Freeipa ipa-ca-install fails
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 3 of 3
  1. #1
    Join Date
    Oct 2017
    Location
    Moscow-city
    Posts
    2

    Unhappy Freeipa ipa-ca-install fails

    Hi, everybody!
    I have 3 fedora 25 containers on proxmox 5.0with freeipa 4.4.4 installed
    One of them is master, and I want to make a replication (both domain and ca parts)
    the realm is managed by another dns servers so IPA's are configured through edited hosts files

    here's the log ipareplica-ca-install.log:

    Loading deployment configuration from /tmp/tmpU9FpHx.
    Installing CA into /var/lib/pki/pki-tomcat.
    Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
    Importing certificates from /tmp/ca.p12:
    ---------------
    6 entries found
    /*
    certificate's info
    */




    Imported certificates in /etc/pki/pki-tomcat/alias:

    Certificate Nickname Trust Attributes
    SSL,S/MIME,JAR/XPI

    DSTRootCAX3 C,,
    caSigningCert cert-pki-ca CTu,Cu,Cu
    auditSigningCert cert-pki-ca u,u,Pu
    letsencryptx3 C,,
    ocspSigningCert cert-pki-ca u,u,u
    subsystemCert cert-pki-ca u,u,u

    Installation failed:
    com.netscape.certsrv.base.BadRequestException: Clone URI does not match available subsystems: https://ipa.my-domain:443

    Please check the CA logs in /var/log/pki/pki-tomcat/ca.

    2017-10-30T12:50:29Z DEBUG stderr=certutil: Could not find cert: DSTRootCAX3
    : PR_FILE_NOT_FOUND_ERROR: File not found
    certutil: Could not find cert: letsencryptx3
    : PR_FILE_NOT_FOUND_ERROR: File not found

    2017-10-30T12:50:29Z CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpU9FpHx' returned non-zero exit status 1
    2017-10-30T12:50:29Z CRITICAL See the installation logs and the following files/directories for more information:
    2017-10-30T12:50:29Z CRITICAL /var/log/pki/pki-tomcat
    2017-10-30T12:50:29Z DEBUG Traceback (most recent call last):
    File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 449, in start_creation
    run_step(full_msg, method)
    File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 439, in run_step
    method()
    File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 587, in __spawn_instance
    DogtagInstance.spawn_instance(self, cfg_file)
    File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 181, in spawn_instance
    self.handle_setup_error(e)
    File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 420, in handle_setup_error
    raise RuntimeError("%s configuration failed." % self.subsystem)
    RuntimeError: CA configuration failed.


    I'm trying to defeat this trouble for 2 days already
    maybe, someone can provide me some links or path where to search

    Thank you in advance!

  2. #2
    Join Date
    Dec 2017
    Location
    US
    Posts
    1

    Re: Freeipa ipa-ca-install fails

    Did you ever figure this out? I'm running into the same problem.

  3. #3
    Join Date
    Oct 2017
    Location
    Moscow-city
    Posts
    2

    Re: Freeipa ipa-ca-install fails

    Quote Originally Posted by dandrzejewski
    Did you ever figure this out? I'm running into the same problem.
    No...
    I've made 2 clean ipa installs in totally new containers .
    After that i've made a replication between them and made user import from ipa install that is mentioned in this topic

Similar Threads

  1. [SOLVED]
    pfSense/FreeIPA LDAP Extended Query Fails
    By FlowMike in forum Servers & Networking
    Replies: 2
    Last Post: 1st September 2016, 05:41 PM
  2. FreeIpa Install Fails
    By pgb205 in forum Servers & Networking
    Replies: 0
    Last Post: 14th March 2016, 04:52 AM
  3. FreeIPA install fails
    By 7zark7 in forum Servers & Networking
    Replies: 0
    Last Post: 12th August 2015, 12:02 PM
  4. FreeIPA 3.3 Install does not complete - "Cannot contact any KDC"
    By chrischarles in forum Servers & Networking
    Replies: 0
    Last Post: 13th March 2015, 09:37 PM
  5. freeipa 2.1.3-9 install with external CA failed
    By helpmeplease in forum Servers & Networking
    Replies: 0
    Last Post: 21st May 2012, 06:46 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •