Hi,
I've a bunch of 5 servers for my domain. One has CA on it and on any other the
attempt to bring it up as secondary,.. CA replica fails with:
ipa-ca-install
...
caSigningCert cert-pki-ca CTu,Cu,Cu
ocspSigningCert cert-pki-ca u,u,u
subsystemCert cert-pki-ca u,u,u
Installation failed:
<html><head><title>Apache Tomcat/7.0.76 - Error report</title><style><!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
H2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
H3 {font-f
amily:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P
{font-family:Tahoma,Arial,sa
ns-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name
{color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status
500 - javax.ws.rs.ProcessingException: Unable to invoke request</h1><HR
size="1" noshade="noshade"><p><b>type</b>
Exception report</p><p><b>message</b> <u>javax.ws.rs.ProcessingException:
Unable to invoke request</u></p><p><b>description</b> <u>The server encountered
an internal error that prevented it from fulfilling this
request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.
spi.UnhandledException: javax.ws.rs.ProcessingException: Unable to invoke
request
org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:149)
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
together with a (journalctl)
Jul 17 10:24:14 kre.example.com server[21753]: CMS Warning: FAILURE: authz
instance DirAclAuthz initialization failed and skipped, error=Property
internaldb.ldapconn.port missing value|
Jul 17 10:24:14 kre.example.com server[21753]: CA is started.
Jul 17 10:24:17 server[21753]: getSystemCertProfileID tag: subsystem
defaultName: caInternalAuthSubsystemCert keyType: null
Jul 17 10:24:17 kre.example.com server[21753]: FATAL: SSL alert received:
HANDSHAKE_FAILURE
The pki-tomcat is the last thing started, but throws an exeption
I can provide the ipareplication-install.log. For all servers the failure is
exactly the same (without the running master of course).
Software: centos 7 with
pa-common-4.6.8-5.el7.centos.14.noarch
ipa-server-trust-ad-4.6.8-5.el7.centos.14.x86_64
ipa-client-common-4.6.8-5.el7.centos.14.noarch
ipa-client-4.6.8-5.el7.centos.14.x86_64
ipa-server-dns-4.6.8-5.el7.centos.14.noarch
ipa-server-common-4.6.8-5.el7.centos.14.noarch
ipa-server-4.6.8-5.el7.centos.14.x86_64
Maybe someone has a tip for me?
Regards,
Rudi G.
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
