Re: [Freeipa-users] FreeIPA 3.3.* bug with external-ca?

Fri, 08 Nov 2013 06:21:49 -0800 

Andrea Bontempi wrote:

Hi, i'm trying to install FreeIPA with external CA (again)

Now i use FreeIPA 3.3.* and i found a strange error on "[17/22]: requesting RA 
certificate from CA":


2013-11-08T11:07:38Z DEBUG   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 622, 
in run_script
    return_value = main_function()

  File "/usr/sbin/ipa-server-install", line 1096, in main
    subject_base=options.subject)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 
478, in configure_instance
    self.start_creation(runtime=210)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
364, in start_creation
    method()

  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 
1089, in __request_ra_certificate
    self.requestId = item_node[0].childNodes[0].data

2013-11-08T11:07:38Z DEBUG The ipa-server-install command failed, exception: 
IndexError: list index out of range


So, i open /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py on 
the line 1089:


  # Send the request to the CA
  conn = httplib.HTTPConnection(
      self.fqdn, self.dogtag_constants.UNSECURE_PORT)
  params = urllib.urlencode({'profileId': 'caServerCert',
          'cert_request_type': 'pkcs10',
          'requestor_name': 'IPA Installer',
          'cert_request': csr,
          'xmlOutput': 'true'})
  headers = {"Content-type": "application/x-www-form-urlencoded",
             "Accept": "text/plain"}

  conn.request("POST", "/ca/ee/ca/profileSubmit", params, headers)
  res = conn.getresponse()
  if res.status == 200:
      data = res.read()
      conn.close()
      doc = xml.dom.minidom.parseString(data)
      item_node = doc.getElementsByTagName("RequestId")
      self.requestId = item_node[0].childNodes[0].data   <--  exception: 
IndexError: list index out of range
      doc.unlink()
      self.requestId = self.requestId.strip()
      if self.requestId is None:
          raise RuntimeError("Unable to determine RA certificate requestId")


I read the value of "data":


<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<XMLResponse>
<Status>1</Status>
<Error>Profile caServerCert Not Found</Error>
</XMLResponse>


Can someone help me?
I'd check out the CA logs in /var/log/pki/pki-tomcat/ca for more information. 

rob

_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to