"java.security.NoSuchProviderException" Error Occurs when CloudCenter is Configured

Available Languages

Download Options

  • PDF     (6.4 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (76.6 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (71.3 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:June 8, 2017
Document ID:211329

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document helps you troubleshoot the error message related to SunPKCS11-NSS. This error appears when you start the tomcat services in CloudCenter Manager (CCM) and CloudCenter Orchestrator (CCO) machines.

    Affected Version

    • CloudCenter 4.7.1.1

    Note: This error is observerd during the new install of 4.7.1.1

    Problem


    When you try to configure CloudCenter, the user might see this error message in osmosix.log:

      

    2017-05-20 20:07:15,153 ERROR config.GatewayConfigController [http-apr-8443-exec-8]  - com.osmosix.commons.crypto.CryptoException: com.osmosix.commons.crypto.CryptoException: java.security.NoSuchProviderException: No such provider: SunPKCS11-NSS
java.lang.RuntimeException: com.osmosix.commons.crypto.CryptoException: com.osmosix.commons.crypto.CryptoException: java.security.NoSuchProviderException: No such provider: SunPKCS11-NSS
        at com.osmosix.commons.convert.converter.CryptoJson2HttpMessageConverter.encrypt(CryptoJson2HttpMessageConverter.java:87

    Solution

    This error is due to the Network Security Services not configured in Java 8. Normally it is configured by the CloudCenter installer, but there are instances where this configuration is missing.

    How to reconfigure NSS on the CloudCenter servers:

    Go to this directory:

      

    cd /usr/lib/jvm/java-8-sun/jre/lib/security

    Verify the java.security configuration:

      

    cat java.security | grep security.provider

    If NSS is configured on the system, you should see it listed in security.provider.10, as shown here:

      

    [root@localhost security]# cat java.security | grep security.provider
#    security.provider.<n>=<className>
# named Sun appears in the sun.security.provider package. Thus, the
#    security.provider.1=sun.security.provider.Sun
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=sun.security.ec.SunEC
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.9=sun.security.smartcardio.SunPCSC
security.provider.10=sun.security.pkcs11.SunPKCS11 /usr/lib/jvm/java-8-sun/jre/lib/security/nss.cfg
login.configuration.provider=sun.security.provider.ConfigFile
policy.provider=sun.security.provider.PolicyFile

    If the higlighted line is missing, add it to the java.security file.

    Create the nss.cfg file in the same directory with this content:

    name = NSS
nssLibraryDirectory = /usr/lib64/
nssDbMode = noDb
attributes = compatibility

    Verify whether the permission on the java.security and nss.cfg file are correct. The permission should be 644.

    Reboot the CloudCenter VM:

      

    reboot

    Now you should be able to configure CloudCenter.

    TAC Authored

    Contributed by Cisco Engineers

    • Andrew Wong
      Cisco TAC Engineer
    • Vihar Kuruppathukattil
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products