There is no support for FUTURE policy and will never be. Once components of the FUTURE policy get trickled down to DEFAULT and FIPS, they get tested against and supported. However, running in FUTURE is not supported.
/ Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland On Thu, 29 May 2025, 15.56 Entrepreneur AJ via FreeIPA-users, < freeipa-users@lists.fedorahosted.org> wrote: > Cross posted on > https://lists.dogtagpki.org/archives/list/us...@lists.dogtagpki.org/thread/O2AM4FVGCREE2M6TNGZRTSOJNK32C54K/ > but looks like the community there has dwindled: > > On a fresh install of Alma Linux 9.6 I ran update-crypto-policies --set > FUTURE then > rebooted my system. > > I then attempted to install FreeIPA Server which failed due with the > following message: > 2025-05-29T12:26:11Z DEBUG The ipa-server-install command failed, > exception: RuntimeError: > CA configuration failed. > 2025-05-29T12:26:11Z ERROR CA configuration failed. > 2025-05-29T12:26:11Z ERROR The ipa-server-install command failed. See > /var/log/ipaserver-install.log for more information > > I looked further back in the logs to find: > INFO: Creating new temp SSL server cert for ipa1.man-gb.eajglobal.net > DEBUG: Command: pki -d /var/lib/pki/pki-tomcat/conf/alias -f > /var/lib/pki/pki-tomcat/conf/password.conf nss-cert-request --subject > cn=ipa1.man-gb.eajglobal.net,o=2025-05-29 13:25:36 --csr > /tmp/tmpdvz_k8lc/sslserver.csr > --key-type RSA --key-size 2048 --hash SHA256 --debug > FINE: Initializing NSS > FINE: Logging into internal token > FINE: Using internal token > FINE: NSSDatabase: Creating RSA key > FINE: NSSDatabase: - size: 2048 > FINE: CryptoUtil: Generating KRA key pair > FINE: CryptoUtil: - temporary: null > FINE: CryptoUtil: - sensitive: null > FINE: CryptoUtil: - extractable: null > FINE: CryptoUtil: generateRSAKeyPair with key usage > FINE: CryptoUtil: generateRSAKeyPair with key usage mask > FINE: CryptoUtil: - key size: 2048 > WARNING: Ignored jss.crypto.Policy violation: unsafe RSA key size of 2048. > Policy.RSA_MINIMUM_KEY_SIZE dictates a minimum of 4096 > FINE: NSSDatabase: Creating PKCS #10 request > FINE: NSSDatabase: - subjecct: cn=ipa1.man-gb.eajglobal.net,o=2025-05-29 > 13:25:36 > FINE: NSSDatabase: - algorithm: SHA256withRSA > FINE: CryptoUtil: Creating PKCS #10 request > FINE: CryptoUtil: - algorithm: SHA256withRSA > java.security.InvalidKeyException: Token exception occurred: Unable to > create signing > context: (-8011) Unknown error > at > > org.mozilla.jss.provider.java.security.JSSSignatureSpi.engineInitSign(JSSSignatureSpi.java:60) > at > java.base/java.security.Signature$Delegate.engineInitSign(Signature.java:1370) > at java.base/java.security.Signature.initSign(Signature.java:635) > at > com.netscape.cmsutil.crypto.CryptoUtil.createPKCS10Request(CryptoUtil.java:1124) > at > org.dogtagpki.nss.NSSDatabase.createPKCS10Request(NSSDatabase.java:1109) > at > com.netscape.cmstools.nss.NSSCertRequestCLI.execute(NSSCertRequestCLI.java:152) > at org.dogtagpki.cli.CommandCLI.execute(CommandCLI.java:58) > at org.dogtagpki.cli.CLI.execute(CLI.java:353) > at org.dogtagpki.cli.CLI.execute(CLI.java:353) > at org.dogtagpki.cli.CLI.execute(CLI.java:353) > at com.netscape.cmstools.cli.MainCLI.execute(MainCLI.java:680) > at com.netscape.cmstools.cli.MainCLI.main(MainCLI.java:719) > Caused by: org.mozilla.jss.crypto.TokenException: Unable to create signing > context: > (-8011) Unknown error > at org.mozilla.jss.pkcs11.PK11Signature.initSigContext(Native > Method) > at > org.mozilla.jss.pkcs11.PK11Signature.engineInitSign(PK11Signature.java:133) > at org.mozilla.jss.crypto.Signature.initSign(Signature.java:56) > at > > org.mozilla.jss.provider.java.security.JSSSignatureSpi.engineInitSign(JSSSignatureSpi.java:56) > ... 11 more > ERROR: CalledProcessError: Command '['runuser', '-u', > 'pkiuser', '--', 'pki', '-d', > '/var/lib/pki/pki-tomcat/conf/alias', '-f', > '/var/lib/pki/pki-tomcat/conf/password.conf', 'nss-cert-request', > '--subject', 'cn=ipa1.man-gb.eajglobal.net,o=2025-05-29 13:25:36', > '--csr', '/tmp/tmpdvz_k8lc/sslserver.csr', '--key-type', > 'RSA', '--key-size', '2048', '--hash', 'SHA256', > '--debug']' returned non-zero exit status 255. > File "/usr/lib/python3.9/site-packages/pki/server/pkispawn.py", line > 594, in > main > deployer.spawn() > File > "/usr/lib/python3.9/site-packages/pki/server/deployment/__init__.py", > line 5986, in spawn > scriptlet.spawn(self) > File > > "/usr/lib/python3.9/site-packages/pki/server/deployment/scriptlets/configuration.py", > line 114, in spawn > deployer.create_temp_sslserver_cert() > File > "/usr/lib/python3.9/site-packages/pki/server/deployment/__init__.py", > line 3403, in create_temp_sslserver_cert > nssdb.create_request( > File "/usr/lib/python3.9/site-packages/pki/nssdb.py", line 1009, in > create_request > self.__create_request( > File "/usr/lib/python3.9/site-packages/pki/nssdb.py", line 1608, in > __create_request > self.run(cmd, check=True, runas=True) > File "/usr/lib/python3.9/site-packages/pki/nssdb.py", line 332, in run > result = subprocess.run( > File "/usr/lib64/python3.9/subprocess.py", line 528, in run > raise CalledProcessError(retcode, process.args, > > > 2025-05-29T12:26:11Z CRITICAL Failed to configure CA instance > 2025-05-29T12:26:11Z CRITICAL See the installation logs and the following > files/directories for more information: > 2025-05-29T12:26:11Z CRITICAL /var/log/pki/pki-tomcat > > The only log file in /var/log/pki or it's sub directories that had any > logs was > pki-ca-spawn, the logs are as follows: > 2025-05-29 13:25:36 INFO: Connecting to LDAP server at > ldap://ipa1.man-gb.eajglobal.net:389 > 2025-05-29 13:25:36 INFO: Connecting to LDAP server at > ldap://ipa1.man-gb.eajglobal.net:389 > 2025-05-29 13:25:36 INFO: BEGIN spawning CA subsystem in pki-tomcat > instance > 2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat > 2025-05-29 13:25:36 INFO: Loading global Tomcat config: > /etc/tomcat/tomcat.conf > 2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: > /usr/share/pki/etc/tomcat.conf > 2025-05-29 13:25:36 INFO: Loading external certs from > /var/lib/pki/pki-tomcat/conf/external_certs.conf > 2025-05-29 13:25:36 INFO: File does not exist: > /var/lib/pki/pki-tomcat/conf/external_certs.conf > 2025-05-29 13:25:36 INFO: Reusing pkiuser group (GID: 17) > 2025-05-29 13:25:36 INFO: Reusing pkiuser user (UID: 17) > 2025-05-29 13:25:36 DEBUG: Retrieving UID for 'pkiuser' > 2025-05-29 13:25:36 DEBUG: UID of 'pkiuser' is 17 > 2025-05-29 13:25:36 DEBUG: Retrieving GID for 'pkiuser' > 2025-05-29 13:25:36 DEBUG: GID of 'pkiuser' is 17 > 2025-05-29 13:25:36 INFO: Initialization > 2025-05-29 13:25:36 INFO: Setting up infrastructure > 2025-05-29 13:25:36 INFO: Preparing pki-tomcat instance > 2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat > 2025-05-29 13:25:36 INFO: Loading global Tomcat config: > /etc/tomcat/tomcat.conf > 2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: > /usr/share/pki/etc/tomcat.conf > 2025-05-29 13:25:36 INFO: Loading external certs from > /var/lib/pki/pki-tomcat/conf/external_certs.conf > 2025-05-29 13:25:36 INFO: File does not exist: > /var/lib/pki/pki-tomcat/conf/external_certs.conf > 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat > 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat > 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/bin to > /usr/share/tomcat/bin > 2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/tomcat/bin > /var/lib/pki/pki-tomcat/bin > 2025-05-29 13:25:36 INFO: Creating /etc/pki/pki-tomcat > 2025-05-29 13:25:36 DEBUG: Command: mkdir /etc/pki/pki-tomcat > 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf to > /etc/pki/pki-tomcat > 2025-05-29 13:25:36 DEBUG: Command: ln -s /etc/pki/pki-tomcat > /var/lib/pki/pki-tomcat/conf > 2025-05-29 13:25:36 INFO: Creating /var/log/pki/pki-tomcat > 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/log/pki/pki-tomcat > 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/logs to > /var/log/pki/pki-tomcat > 2025-05-29 13:25:36 DEBUG: Command: ln -s /var/log/pki/pki-tomcat > /var/lib/pki/pki-tomcat/logs > 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/lib to > /usr/share/pki/server/lib > 2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/pki/server/lib > /var/lib/pki/pki-tomcat/lib > 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/common > 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/common > 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/common/lib to > /usr/share/pki/server/common/lib > 2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/pki/server/common/lib > /var/lib/pki/pki-tomcat/common/lib > 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/temp > 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/temp > 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/work > 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/work > 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/certs > 2025-05-29 13:25:36 DEBUG: Command: mkdir > /var/lib/pki/pki-tomcat/conf/certs > 2025-05-29 13:25:36 INFO: Copying /etc/tomcat/server.xml to > /var/lib/pki/pki-tomcat/conf/server.xml > 2025-05-29 13:25:36 DEBUG: Command: cp /etc/tomcat/server.xml > /var/lib/pki/pki-tomcat/conf/server.xml > 2025-05-29 13:25:36 INFO: Removing LockOutRealm > 2025-05-29 13:25:36 INFO: Removing UserDatabase > 2025-05-29 13:25:36 INFO: Updating AccessLogValve > 2025-05-29 13:25:36 INFO: Configuring Tomcat admin port > 2025-05-29 13:25:36 INFO: Removing AprLifecycleListener > 2025-05-29 13:25:36 INFO: Adding PKIListener > 2025-05-29 13:25:36 INFO: Configuring HTTP connector > 2025-05-29 13:25:36 INFO: Adding HTTPS connector > 2025-05-29 13:25:36 INFO: Adding SSL host configuration > 2025-05-29 13:25:36 INFO: Adding SSL certificate configuration > 2025-05-29 13:25:36 INFO: Adding RewriteValve > 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/Catalina > 2025-05-29 13:25:36 DEBUG: Command: mkdir > /var/lib/pki/pki-tomcat/conf/Catalina > 2025-05-29 13:25:36 INFO: Creating > /var/lib/pki/pki-tomcat/conf/Catalina/localhost > 2025-05-29 13:25:36 DEBUG: Command: mkdir > /var/lib/pki/pki-tomcat/conf/Catalina/localhost > 2025-05-29 13:25:36 INFO: Linking > /var/lib/pki/pki-tomcat/conf/Catalina/localhost/rewrite.config to > /usr/share/pki/server/conf/Catalina/localhost/rewrite.config > 2025-05-29 13:25:36 DEBUG: Command: ln -s > /usr/share/pki/server/conf/Catalina/localhost/rewrite.config > /var/lib/pki/pki-tomcat/conf/Catalina/localhost/rewrite.config > 2025-05-29 13:25:36 INFO: Adding AJP connector for IPv4 > 2025-05-29 13:25:36 INFO: Adding AJP connector for IPv6 > 2025-05-29 13:25:36 INFO: Updating AccessLogValve > 2025-05-29 13:25:36 INFO: Linking > /var/lib/pki/pki-tomcat/conf/catalina.properties to > /usr/share/pki/server/conf/catalina.properties > 2025-05-29 13:25:36 DEBUG: Command: ln -s > /usr/share/pki/server/conf/catalina.properties > /var/lib/pki/pki-tomcat/conf/catalina.properties > 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf/context.xml > to > /etc/tomcat/context.xml > 2025-05-29 13:25:36 DEBUG: Command: ln -s /etc/tomcat/context.xml > /var/lib/pki/pki-tomcat/conf/context.xml > 2025-05-29 13:25:36 INFO: Linking > /var/lib/pki/pki-tomcat/conf/logging.properties to > /usr/share/pki/server/conf/logging.properties > 2025-05-29 13:25:36 DEBUG: Command: ln -s > /usr/share/pki/server/conf/logging.properties > /var/lib/pki/pki-tomcat/conf/logging.properties > 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf/web.xml to > /etc/tomcat/web.xml > 2025-05-29 13:25:36 DEBUG: Command: ln -s /etc/tomcat/web.xml > /var/lib/pki/pki-tomcat/conf/web.xml > 2025-05-29 13:25:36 INFO: Using specified server NSS database password > 2025-05-29 13:25:36 INFO: Using specified internal database password > 2025-05-29 13:25:36 INFO: Generating random replication manager password > 2025-05-29 13:25:36 INFO: Creating > /var/lib/pki/pki-tomcat/conf/password.conf > 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/alias > 2025-05-29 13:25:36 DEBUG: Command: mkdir > /var/lib/pki/pki-tomcat/conf/alias > 2025-05-29 13:25:36 INFO: Creating NSS database: > /var/lib/pki/pki-tomcat/conf/alias > 2025-05-29 13:25:36 DEBUG: Command: certutil -N -d > /var/lib/pki/pki-tomcat/conf/alias -f > /tmp/tmp2c_5a4u2/internal_password.txt > 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/alias to > /var/lib/pki/pki-tomcat/conf/alias > 2025-05-29 13:25:36 DEBUG: Command: ln -s > /var/lib/pki/pki-tomcat/conf/alias > /var/lib/pki/pki-tomcat/alias > 2025-05-29 13:25:36 INFO: Creating /etc/sysconfig/pki-tomcat > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/server/conf/tomcat.conf > /etc/sysconfig/pki-tomcat > 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/tomcat.conf > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/server/conf/tomcat.conf > /var/lib/pki/pki-tomcat/conf/tomcat.conf > 2025-05-29 13:25:36 INFO: Deploying ROOT web application > 2025-05-29 13:25:36 INFO: Creating > /var/lib/pki/pki-tomcat/conf/Catalina/localhost/ROOT.xml > 2025-05-29 13:25:36 INFO: Deploying pki web application > 2025-05-29 13:25:36 INFO: Creating > /var/lib/pki/pki-tomcat/conf/Catalina/localhost/pki.xml > 2025-05-29 13:25:36 INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat > 2025-05-29 13:25:36 DEBUG: Command: mkdir > /etc/sysconfig/pki/tomcat/pki-tomcat > 2025-05-29 13:25:36 INFO: Creating > /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/setup/pkidaemon_registry > /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat > 2025-05-29 13:25:36 INFO: Creating > /etc/systemd/system/pki-tomcatd(a)pki-tomcat.service.d > 2025-05-29 13:25:36 DEBUG: Command: mkdir > /etc/systemd/system/pki-tomcatd(a)pki-tomcat.service.d > 2025-05-29 13:25:36 DEBUG: Command: systemctl daemon-reload > 2025-05-29 13:25:36 INFO: Linking > /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd(a)pki-tomcat.service > to > /lib/systemd/system/pki-tomcatd@.service > 2025-05-29 13:25:36 DEBUG: Command: ln -s /lib/systemd/system/pki-tomcatd@ > .service > > /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd(a)pki-tomcat.service > 2025-05-29 13:25:36 INFO: Creating CA subsystem > 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/ca > 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca > 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/registry to > /etc/sysconfig/pki/tomcat/pki-tomcat > 2025-05-29 13:25:36 DEBUG: Command: ln -s > /etc/sysconfig/pki/tomcat/pki-tomcat > /var/lib/pki/pki-tomcat/ca/registry > 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/ca > 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/ca > 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/conf to > /var/lib/pki/pki-tomcat/conf/ca > 2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/conf/ca > /var/lib/pki/pki-tomcat/ca/conf > 2025-05-29 13:25:36 INFO: Storing subsystem config: > /var/lib/pki/pki-tomcat/conf/ca/CS.cfg > 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/registry.cfg to > /var/lib/pki/pki-tomcat/conf/ca/registry.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/registry.cfg > /var/lib/pki/pki-tomcat/conf/ca/registry.cfg > 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/logs/ca > 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/logs/ca > 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/logs to > /var/lib/pki/pki-tomcat/logs/ca > 2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/logs/ca > /var/lib/pki/pki-tomcat/ca/logs > 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/logs/ca/archive > 2025-05-29 13:25:36 DEBUG: Command: mkdir > /var/lib/pki/pki-tomcat/logs/ca/archive > 2025-05-29 13:25:36 INFO: Creating > /var/lib/pki/pki-tomcat/logs/ca/signedAudit > 2025-05-29 13:25:36 DEBUG: Command: mkdir > /var/lib/pki/pki-tomcat/logs/ca/signedAudit > 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/alias to > /var/lib/pki/pki-tomcat/alias > 2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/alias > /var/lib/pki/pki-tomcat/ca/alias > 2025-05-29 13:25:36 INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca > 2025-05-29 13:25:36 DEBUG: Command: mkdir > /etc/sysconfig/pki/tomcat/pki-tomcat/ca > 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/server/etc/default.cfg to > /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/server/etc/default.cfg > /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg > 2025-05-29 13:25:36 INFO: Creating /tmp/tmpmh3m7z49/CS.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/CS.cfg > /tmp/tmpmh3m7z49/CS.cfg > 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/emails to > /var/lib/pki/pki-tomcat/conf/ca/emails > 2025-05-29 13:25:36 DEBUG: Command: mkdir > /var/lib/pki/pki-tomcat/conf/ca/emails > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/ExpiredUnpublishJob > /var/lib/pki/pki-tomcat/conf/ca/emails/ExpiredUnpublishJob > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/ExpiredUnpublishJobItem > /var/lib/pki/pki-tomcat/conf/ca/emails/ExpiredUnpublishJobItem > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/certIssued_CA > /var/lib/pki/pki-tomcat/conf/ca/emails/certIssued_CA > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/certIssued_CA.html > /var/lib/pki/pki-tomcat/conf/ca/emails/certIssued_CA.html > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/certIssued_RA > /var/lib/pki/pki-tomcat/conf/ca/emails/certIssued_RA > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/certIssued_RA.html > /var/lib/pki/pki-tomcat/conf/ca/emails/certIssued_RA.html > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/certRequestRejected.html > /var/lib/pki/pki-tomcat/conf/ca/emails/certRequestRejected.html > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/certRevoked_CA > /var/lib/pki/pki-tomcat/conf/ca/emails/certRevoked_CA > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/certRevoked_CA.html > /var/lib/pki/pki-tomcat/conf/ca/emails/certRevoked_CA.html > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/certRevoked_RA > /var/lib/pki/pki-tomcat/conf/ca/emails/certRevoked_RA > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/certRevoked_RA.html > /var/lib/pki/pki-tomcat/conf/ca/emails/certRevoked_RA.html > 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/euJob1.html > /var/lib/pki/pki-tomcat/conf/ca/emails/euJob1.html > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/euJob1Item.html > /var/lib/pki/pki-tomcat/conf/ca/emails/euJob1Item.html > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/publishCerts.html > /var/lib/pki/pki-tomcat/conf/ca/emails/publishCerts.html > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/publishCertsItem.html > /var/lib/pki/pki-tomcat/conf/ca/emails/publishCertsItem.html > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/reqInQueue_CA > /var/lib/pki/pki-tomcat/conf/ca/emails/reqInQueue_CA > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/reqInQueue_CA.html > /var/lib/pki/pki-tomcat/conf/ca/emails/reqInQueue_CA.html > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/reqInQueue_RA > /var/lib/pki/pki-tomcat/conf/ca/emails/reqInQueue_RA > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/reqInQueue_RA.html > /var/lib/pki/pki-tomcat/conf/ca/emails/reqInQueue_RA.html > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/riq1Item.html > /var/lib/pki/pki-tomcat/conf/ca/emails/riq1Item.html > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/riq1Summary.html > /var/lib/pki/pki-tomcat/conf/ca/emails/riq1Summary.html > 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1.txt > /var/lib/pki/pki-tomcat/conf/ca/emails/rnJob1.txt > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/rnJob1Item.txt > /var/lib/pki/pki-tomcat/conf/ca/emails/rnJob1Item.txt > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/emails/rnJob1Summary.txt > /var/lib/pki/pki-tomcat/conf/ca/emails/rnJob1Summary.txt > 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/emails to > /var/lib/pki/pki-tomcat/conf/ca/emails > 2025-05-29 13:25:36 DEBUG: Command: ln -s > /var/lib/pki/pki-tomcat/conf/ca/emails > /var/lib/pki/pki-tomcat/ca/emails > 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/profiles to > /var/lib/pki/pki-tomcat/conf/ca/profiles > 2025-05-29 13:25:36 DEBUG: Command: mkdir > /var/lib/pki/pki-tomcat/conf/ca/profiles > 2025-05-29 13:25:36 DEBUG: Command: mkdir > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/DomainController.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/DomainController.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/ECAdminCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/ECAdminCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/acmeServerCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/acmeServerCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caAdminCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caAdminCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caAgentFileSigning.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caAgentFileSigning.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caAgentServerCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caAgentServerCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caAuditSigningCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caAuditSigningCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caCACert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCACert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caCMCECUserCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCECUserCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caCMCECserverCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCECserverCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caCMCECserverCertWithCRLDP.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCECserverCertWithCRLDP.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caCMCECsubsystemCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCECsubsystemCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caCMCUserCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCUserCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caCMCauditSigningCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCauditSigningCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCcaCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caCMCcaIssuanceProtectionCert.cfg > > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCcaIssuanceProtectionCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caCMCkraStorageCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCkraStorageCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caCMCkraTransportCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCkraTransportCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caCMCocspCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCocspCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caCMCserverCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCserverCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caCMCserverCertWithCRLDP.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCserverCertWithCRLDP.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caCMCsubsystemCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCsubsystemCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caCrossSignedCACert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCrossSignedCACert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caDirBasedDualCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDirBasedDualCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caDirPinUserCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDirPinUserCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caDirUserCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDirUserCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caDirUserRenewal.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDirUserRenewal.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caDualCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDualCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caDualRAuserCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDualRAuserCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caECAdminCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECAdminCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caECAgentServerCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECAgentServerCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caECDirPinUserCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECDirPinUserCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caECDirUserCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECDirUserCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caECDualCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECDualCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caECFullCMCUserCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECFullCMCUserCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caECFullCMCUserSignedCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECFullCMCUserSignedCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caECInternalAuthServerCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECInternalAuthServerCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg > > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caECServerCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECServerCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caECServerCertWithCRLDP.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECServerCertWithCRLDP.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caECServerCertWithSCT.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECServerCertWithSCT.