[Freeipa-users] CA replication

Dan Scott danieljamesscott at gmail.com
Thu Dec 8 17:55:49 UTC 2011 

Hi,

I just tried to add a CA replica to my IPA replica (Both Fedora 15) using:

ipa-ca-install replica-info-ohm.gpg

It proceeds to configure the directory server for the CA, but fails
when 'configuring certificate server':

Configuring certificate server: Estimated time 3 minutes 30 seconds
  [1/11]: creating certificate server user
  [2/11]: creating pki-ca instance
  [3/11]: configuring certificate server instance
root        : CRITICAL failed to configure ca instance Command
'/usr/bin/perl /usr/bin/pkisilent 'ConfigureCA' '-cs_hostname'
'ohm.example.com' '-cs_port' '9445' '-client_certdb_dir'
'/tmp/tmp-Mbw1ut' '-client_certdb_pwd' XXXXXXXX '-preop_pin'
'XXXXXXXXX' '-domain_name' 'IPA' '-admin_user' 'admin' '-admin_email'
'root at localhost' '-admin_password' XXXXXXXX '-agent_name'
'ipa-ca-agent' '-agent_key_size' '2048' '-agent_key_type' 'rsa'
'-agent_cert_subject' 'CN=ipa-ca-agent,O=EXAMPLE.COM' '-ldap_host'
'ohm.example.com' '-ldap_port' '7389' '-bind_dn' 'cn=Directory
Manager' '-bind_password' XXXXXXXX '-base_dn' 'o=ipaca' '-db_name'
'ipaca' '-key_size' '2048' '-key_type' 'rsa' '-key_algorithm'
'SHA256withRSA' '-save_p12' 'true' '-backup_pwd' XXXXXXXX
'-subsystem_name' 'pki-cad' '-token_name' 'internal'
'-ca_subsystem_cert_subject_name' 'CN=CA Subsystem,O=EXAMPLE.COM'
'-ca_ocsp_cert_subject_name' 'CN=OCSP Subsystem,O=EXAMPLE.COM'
'-ca_server_cert_subject_name' 'CN=ohm.example.com,O=EXAMPLE.COM'
'-ca_audit_signing_cert_subject_name' 'CN=CA Audit,O=EXAMPLE.COM'
'-ca_sign_cert_subject_name' 'CN=Certificate Authority,O=EXAMPLE.COM'
'-external' 'false' '-clone' 'true' '-clone_p12_file' 'ca.p12'
'-clone_p12_password' XXXXXXXX '-sd_hostname' 'curie.example.com'
'-sd_admin_port' '443' '-sd_admin_name' 'admin' '-sd_admin_password'
XXXXXXXX '-clone_start_tls' 'true' '-clone_uri'
'https://curie.example.com:443'' returned non-zero exit status 255
creation of replica failed: Configuration of CA failed

Some errors from /var/log/ipareplica-ca-install.log

Error in DomainPanel(): updateStatus value is null
ERROR: ConfigureCA: DomainPanel() failure
ERROR: unable to create CA

  File "/usr/sbin/ipa-ca-install", line 156, in <module>
    main()

  File "/usr/sbin/ipa-ca-install", line 141, in main
    (CA, cs) = cainstance.install_replica_ca(config, postinstall=True)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 1136, in install_replica_ca
    subject_base=config.subject_base)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 537, in configure_instance
    self.start_creation("Configuring certificate server", 210)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 248, in start_creation
    method()

  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 680, in __configure_instance
    raise RuntimeError('Configuration of CA failed')

Anyone have any ideas?

Thanks,

Dan

More information about the Freeipa-users mailing list