glassfish
  1. glassfish
  2. GLASSFISH-3055

Load balancer fails on hardware SSL accelerators (T2000 etc)

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: 9.1pe
    • Fix Version/s: not determined
    • Component/s: load_balancer
    • Labels:
      None
    • Environment:

      Operating System: Solaris
      Platform: Sun

    • Issuezilla Id:
      3,055

      Description

      The Load Balancer plugin for Glassfish doesn't work in Apache when using Sun's
      PKCS11 crypto device.

      ie. Set Apache's httpd.conf to have SSLCryptoDevice pkcs11, and
      mod_loadbalancer.so fails to initialize:

      [Thu May 24 15:00:46 2007] [notice] Initializing lbplugin BuildId: A692342-271111

      [Thu May 24 15:00:51 2007] [alert] ERROR:NSS could not be initialized; The issue
      may be missing security DB files under /opt/apache/sec_db_files; Please ensure
      that secmod.db, key3.db and cert7.db files are present under
      /opt/apache/sec_db_files; Refer documentation for more details; Aborting Plugin
      initialization ...

      [Thu May 24 15:00:51 2007] [notice] Apache/2.0.55 (Unix) mod_ssl/2.0.55
      OpenSSL/0.9.7d configured – resuming normal operations

      This works fine when not using the SSLCryptoDevice directive.
      ie: when using Apache's builtin SSL engine.

      One implication is that its not possible to use the SSL hardware accelerator on
      T1000 and T2000 servers, as they require Apache to use the pkcs11
      SSLCryptoDevice setting. This is a pretty major drawback for running Glassfish
      on these boxes since their SSL engine is pretty poor, hence the builtin SSL
      accelerator, which should be used.

      Could this (just) be a problem with the NSS database file provided not having
      referencs to the pkcs11 device?

      The error message is also erroneous as it complains about cert7.db, which I
      believe was replaced with cert8.db long ago.

        Activity

          People

          • Assignee:
            pj126383
            Reporter:
            coreyjohnston
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: