lejeczek via FreeIPA-users wrote: > hi guys, > > I have a working domain off Centos 7's VERSION: 4.6.8, API_VERSION: > 2.237 and now I'm adding Centos 8's VERSION: 4.8.4, API_VERSION: 2.235. > Adding Centos 8 replica worked okey and now with on that new replica/master: > > $ ipa-ca-install > > I get: > > Run connection check to master > Connection check OK > Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes > [1/27]: creating certificate server db > [2/27]: setting up initial replication > Starting replication, please wait until this has completed. > Update in progress, 8 seconds elapsed > Update succeeded > > [3/27]: creating ACIs for admin > [4/27]: creating installation admin user > [5/27]: configuring certificate server instance > ipaserver.install.dogtaginstance: CRITICAL Failed to configure CA > instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', > '-f', '/tmp/tmpwodqkt5b'] returned non-zero exit status 1: 'Notice: > Trust flag u is set automatically if the private key is > present.\nWARNING: Unable to modify o=ipaca: > netscape.ldap.LDAPException: error result (20); Type or value > exists\nERROR: Exception: Server unreachable due to SSL error: [SSL: > WRONG_VERSION_NUMBER] wrong version number (_ssl.c:897)\n File > "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 562, in > main\n scriptlet.spawn(deployer)\n File > "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", > line 836, in spawn\n request_timeout=status_request_timeout,\n File > "/usr/lib/python3.6/site-packages/pki/server/deployment/pkihelper.py", > line 911, in wait_for_startup\n raise Exception(\'Server unreachable > due to SSL error: %s\' % reason) from exc\n\n') > ipaserver.install.dogtaginstance: CRITICAL See the installation logs and > the following files/directories for more information: > ipaserver.install.dogtaginstance: CRITICAL /var/log/pki/pki-tomcat > [error] RuntimeError: CA configuration failed. > > > and I wonder if it fails because it should, because these two versions > will not! work together or the problem of some other cause not related > to the fact different versions are used?
This isn't an issue with mixed versions. The problem is openjdk 1.8.0.272 whcih caused some TLS regressions (https://bugzilla.redhat.com/show_bug.cgi?id=1892216). Downgrade to 1.8.0.265 and it should work. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
