Found this in the logs:
INFO: Server certificate: CN=ldap.app.uaap.maxar.com,OU=UAAP,O=Maxar
Technologies Inc,L=Herndon,ST=Virginia,C=US
WARNING: UNTRUSTED ISSUER encountered on
'CN=ldap.app.uaap.maxar.com,OU=UAAP,O=Maxar Technologies
Inc,L=Herndon,ST=Virginia,C=US' indicates a non-trusted CA cert 'CN=Maxar DS
Issuing CA East,DC=DS,DC=Maxar,DC=com'
Trust this certificate (y/N)? SEVERE: FATAL: SSL alert sent: BAD_CERTIFICATE
javax.ws.rs.ProcessingException: RESTEASY004655: Unable to invoke request
at
org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine.invoke(ApacheHttpClient4Engine.java:317)
at
org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:442)
at
org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:106)
at
org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76)
at com.sun.proxy.$Proxy23.getInfo(Unknown Source)
at org.dogtagpki.common.InfoClient.getInfo(InfoClient.java:43)
at com.netscape.certsrv.client.PKIClient.getInfo(PKIClient.java:221)
at com.netscape.cmstools.cli.MainCLI.getClient(MainCLI.java:603)
at org.dogtagpki.cli.CLI.getClient(CLI.java:207)
at com.netscape.cmstools.ca.CACLI.getSubsystemClient(CACLI.java:66)
at
com.netscape.cmstools.range.RangeRequestCLI.execute(RangeRequestCLI.java:80)
at org.dogtagpki.cli.CommandCLI.execute(CommandCLI.java:58)
at org.dogtagpki.cli.CLI.execute(CLI.java:357)
at org.dogtagpki.cli.CLI.execute(CLI.java:357)
at com.netscape.cmstools.cli.SubsystemCLI.execute(SubsystemCLI.java:79)
at org.dogtagpki.cli.CLI.execute(CLI.java:357)
at com.netscape.cmstools.cli.MainCLI.execute(MainCLI.java:665)
at com.netscape.cmstools.cli.MainCLI.main(MainCLI.java:701)
Caused by: java.io.IOException: SocketException cannot write on socket: Failed
to write to socket: (-12276) Unable to communicate securely with peer:
requested domain name does not match the server's certificate.
at org.mozilla.jss.ssl.SSLSocket.write(SSLSocket.java:1538)
at org.mozilla.jss.ssl.SSLOutputStream.write(SSLOutputStream.java:27)
at
org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:160)
at
org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:168)
at
org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:273)
at
org.apache.http.impl.AbstractHttpClientConnection.flush(AbstractHttpClientConnection.java:279)
at
org.apache.http.impl.conn.ManagedClientConnectionImpl.flush(ManagedClientConnectionImpl.java:188)
at
org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:241)
at
org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
at
org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:684)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:486)
at
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:836)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at
org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine.invoke(ApacheHttpClient4Engine.java:313)
... 17 more
Caused by: org.mozilla.jss.ssl.SSLSocketException: Failed to write to socket:
(-12276) Unable to communicate securely with peer: requested domain name does
not match the server's certificate.
at org.mozilla.jss.ssl.SSLSocket.socketWrite(Native Method)
at org.mozilla.jss.ssl.SSLSocket.write(SSLSocket.java:1532)
... 31 more
CalledProcessError: Command '['pki', '-d', '/etc/pki/pki-tomcat/alias', '-f',
'/etc/pki/pki-tomcat/password.conf', '-U',
'https://ldap01.app.uaap.maxar.com:443', 'ca-range-request', 'request',
'--install-token', '/tmp/tmp_nt6hud0/install-token', '--output-format', 'json',
'--debug']' returned non-zero exit status 255.
File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py",
line 586, in spawn
subsystem.request_ranges(master_url,
session_id=deployer.install_token.token)
File "/usr/lib/python3.6/site-packages/pki/server/subsystem.py", line 1119,
in request_ranges
master_url, 'request', session_id=session_id, install_token=install_token)
File "/usr/lib/python3.6/site-packages/pki/server/subsystem.py", line 1107,
in request_range
output = subprocess.check_output(cmd)
File "/usr/lib64/python3.6/subprocess.py", line 356, in check_output
**kwargs).stdout
File "/usr/lib64/python3.6/subprocess.py", line 438, in run
output=stdout, stderr=stderr)
2024-03-14T00:38:53Z CRITICAL Failed to configure CA instance
2024-03-14T00:38:53Z CRITICAL See the installation logs and the following
files/directories for more information:
2024-03-14T00:38:53Z CRITICAL /var/log/pki/pki-tomcat
2024-03-14T00:38:53Z DEBUG Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
635, in start_creation
run_step(full_msg, method)
File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
621, in run_step
method()
File "/usr/lib/python3.6/site-packages/ipaserver/install/cainstance.py", line
627, in __spawn_instance
nolog_list=nolog_list
File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py",
line 227, in spawn_instance
self.handle_setup_error(e)
File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py",
line 606, in handle_setup_error
) from None
RuntimeError: CA configuration failed.
2024-03-14T00:38:53Z DEBUG [error] RuntimeError: CA configuration failed.
2024-03-14T00:38:53Z DEBUG Removing /root/.dogtag/pki-tomcat/ca
2024-03-14T00:38:53Z DEBUG File
"/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py", line 781,
in run_script
return_value = main_function()
File "/sbin/ipa-ca-install", line 307, in main
install(safe_options, options)
File "/sbin/ipa-ca-install", line 273, in install
install_replica(safe_options, options)
File "/sbin/ipa-ca-install", line 210, in install_replica
ca.install(True, config, options, custodia=custodia)
File "/usr/lib/python3.6/site-packages/ipaserver/install/ca.py", line 270, in
install
install_step_0(standalone, replica_config, options, custodia=custodia)
File "/usr/lib/python3.6/site-packages/ipaserver/install/ca.py", line 355, in
install_step_0
pki_config_override=options.pki_config_override,
File "/usr/lib/python3.6/site-packages/ipaserver/install/cainstance.py", line
501, in configure_instance
self.start_creation(runtime=runtime)
File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
635, in start_creation
run_step(full_msg, method)
File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
621, in run_step
method()
File "/usr/lib/python3.6/site-packages/ipaserver/install/cainstance.py", line
627, in __spawn_instance
nolog_list=nolog_list
File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py",
line 227, in spawn_instance
self.handle_setup_error(e)
File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py",
line 606, in handle_setup_error
) from None
2024-03-14T00:38:53Z DEBUG The ipa-ca-install command failed, exception:
RuntimeError: CA configuration failed.
Is the installation failing because the:
INFO: Server certificate: CN=ldap.app.uaap.maxar.com,OU=UAAP,O=Maxar
Technologies Inc,L=Herndon,ST=Virginia,C=US
WARNING: UNTRUSTED ISSUER encountered on
'CN=ldap.app.uaap.maxar.com,OU=UAAP,O=Maxar Technologies
Inc,L=Herndon,ST=Virginia,C=US' indicates a non-trusted CA cert 'CN=Maxar DS
Issuing CA East,DC=DS,DC=Maxar,DC=com'
Trust this certificate (y/N)? SEVERE: FATAL: SSL alert sent: BAD_CERTIFICATE
?? how do I pass a "Y" to this script?
//omar
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
