Hi FreeIPA users, Please help find wat's going wrong while reinstalling freeipa...
2018-02-16T16:41:30Z DEBUG response body '<html>\n<head>\n<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>\n<title>Error 405 HTTP method POST is not supported by this URL</title$ 2018-02-16T16:41:30Z DEBUG The CA status is: check interrupted due to error: Retrieving CA status failed with status 405 2018-02-16T16:41:30Z DEBUG Waiting for CA to start... 2018-02-16T16:41:31Z DEBUG request POST http:// <hostname>:8080/ca/admin/ca/getStatus 2018-02-16T16:41:31Z DEBUG request body '' 2018-02-16T16:41:31Z DEBUG response status 405 2018-02-16T16:41:31Z DEBUG response headers Date: Fri, 16 Feb 2018 16:41:31 GMT Cache-Control: must-revalidate,no-cache,no-store Content-Type: text/html;charset=iso-8859-1 Content-Length: 408 Server: Jetty(9.3.z-SNAPSHOT) CA did not start in 300.0s CRITICAL Failed to restart the Dogtag instance.See the installation log for details. ERROR Unable to retrieve CA chain: Retrieving CA cert chain failed: list index out of range Also in log: 2018-02-16T16:35:12Z DEBUG stderr= 2018-02-16T16:35:12Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2018-02-16T16:35:12Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2018-02-16T16:35:12Z DEBUG Starting external process 2018-02-16T16:35:12Z DEBUG args=/bin/systemctl disable krb5kdc.service 2018-02-16T16:35:12Z DEBUG Process finished, return code=0 2018-02-16T16:35:12Z DEBUG stdout= 2018-02-16T16:35:12Z DEBUG stderr= 2018-02-16T16:35:12Z DEBUG duration: 0 seconds 2018-02-16T16:35:12Z DEBUG Done configuring Kerberos KDC (krb5kdc). 2018-02-16T16:35:12Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2018-02-16T16:35:12Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2018-02-16T16:35:12Z DEBUG Configuring kadmin 2018-02-16T16:35:12Z DEBUG [1/2]: starting kadmin 2018-02-16T16:35:12Z DEBUG Starting external process 2018-02-16T16:35:12Z DEBUG args=/bin/systemctl is-active kadmin.service 2018-02-16T16:35:12Z DEBUG Process finished, return code=3 2018-02-16T16:35:12Z DEBUG stdout=failed In /var/log/pki/pki-tomcat/ca/debug [16/Feb/2018:16:35:22][localhost-startStop-1]: LdapBoundConnFactory: init Property internaldb.ldapconn.port missing value ... [16/Feb/2018:16:36:20][http-bio-8443-exec-3]: CertificateAuthority:initSigUnit: ca.signing.cert not found Property ca.signing.cacertnickname missing value ... [16/Feb/2018:16:36:20][http-bio-8443-exec-3]: CA signing unit inited [16/Feb/2018:16:36:20][http-bio-8443-exec-3]: cachainNum= 0 Could not get or build CA chain. Error java.security.cert.CertificateException: Certificate is not a PKCS #11 certificate ... [16/Feb/2018:16:36:23][http-bio-8443-exec-3]: CertificateAuthority:initSigUnit: ca cert found [16/Feb/2018:16:36:23][http-bio-8443-exec-3]: CertificateAuthority: initSigUnit 1- setting mIssuerObj and mSubjectObj [16/Feb/2018:16:36:23][http-bio-8443-exec-3]: ca.signing Signing Unit nickname caSigningCert cert-pki-ca [16/Feb/2018:16:36:23][http-bio-8443-exec-3]: Got token Internal Key Storage Token by name [16/Feb/2018:16:36:23][http-bio-8443-exec-3]: Found cert by nickname: 'caSigningCert cert-pki-ca' with serial number: 1 [16/Feb/2018:16:36:23][http-bio-8443-exec-3]: converted to x509CertImpl [16/Feb/2018:16:36:23][http-bio-8443-exec-3]: Got private key from cert [16/Feb/2018:16:36:23][http-bio-8443-exec-3]: Got public key from cert [16/Feb/2018:16:36:23][http-bio-8443-exec-3]: got signing algorithm RSASignatureWithSHA256Digest [16/Feb/2018:16:36:23][http-bio-8443-exec-3]: CA signing unit inited [16/Feb/2018:16:36:23][http-bio-8443-exec-3]: cachainNum= 0 [16/Feb/2018:16:36:23][http-bio-8443-exec-3]: in init - got CA chain from JSS. [16/Feb/2018:16:36:23][http-bio-8443-exec-3]: ca.ocsp_signing Signing Unit nickname ocspSigningCert cert-pki-ca [16/Feb/2018:16:36:23][http-bio-8443-exec-3]: Got token Internal Key Storage Token by name [16/Feb/2018:16:36:23][http-bio-8443-exec-3]: Unable to find certificate ocspSigningCert cert-pki-ca [16/Feb/2018:16:36:23][http-bio-8443-exec-3]: SigningUnit: Certificate object not found Regards, Andrey
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org