Hi,
Installing a v2 freeipa server failed for me at the stage "configuring
certificate server instance"
The machine is an updated (and now fully up2date) fedora16 x64 machine.
Here's the command line output:
Configuring certificate server: Estimated time 3 minutes 30 seconds
[1/17]: creating certificate server user
[2/17]: creating pki-ca instance
[3/17]: configuring certificate server instance
root : CRITICAL failed to configure ca instance Command
'/usr/bin/perl /usr/bin/pkisilent 'ConfigureCA' '-cs_hostname'
'server.xxxxx.com' '-cs_port' '9445' '-client_certdb_dir'
'/tmp/tmp-HxuF_T' '-client_certdb_pwd' XXXXXXXX '-preop_pin'
'rgN1Coi9yfnvOUlxsUUw' '-domain_name' 'IPA' '-admin_user' 'admin'
'-admin_email' 'root@localhost' '-admin_password' XXXXXXXX '-agent_name'
'ipa-ca-agent' '-agent_key_size' '2048' '-agent_key_type' 'rsa'
'-agent_cert_subject' 'CN=ipa-ca-agent,O=AXSEM.COM' '-ldap_host'
server.xxxxx.com' '-ldap_port' '7389' '-bind_dn' 'cn=Directory Manager'
'-bind_password' XXXXXXXX '-base_dn' 'o=ipaca' '-db_name' 'ipaca'
'-key_size' '2048' '-key_type' 'rsa' '-key_algorithm' 'SHA256withRSA'
'-save_p12' 'true' '-backup_pwd' XXXXXXXX '-subsystem_name' 'pki-cad'
'-token_name' 'internal' '-ca_subsystem_cert_subject_name' 'CN=CA
Subsystem,O=XXXXX.COM' '-ca_ocsp_cert_subject_name' 'CN=OCSP
Subsystem,O=XXXXX.COM' '-ca_server_cert_subject_name'
'CN=axextserver1.hq.axsem.com,O=XXXXX.COM'
'-ca_audit_signing_cert_subject_name' 'CN=CA Audit,O=XXXXX.COM'
'-ca_sign_cert_subject_name' 'CN=Certificate Authority,O=XXXXX.COM'
'-external' 'false' '-clone' 'false'' returned non-zero exit status 255
Unexpected error - see ipaserver-install.log for details:
Configuration of CA failed
I got it working once I removed the (link local IMO) IPv6 address from
the ethernet interface. Otherwise, the pki ports (such as 9445) were
only bound to IPv6 addresses. Strange.
Tom
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
