[Freeipa-users] Cant setup replica (freeipa 4.1.3), problem with pki

Łukasz Jaworski ender at kofeina.net
Wed Oct 7 06:35:11 UTC 2015 

Hi,

I have problem with setup new replicas.
I tried setup two replicas, both failed with the same error.

environment:
Fedora 21

packages:
freeipa-server-4.1.3-2.fc21.x86_64
389-ds-base-1.3.3.8-1.fc21.x86_64
389-ds-base-libs-1.3.3.8-1.fc21.x86_64
pki-server-10.2.0-5.fc21.noarch

same on server and replicas


Output from ipa-replica-install:
(…)
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds
  [1/22]: creating certificate server user  
  [2/22]: configuring certificate server instance
  [3/22]: stopping certificate server instance to update CS.cfg
  [4/22]: backing up CS.cfg
  [5/22]: disabling nonces
  [6/22]: set up CRL publishing
  [7/22]: enable PKIX certificate path discovery and validation
  [8/22]: starting certificate server instance
  [error] RuntimeError: CA did not start in 300.0s

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

>From /var/log/ipareplica.log
2015-10-07T06:25:58Z DEBUG The CA status is: check interrupted
2015-10-07T06:25:58Z DEBUG Waiting for CA to start...
2015-10-07T06:25:59Z DEBUG Starting external process
2015-10-07T06:25:59Z DEBUG args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://182.example.com:8443/ca/admin/c
a/getStatus'
2015-10-07T06:25:59Z DEBUG Process finished, return code=8
2015-10-07T06:25:59Z DEBUG stdout=
2015-10-07T06:25:59Z DEBUG stderr=--2015-10-07 08:25:59--  https://182.example.com:8443/ca/admin/ca/getStatus
Resolving 182.example.com (182.example.com)... xx.xx.xx.xx
Connecting to 182.example.com (182.example.com)|xx.xx.xx.xx|:8443... connected.
WARNING: cannot verify 182.example.com's certificate, issued by ‘CN=Certificate Authority,O=ecample.com’:
  Self-signed certificate encountered.
HTTP request sent, awaiting response... 
  HTTP/1.1 500 Internal Server Error
  Server: Apache-Coyote/1.1
  Content-Type: text/html;charset=utf-8
  Content-Language: en
  Content-Length: 2923
  Date: Wed, 07 Oct 2015 06:25:59 GMT
  Connection: close
2015-10-07 08:25:59 ERROR 500: Internal Server Error.

Any idea?

Best regards,
Ender

-- 
Łukasz Jaworski

More information about the Freeipa-users mailing list