Introduction
This document helps you troubleshoot the error message related to SunPKCS11-NSS. This error appears when you start the tomcat services in CloudCenter Manager (CCM) and CloudCenter Orchestrator (CCO) machines.
Affected Version
Note: This error is observerd during the new install of 4.7.1.1
Problem
When you try to configure CloudCenter, the user might see this error message in osmosix.log:
2017-05-20 20:07:15,153 ERROR config.GatewayConfigController [http-apr-8443-exec-8] - com.osmosix.commons.crypto.CryptoException: com.osmosix.commons.crypto.CryptoException: java.security.NoSuchProviderException: No such provider: SunPKCS11-NSS
java.lang.RuntimeException: com.osmosix.commons.crypto.CryptoException: com.osmosix.commons.crypto.CryptoException: java.security.NoSuchProviderException: No such provider: SunPKCS11-NSS
at com.osmosix.commons.convert.converter.CryptoJson2HttpMessageConverter.encrypt(CryptoJson2HttpMessageConverter.java:87
Solution
This error is due to the Network Security Services not configured in Java 8. Normally it is configured by the CloudCenter installer, but there are instances where this configuration is missing.
How to reconfigure NSS on the CloudCenter servers:
Go to this directory:
cd /usr/lib/jvm/java-8-sun/jre/lib/security
Verify the java.security configuration:
cat java.security | grep security.provider
If NSS is configured on the system, you should see it listed in security.provider.10, as shown here:
[root@localhost security]# cat java.security | grep security.provider
# security.provider.<n>=<className>
# named Sun appears in the sun.security.provider package. Thus, the
# security.provider.1=sun.security.provider.Sun
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=sun.security.ec.SunEC
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.9=sun.security.smartcardio.SunPCSC
security.provider.10=sun.security.pkcs11.SunPKCS11 /usr/lib/jvm/java-8-sun/jre/lib/security/nss.cfg
login.configuration.provider=sun.security.provider.ConfigFile
policy.provider=sun.security.provider.PolicyFile
If the higlighted line is missing, add it to the java.security file.
Create the nss.cfg file in the same directory with this content:
name = NSS
nssLibraryDirectory = /usr/lib64/
nssDbMode = noDb
attributes = compatibility
Verify whether the permission on the java.security and nss.cfg file are correct. The permission should be 644.
Reboot the CloudCenter VM:
reboot
Now you should be able to configure CloudCenter.