T09:03:10.461+0200|WARNING|sun-appserver2.1|javax.enterprise.system.stream.err|_ThreadID=10;_ThreadName=main;_RequestID=547c2689-3102-4944-87f3-4ebb23ea482a;|java.lang.reflect.InvocationTargetException
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>
> at java.lang.reflect.Method.invoke(Method.java:597) at
> com.sun.enterprise.server.PELaunch.main(PELaunch.java:415)Caused by:
> java.lang.UnsatisfiedLinkError: no nspr4 in java.library.path at
> java.lang.ClassLoader.loadLibrary(ClassLoader.java:1734) at
> java.lang.Runtime.loadLibrary0(Runtime.java:823) at
> java.lang.System.loadLibrary(System.java:1028) at
> com.sun.enterprise.ee.security.EESecuritySupportImpl.loadNSSNativeLibrary(EESecuritySupportImpl.java:176)
>
> at
> com.sun.enterprise.ee.security.EESecuritySupportImpl.initNSS(EESecuritySupportImpl.java:133)
>
> at
> com.sun.enterprise.ee.security.EESecuritySupportImpl.(EESecuritySupportImpl.java:95)
>
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method) at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
>
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
>
> at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
> at java.lang.Class.newInstance0(Class.java:355) at
> java.lang.Class.newInstance(Class.java:308) at
> com.sun.enterprise.pluggable.PluggableFeatureFactoryBaseImpl.invoke(PluggableFeatureFactoryBaseImpl.java:84)
>
> at $Proxy0.getSecuritySupport(Unknown Source) at
> com.sun.enterprise.security.SecurityUtil.getSecuritySupport(SecurityUtil.java:364)
>
> at
> com.sun.enterprise.security.SSLUtils.(SSLUtils.java:102)
> at
> com.sun.enterprise.security.SecurityLifecycle.onInitialization(SecurityLifecycle.java:101)
>
> at
> com.sun.enterprise.server.ApplicationServer.onInitialization(ApplicationServer.java:265)
>
> at
> com.sun.enterprise.server.ondemand.OnDemandServer.onInitialization(OnDemandServer.java:103)
>
> at com.sun.enterprise.server.PEMain.run(PEMain.java:399)
> at com.sun.enterprise.server.PEMain.main(PEMain.java:336) ... 5
> more|#]
>
>
>
> Recreating (deleting & creating again) domain resolves the problem
> until the
> certutil is used again. Your suggestions are greatly appreciated!
>
> Regards,
>
> AG
>
>
>
>
>
>
> --
>
> [Message sent by forum member 'jiggster']
>
> View Post: http://forums.java.net/node/791667
>
>

Kumar Jayanti Guest
Offline
Joined: 2011-04-02

This is your real problem : no nspr4 in java.library.path

download libnspr4.so and make sure LD_LIBRARY_PATH points to directory containing this lib.

On 14-Apr-2011, at 12:49 PM, forums@java.net wrote:

> Hello everybody.
>
>
>
> I'd like to share with you a weird problem I ran into when using *certutil*
> tool shipped with GlassFish. Scenario is: fresh appserver installation (v
> 2.1.1) with default domain1 domain. Starting & stopping DAS works
> faultlessly. Then I try to manually export the default DAS certificate using
> the command below:
>
>
>
> appserver-install-dir/lib/upgrade/certutil -L -d
> appserver-instance-dir/config -n s1as -a -o sjsas.crt
>
>
> When I execute this command I always get the following error: "certutil:
> could not find certificate named "s1as": security library: bad database." and
> an empty sjsas.crt file is created. What is even more surprising is the fact
> that after executing this command I cannot start my domain because of:
>
>
>
> [#|2011-04-14T09:03:10.461+0200|WARNING|sun-appserver2.1|javax.enterprise.system.stream.err|_ThreadID=10;_ThreadName=main;_RequestID=547c2689-3102-4944-87f3-4ebb23ea482a;|java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597) at
> com.sun.enterprise.server.PELaunch.main(PELaunch.java:415)Caused by:
> java.lang.UnsatisfiedLinkError: no nspr4 in java.library.path at
> java.lang.ClassLoader.loadLibrary(ClassLoader.java:1734) at
> java.lang.Runtime.loadLibrary0(Runtime.java:823) at
> java.lang.System.loadLibrary(System.java:1028) at
> com.sun.enterprise.ee.security.EESecuritySupportImpl.loadNSSNativeLibrary(EESecuritySupportImpl.java:176)
> at
> com.sun.enterprise.ee.security.EESecuritySupportImpl.initNSS(EESecuritySupportImpl.java:133)
> at
> com.sun.enterprise.ee.security.EESecuritySupportImpl.(EESecuritySupportImpl.java:95)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method) at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
> at java.lang.Class.newInstance0(Class.java:355) at
> java.lang.Class.newInstance(Class.java:308) at
> com.sun.enterprise.pluggable.PluggableFeatureFactoryBaseImpl.invoke(PluggableFeatureFactoryBaseImpl.java:84)
> at $Proxy0.getSecuritySupport(Unknown Source) at
> com.sun.enterprise.security.SecurityUtil.getSecuritySupport(SecurityUtil.java:364)
> at
> com.sun.enterprise.security.SSLUtils.(SSLUtils.java:102)
> at
> com.sun.enterprise.security.SecurityLifecycle.onInitialization(SecurityLifecycle.java:101)
> at
> com.sun.enterprise.server.ApplicationServer.onInitialization(ApplicationServer.java:265)
> at
> com.sun.enterprise.server.ondemand.OnDemandServer.onInitialization(OnDemandServer.java:103)
> at com.sun.enterprise.server.PEMain.run(PEMain.java:399)
> at com.sun.enterprise.server.PEMain.main(PEMain.java:336) ... 5
> more|#]
>
>
>
> Recreating (deleting & creating again) domain resolves the problem until the
> certutil is used again. Your suggestions are greatly appreciated!
>
> Regards,
>
> AG
>
>
>
>
>
>
> --
>
> [Message sent by forum member 'jiggster']
>
> View Post: http://forums.java.net/node/791667
>
>

jiggster
Offline
Joined: 2010-05-10

Hi Kumar,

Thanks for your reply. Honestly, I don't think that this problem stem from the lack of libnspr4.so on my system. Running

locate libnspr4.so

produces the following output:

/home/jigga/imq/lib/libnspr4.so
/home/jigga/imq/lib/sparcv9/libnspr4.so
/home/jigga/mq/nss/lib/libnspr4.so
/home/jigga/mq/nss/lib64/libnspr4.so
/home/jigga/oracle/webserver7/lib/libnspr4.so
/home/jigga/webserver7/lib/libnspr4.so
/opt/sges21/imq/lib/libnspr4.so
/usr/lib/libnspr4.so
/usr/lib/libnspr4.so.0d
/usr/lib/firefox-3.6.16/libnspr4.so

So in fact there are plenty of libnspr4.so on my system. And as I mentioned above re-creating domain causes the problem to disappear, so there must be some other reason than missing libnspr4.so library.

Regards,
AG

jiggster
Offline
Joined: 2010-05-10

Anybody any ideas? Or shall i go to support.oracle.com for the official support?

Regards,
AG

Kumar Jayanti Guest
Offline
Joined: 2011-04-02

On 15-Apr-2011, at 8:07 PM, forums@java.net wrote:

> Anybody any ideas? Or shall i go to support.oracle.com for the official
> support?
>
Yes you should go to support.oracle.com if you have support options. The sustaining folks can then spend cycles on it.

regards,
kumar
>
>
> Regards,
>
> AG
>
>
> --
>
> [Message sent by forum member 'jiggster']
>
> View Post: http://forums.java.net/node/791667
>
>