Hi, I am trying to install freeipa 2.1.3-9 with external CA and it failed.
Any help is appreciated and thanks in advance!
[r...@ipa.dev.example.com ~]# ipa-server-install
--external_cert_file=/root/ipa.crt --external_ca_file=/root/ca.crt
The log file for this installation can be found in
/var/log/ipaserver-install.log
Directory Manager password:
================================================== ============================
This program will set up the IPA Server.
This includes:
* Configure a stand-alone CA (dogtag) for certificate management
* Create and configure an instance of Directory Server
* Create and configure a Kerberos Key Distribution Center (KDC)
* Configure Apache (httpd)
Excluded by options:
* Configure the Network Time Daemon (ntpd)
To accept the default shown in brackets, press the Enter key.
The IPA Master Server will be configured with
Hostname: ipa.dev.example.com
IP address: x.x.x.x
Domain name: example.com
Configuring certificate server: Estimated time 3 minutes 30 seconds
[1/16]: creating certificate server user
[2/16]: configuring certificate server instance
[3/16]: disabling nonces
[4/16]: creating CA agent PKCS#12 file in /root
[5/16]: creating RA agent certificate database
[6/16]: importing CA chain to RA certificate database
[7/16]: fixing RA database permissions
[8/16]: setting up signing cert profile
[9/16]: set up CRL publishing
[10/16]: set certificate subject base
[11/16]: configuring certificate server to start on boot
[12/16]: restarting certificate server
[13/16]: requesting RA certificate from CA
[14/16]: issuing RA agent certificate
Unexpected error - see ipaserver-install.log for details:
Command '/usr/bin/sslget -n ipa-ca-agent -p XXXXXXXX -d /tmp/tmp-aZzm2V -r
/ca/agent/ca/profileReview?requestId=6 ipa.dev.example.com:9443' returned
non-zero exit status 4
[r...@ipa.dev.example.com ~]# /usr/bin/sslget -n ipa-ca-agent -p XXXXXXXX -d
/tmp/tmp-aZzm2V -r /ca/agent/ca/profileReview?requestId=6
ipa.dev.example.com:9443 -v
GET /ca/agent/ca/profileReview?requestId=6 HTTP/1.0
port: 9443
addr='ipa.dev.example.com'
family='2'
Subject: CN=ipa.dev.example.com,O=example.com
Issuer : CN=Certificate Authority,O=example.com
Called mygetclientauthdata - nickname = ipa-ca-agent
mygetclientauthdata - cert = 9716d0
mygetclientauthdata - privkey = 9b6f10
exit after PR_Write bigBuf with error -12271:
/va/log/ipaserver-install.log information
2012-05-21 16:54:58,852 DEBUG duration: 1 seconds
2012-05-21 16:54:58,852 DEBUG [14/16]: issuing RA agent certificate
2012-05-21 16:54:58,866 DEBUG args=/usr/bin/certutil -d /tmp/tmp-aZzm2V -f
XXXXXXXX -M -t CT,C,C -n System Engineering - Currenex, Inc.
2012-05-21 16:54:58,867 DEBUG stdout=
2012-05-21 16:54:58,867 DEBUG stderr=
2012-05-21 16:54:58,873 DEBUG args=/usr/bin/certutil -d /tmp/tmp-aZzm2V -f
XXXXXXXX -M -t CT,C,C -n Certificate Authority - Currenex, Inc.
2012-05-21 16:54:58,874 DEBUG stdout=
2012-05-21 16:54:58,874 DEBUG stderr=
2012-05-21 16:54:58,909 DEBUG args=/usr/bin/sslget -n ipa-ca-agent -p XXXXXXXX
-d /tmp/tmp-aZzm2V -r /ca/agent/ca/profileReview?requestId=6
ipa.dev.eexchange.com:9443
2012-05-21 16:54:58,909 DEBUG stdout=
2012-05-21 16:54:58,909 DEBUG stderr=
2012-05-21 16:54:59,067 DEBUG Command '/usr/bin/sslget -n ipa-ca-agent -p
XXXXXXXX -d /tmp/tmp-aZzm2V -r /ca/agent/ca/profileReview?requestId=6
ipa.dev.eexchange.com:9443' returned non-zero exit status 4
File "/usr/sbin/ipa-server-install", line 1151, in <module>
sys.exit(main())
File "/usr/sbin/ipa-server-install", line 975, in main
subject_base=options.subject)
File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line
537, in configure_instance
self.start_creation("Configuring certificate server", 210)
File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 248,
in start_creation
method()
File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line
755, in __issue_ra_cert
(stdout, stderr, returncode) = ipautil.run(args, nolog=(self.admin_password,))
File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 273, in run
raise CalledProcessError(p.returncode, args)
[cid:image001.gif@01CD376A.2D530910]<http://forums.fedoraforum.org/editpost.php?do=editpost&p=1577747>
________________________________
The information contained in this e-mail (including any attachments) is
intended solely for the use of the intended recipient(s), may be used solely
for the purpose for which it was sent, may contain confidential, proprietary,
or personally identifiable information, and/or may be subject to the
attorney-client or attorney work product privilege or other applicable
confidentiality protections. If you are not an intended recipient please notify
the author by replying to this e-mail and delete this e-mail immediately. Any
unauthorized copying, disclosure, retention, distribution or other use of this
email, its contents or its attachments is strictly prohibited.
<<inline: image001.gif>>
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