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caECSimpleCMCUserCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECSimpleCMCUserCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caECSubsystemCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECSubsystemCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caECUserCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECUserCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caEncECUserCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caEncECUserCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caEncUserCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caEncUserCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caFullCMCSharedTokenCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caFullCMCSharedTokenCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caFullCMCUserCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caFullCMCUserCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caFullCMCUserSignedCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caFullCMCUserSignedCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caIPAserviceCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caInstallCACert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInstallCACert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg > > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg > > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caInternalAuthOCSPCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthOCSPCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caInternalAuthServerCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthServerCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caInternalAuthSubsystemCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthSubsystemCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caInternalAuthTransportCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthTransportCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caJarSigningCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caJarSigningCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caManualRenewal.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caManualRenewal.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caOCSPCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caOCSPCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caOtherCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caOtherCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caRACert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRACert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caRARouterCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRARouterCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caRAagentCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRAagentCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caRAserverCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRAserverCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caRouterCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRouterCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caSSLClientSelfRenewal.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSSLClientSelfRenewal.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caServerCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caServerCertWithCRLDP.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerCertWithCRLDP.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caServerCertWithSCT.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerCertWithSCT.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caServerKeygen_DirUserCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerKeygen_DirUserCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caServerKeygen_UserCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerKeygen_UserCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caSignedLogCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSignedLogCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caSigningECUserCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSigningECUserCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caSigningUserCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSigningUserCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caSimpleCMCUserCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSimpleCMCUserCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caStorageCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caStorageCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caSubsystemCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSubsystemCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caTPSCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTPSCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg > > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg > > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg > > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caTokenMSLoginEnrollment.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenMSLoginEnrollment.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg > > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg > > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg > > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg > > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg > > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg > > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caTransportCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTransportCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caUUIDdeviceCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caUUIDdeviceCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caUserCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caUserCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/caUserSMIMEcapCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caUserSMIMEcapCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/estServiceCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/estServiceCert.cfg > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/profiles/ca/AdminCert.cfg > /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/AdminCert.cfg > 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/profiles to > /var/lib/pki/pki-tomcat/conf/ca/profiles > 2025-05-29 13:25:36 DEBUG: Command: ln -s > /var/lib/pki/pki-tomcat/conf/ca/profiles > /var/lib/pki/pki-tomcat/ca/profiles > 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/flatfile.txt to > /var/lib/pki/pki-tomcat/conf/ca/flatfile.txt > 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/flatfile.txt > /var/lib/pki/pki-tomcat/conf/ca/flatfile.txt > 2025-05-29 13:25:36 INFO: Copying > /usr/share/pki/ca/conf/rsaAdminCert.profile to > /var/lib/pki/pki-tomcat/conf/ca/adminCert.profile > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/conf/rsaAdminCert.profile > /var/lib/pki/pki-tomcat/conf/ca/adminCert.profile > 2025-05-29 13:25:36 INFO: Copying > /usr/share/pki/ca/conf/caAuditSigningCert.profile to > /var/lib/pki/pki-tomcat/conf/ca/caAuditSigningCert.profile > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/conf/caAuditSigningCert.profile > /var/lib/pki/pki-tomcat/conf/ca/caAuditSigningCert.profile > 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/caCert.profile to > /var/lib/pki/pki-tomcat/conf/ca/caCert.profile > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/conf/caCert.profile > /var/lib/pki/pki-tomcat/conf/ca/caCert.profile > 2025-05-29 13:25:36 INFO: Copying > /usr/share/pki/ca/conf/caOCSPCert.profile to > /var/lib/pki/pki-tomcat/conf/ca/caOCSPCert.profile > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/conf/caOCSPCert.profile > /var/lib/pki/pki-tomcat/conf/ca/caOCSPCert.profile > 2025-05-29 13:25:36 INFO: Copying > /usr/share/pki/ca/conf/rsaServerCert.profile to > /var/lib/pki/pki-tomcat/conf/ca/serverCert.profile > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/conf/rsaServerCert.profile > /var/lib/pki/pki-tomcat/conf/ca/serverCert.profile > 2025-05-29 13:25:36 INFO: Copying > /usr/share/pki/ca/conf/rsaSubsystemCert.profile to > /var/lib/pki/pki-tomcat/conf/ca/subsystemCert.profile > 2025-05-29 13:25:36 DEBUG: Command: cp > /usr/share/pki/ca/conf/rsaSubsystemCert.profile > /var/lib/pki/pki-tomcat/conf/ca/subsystemCert.profile > 2025-05-29 13:25:36 INFO: Creating > /var/lib/pki/pki-tomcat/conf/ca/proxy.conf > 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/proxy.conf > /var/lib/pki/pki-tomcat/conf/ca/proxy.conf > 2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat > 2025-05-29 13:25:36 INFO: Loading global Tomcat config: > /etc/tomcat/tomcat.conf > 2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: > /usr/share/pki/etc/tomcat.conf > 2025-05-29 13:25:36 INFO: Loading instance Tomcat config: > /var/lib/pki/pki-tomcat/conf/tomcat.conf > 2025-05-29 13:25:36 INFO: Loading password config: > /var/lib/pki/pki-tomcat/conf/password.conf > 2025-05-29 13:25:36 INFO: Loading subsystem config: > /var/lib/pki/pki-tomcat/conf/ca/CS.cfg > 2025-05-29 13:25:36 INFO: Loading subsystem registry: > /var/lib/pki/pki-tomcat/conf/ca/registry.cfg > 2025-05-29 13:25:36 INFO: Loading instance registry: > /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat > 2025-05-29 13:25:36 DEBUG: - user: pkiuser > 2025-05-29 13:25:36 DEBUG: - group: pkiuser > 2025-05-29 13:25:36 INFO: Loading external certs from > /var/lib/pki/pki-tomcat/conf/external_certs.conf > 2025-05-29 13:25:36 INFO: File does not exist: > /var/lib/pki/pki-tomcat/conf/external_certs.conf > 2025-05-29 13:25:36 INFO: Enabling HTTP proxy > 2025-05-29 13:25:36 INFO: Setting proxy.securePort to 443 > 2025-05-29 13:25:36 INFO: Setting proxy.unsecurePort to 80 > 2025-05-29 13:25:36 INFO: Setting subsystem.1.class to > com.netscape.cmscore.profile.LDAPProfileSubsystem > 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(signing) > 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(signing) > 2025-05-29 13:25:36 INFO: Setting ca.signing.nickname to caSigningCert > cert-pki-ca > 2025-05-29 13:25:36 INFO: Setting ca.signing.tokenname to internal > 2025-05-29 13:25:36 INFO: Setting ca.cert.signing.nickname to > caSigningCert cert-pki-ca > 2025-05-29 13:25:36 INFO: Setting ca.signing.defaultSigningAlgorithm to > SHA256withRSA > 2025-05-29 13:25:36 INFO: Setting ca.crl.MasterCRL.signingAlgorithm to > SHA256withRSA > 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(ocsp_signing) > 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(ocsp_signing) > 2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.nickname to > ocspSigningCert cert-pki-ca > 2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.tokenname to internal > 2025-05-29 13:25:36 INFO: Setting ca.cert.ocsp_signing.nickname to > ocspSigningCert > cert-pki-ca > 2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.defaultSigningAlgorithm > to > SHA256withRSA > 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(sslserver) > 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(sslserver) > 2025-05-29 13:25:36 INFO: Setting ca.sslserver.nickname to Server-Cert > cert-pki-ca > 2025-05-29 13:25:36 INFO: Setting ca.sslserver.tokenname to internal > 2025-05-29 13:25:36 INFO: Setting ca.cert.sslserver.nickname to > Server-Cert cert-pki-ca > 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(subsystem) > 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(subsystem) > 2025-05-29 13:25:36 INFO: Setting ca.subsystem.nickname to subsystemCert > cert-pki-ca > 2025-05-29 13:25:36 INFO: Setting ca.subsystem.tokenname to internal > 2025-05-29 13:25:36 INFO: Setting ca.cert.subsystem.nickname to > subsystemCert cert-pki-ca > 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(audit_signing) > 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(audit_signing) > 2025-05-29 13:25:36 INFO: Setting ca.audit_signing.nickname to > auditSigningCert > cert-pki-ca > 2025-05-29 13:25:36 INFO: Setting ca.audit_signing.tokenname to internal > 2025-05-29 13:25:36 INFO: Setting ca.cert.audit_signing.nickname to > auditSigningCert > cert-pki-ca > 2025-05-29 13:25:36 INFO: Setting ca.signing.certnickname to caSigningCert > cert-pki-ca > 2025-05-29 13:25:36 INFO: Setting ca.signing.cacertnickname to > caSigningCert cert-pki-ca > 2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.certnickname to > ocspSigningCert > cert-pki-ca > 2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.cacertnickname to > ocspSigningCert > cert-pki-ca > 2025-05-29 13:25:36 INFO: Setting > log.instance.SignedAudit.signedAuditCertNickname to > auditSigningCert cert-pki-ca > 2025-05-29 13:25:36 INFO: Injecting SAN: False > 2025-05-29 13:25:36 INFO: SSL server cert SAN: > 2025-05-29 13:25:36 INFO: Storing subsystem config: > /var/lib/pki/pki-tomcat/conf/ca/CS.cfg > 2025-05-29 13:25:36 INFO: Storing registry config: > /var/lib/pki/pki-tomcat/conf/ca/registry.cfg > 2025-05-29 13:25:36 DEBUG: Command: mkdir /root/.dogtag > 2025-05-29 13:25:36 DEBUG: Command: mkdir /root/.dogtag/pki-tomcat > 2025-05-29 13:25:36 DEBUG: Command: mkdir /root/.dogtag/pki-tomcat/ca > 2025-05-29 13:25:36 INFO: Creating password file: > /root/.dogtag/pki-tomcat/ca/password.conf > 2025-05-29 13:25:36 INFO: Storing PKCS #12 password in > /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf > 2025-05-29 13:25:36 DEBUG: Command: mkdir /root/.dogtag/pki-tomcat/ca/alias > 2025-05-29 13:25:36 DEBUG: Command: certutil -N -d > /root/.dogtag/pki-tomcat/ca/alias -f > /root/.dogtag/pki-tomcat/ca/password.conf > 2025-05-29 13:25:36 INFO: Creating SELinux contexts > 2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/restorecon -R -v > /var/lib/pki/pki-tomcat > 2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/restorecon -R -v /var/log/pki > 2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/restorecon -R -v > /var/log/pki/pki-tomcat > 2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/restorecon -R -v > /etc/pki/pki-tomcat > 2025-05-29 13:25:36 INFO: Generating system keys > 2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat > 2025-05-29 13:25:36 INFO: Loading global Tomcat config: > /etc/tomcat/tomcat.conf > 2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: > /usr/share/pki/etc/tomcat.conf > 2025-05-29 13:25:36 INFO: Loading instance Tomcat config: > /var/lib/pki/pki-tomcat/conf/tomcat.conf > 2025-05-29 13:25:36 INFO: Loading password config: > /var/lib/pki/pki-tomcat/conf/password.conf > 2025-05-29 13:25:36 INFO: Loading subsystem config: > /var/lib/pki/pki-tomcat/conf/ca/CS.cfg > 2025-05-29 13:25:36 INFO: Loading subsystem registry: > /var/lib/pki/pki-tomcat/conf/ca/registry.cfg > 2025-05-29 13:25:36 INFO: Loading instance registry: > /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat > 2025-05-29 13:25:36 DEBUG: - user: pkiuser > 2025-05-29 13:25:36 DEBUG: - group: pkiuser > 2025-05-29 13:25:36 INFO: Loading external certs from > /var/lib/pki/pki-tomcat/conf/external_certs.conf > 2025-05-29 13:25:36 INFO: File does not exist: > /var/lib/pki/pki-tomcat/conf/external_certs.conf > 2025-05-29 13:25:36 INFO: Fapolicy folder not found. Rule configuration > skipped > 2025-05-29 13:25:36 INFO: Configuring subsystem > 2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat > 2025-05-29 13:25:36 INFO: Loading global Tomcat config: > /etc/tomcat/tomcat.conf > 2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: > /usr/share/pki/etc/tomcat.conf > 2025-05-29 13:25:36 INFO: Loading instance Tomcat config: > /var/lib/pki/pki-tomcat/conf/tomcat.conf > 2025-05-29 13:25:36 INFO: Loading password config: > /var/lib/pki/pki-tomcat/conf/password.conf > 2025-05-29 13:25:36 INFO: Loading subsystem config: > /var/lib/pki/pki-tomcat/conf/ca/CS.cfg > 2025-05-29 13:25:36 INFO: Loading subsystem registry: > /var/lib/pki/pki-tomcat/conf/ca/registry.cfg > 2025-05-29 13:25:36 INFO: Loading instance registry: > /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat > 2025-05-29 13:25:36 DEBUG: - user: pkiuser > 2025-05-29 13:25:36 DEBUG: - group: pkiuser > 2025-05-29 13:25:36 INFO: Loading external certs from > /var/lib/pki/pki-tomcat/conf/external_certs.conf > 2025-05-29 13:25:36 INFO: File does not exist: > /var/lib/pki/pki-tomcat/conf/external_certs.conf > 2025-05-29 13:25:36 INFO: Setting internaldb.ldapconn.secureConn to false > 2025-05-29 13:25:36 INFO: Setting internaldb.ldapconn.host to > ipa1.man-gb.eajglobal.net > 2025-05-29 13:25:36 INFO: Setting internaldb.ldapconn.port to 389 > 2025-05-29 13:25:36 INFO: Setting internaldb.ldapauth.bindDN to > cn=Directory Manager > 2025-05-29 13:25:36 INFO: Setting internaldb.basedn to o=ipaca > 2025-05-29 13:25:36 INFO: Setting internaldb.database to ipaca > 2025-05-29 13:25:36 INFO: Setting dbs.request.id.generator to legacy > 2025-05-29 13:25:36 INFO: Setting dbs.beginRequestNumber to 1 > 2025-05-29 13:25:36 INFO: Setting dbs.endRequestNumber to 10000000 > 2025-05-29 13:25:36 INFO: Setting dbs.requestIncrement to 10000000 > 2025-05-29 13:25:36 INFO: Setting dbs.requestLowWaterMark to 2000000 > 2025-05-29 13:25:36 INFO: Setting dbs.requestCloneTransferNumber to 10000 > 2025-05-29 13:25:36 INFO: Setting dbs.beginRequestNumber to 1 > 2025-05-29 13:25:36 INFO: Setting dbs.endRequestNumber to 10000000 > 2025-05-29 13:25:36 INFO: Setting dbs.requestRangeDN to > ou=requests,ou=ranges > 2025-05-29 13:25:36 INFO: Setting dbs.cert.id.generator to legacy > 2025-05-29 13:25:36 INFO: Setting dbs.beginSerialNumber to 1 > 2025-05-29 13:25:36 INFO: Setting dbs.endSerialNumber to 10000000 > 2025-05-29 13:25:36 INFO: Setting dbs.serialIncrement to 10000000 > 2025-05-29 13:25:36 INFO: Setting dbs.serialLowWaterMark to 2000000 > 2025-05-29 13:25:36 INFO: Setting dbs.serialCloneTransferNumber to 10000 > 2025-05-29 13:25:36 INFO: Setting dbs.randomSerialNumberCounter to 0 > 2025-05-29 13:25:36 INFO: Setting dbs.beginSerialNumber to 1 > 2025-05-29 13:25:36 INFO: Setting dbs.endSerialNumber to 10000000 > 2025-05-29 13:25:36 INFO: Setting dbs.serialRangeDN to > ou=certificateRepository,ou=ranges > 2025-05-29 13:25:36 INFO: Setting dbs.beginReplicaNumber to 1 > 2025-05-29 13:25:36 INFO: Setting dbs.endReplicaNumber to 100 > 2025-05-29 13:25:36 INFO: Setting ca.defaultOcspUri to > http://ipa-ca.eajglobal.uk/ca/ocsp > 2025-05-29 <http://ipa-ca.eajglobal.uk/ca/ocsp2025-05-29> 13:25:36 INFO: > Storing subsystem config: > /var/lib/pki/pki-tomcat/conf/ca/CS.cfg > 2025-05-29 13:25:36 INFO: Storing registry config: > /var/lib/pki/pki-tomcat/conf/ca/registry.cfg > 2025-05-29 13:25:36 DEBUG: PKIDeployer.import_system_certs() > 2025-05-29 13:25:36 DEBUG: import_system_cert > 2025-05-29 13:25:36 DEBUG: import_system_cert > 2025-05-29 13:25:36 DEBUG: import_system_cert > 2025-05-29 13:25:36 DEBUG: import_system_cert > 2025-05-29 13:25:36 DEBUG: import_system_cert > 2025-05-29 13:25:36 INFO: Checking existing cert chain: caSigningCert > External CA > 2025-05-29 13:25:36 DEBUG: NSSDatabase.get_cert(caSigningCert External CA) > begins > 2025-05-29 13:25:36 DEBUG: Command: certutil -L -d > /var/lib/pki/pki-tomcat/conf/alias -f > /tmp/tmpvynqogd4/password.txt -n caSigningCert External CA -a > 2025-05-29 13:25:36 DEBUG: stdout: -1 > 2025-05-29 13:25:36 DEBUG: NSSDatabase: stderr: > certutil: Could not find cert: caSigningCert External CA > : PR_FILE_NOT_FOUND_ERROR: File not found > > 2025-05-29 13:25:36 DEBUG: Cert not found: caSigningCert External CA > 2025-05-29 13:25:36 INFO: Updating system certs > 2025-05-29 13:25:36 INFO: Setting ca.signing.cacertnickname to > caSigningCert cert-pki-ca > 2025-05-29 13:25:36 INFO: Setting ca.signing.defaultSigningAlgorithm to > SHA256withRSA > 2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.defaultSigningAlgorithm > to > SHA256withRSA > 2025-05-29 13:25:36 INFO: Setting ca.audit_signing.defaultSigningAlgorithm > to > SHA256withRSA > 2025-05-29 13:25:36 INFO: Storing subsystem config: > /var/lib/pki/pki-tomcat/conf/ca/CS.cfg > 2025-05-29 13:25:36 INFO: Storing registry config: > /var/lib/pki/pki-tomcat/conf/ca/registry.cfg > 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(sslserver) > 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(sslserver) > 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_nssdb_cert_info(sslserver) > 2025-05-29 13:25:36 DEBUG: NSSDatabase.get_cert_info(Server-Cert > cert-pki-ca) begins > 2025-05-29 13:25:36 DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) > begins > 2025-05-29 13:25:36 DEBUG: Command: certutil -L -d > /var/lib/pki/pki-tomcat/conf/alias -f > /tmp/tmpngg9k4eu/password.txt -n Server-Cert cert-pki-ca -a > 2025-05-29 13:25:36 DEBUG: stdout: -1 > 2025-05-29 13:25:36 DEBUG: NSSDatabase: stderr: > certutil: Could not find cert: Server-Cert cert-pki-ca > : PR_FILE_NOT_FOUND_ERROR: File not found > > 2025-05-29 13:25:36 DEBUG: Cert not found: Server-Cert cert-pki-ca > 2025-05-29 13:25:36 INFO: Updating > /var/lib/pki/pki-tomcat/conf/serverCertNick.conf > 2025-05-29 13:25:36 INFO: Updating serverCertNickFile in server.xml > 2025-05-29 13:25:36 INFO: Creating new security domain > 2025-05-29 13:25:36 INFO: Setting securitydomain.host to > ipa1.man-gb.eajglobal.net > 2025-05-29 13:25:36 INFO: Setting securitydomain.httpport to 8080 > 2025-05-29 13:25:36 INFO: Setting securitydomain.httpsadminport to 8443 > 2025-05-29 13:25:36 INFO: Storing subsystem config: > /var/lib/pki/pki-tomcat/conf/ca/CS.cfg > 2025-05-29 13:25:36 INFO: Storing registry config: > /var/lib/pki/pki-tomcat/conf/ca/registry.cfg > 2025-05-29 13:25:36 INFO: Removing existing database > 2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- > /usr/lib/jvm/jre-17-openjdk/bin/java -classpath > > /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* > > -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory > -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat > -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp > > -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties > -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager > -Dcom.redhat.fips=false > org.dogtagpki.server.cli.PKIServerCLI ca-db-remove --force --debug > 2025-05-29 13:25:38 INFO: Creating database > 2025-05-29 13:25:38 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- > /usr/lib/jvm/jre-17-openjdk/bin/java -classpath > > /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* > > -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory > -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat > -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp > > -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties > -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager > -Dcom.redhat.fips=false > org.dogtagpki.server.cli.PKIServerCLI ca-db-create --debug > 2025-05-29 13:25:40 INFO: Initializing database > 2025-05-29 13:25:40 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- > /usr/lib/jvm/jre-17-openjdk/bin/java -classpath > > /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* > > -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory > -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat > -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp > > -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties > -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager > -Dcom.redhat.fips=false > org.dogtagpki.server.cli.PKIServerCLI ca-db-init --debug > 2025-05-29 13:26:00 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- > /usr/lib/jvm/jre-17-openjdk/bin/java -classpath > > /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* > > -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory > -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat > -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp > > -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties > -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager > -Dcom.redhat.fips=false > org.dogtagpki.server.cli.PKIServerCLI ca-db-access-grant --debug > uid=pkidbuser,ou=people,o=ipaca > 2025-05-29 13:26:01 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- > /usr/lib/jvm/jre-17-openjdk/bin/java -classpath > > /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* > > -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory > -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat > -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp > > -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties > -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager > -Dcom.redhat.fips=false > org.dogtagpki.server.cli.PKIServerCLI ca-db-index-add --debug > 2025-05-29 13:26:03 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- > /usr/lib/jvm/jre-17-openjdk/bin/java -classpath > > /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* > > -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory > -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat > -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp > > -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties > -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager > -Dcom.redhat.fips=false > org.dogtagpki.server.cli.PKIServerCLI ca-db-vlv-add --debug > 2025-05-29 13:26:05 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- > /usr/lib/jvm/jre-17-openjdk/bin/java -classpath > > /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* > > -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory > -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat > -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp > > -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties > -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager > -Dcom.redhat.fips=false > org.dogtagpki.server.cli.PKIServerCLI ca-db-vlv-reindex --debug > 2025-05-29 13:26:07 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- > /usr/lib/jvm/jre-17-openjdk/bin/java -classpath > > /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* > > -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory > -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat > -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp > > -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties > -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager > -Dcom.redhat.fips=false > org.dogtagpki.server.cli.PKIServerCLI ca-profile-import --input-folder > /usr/share/pki/ca/profiles/ca --debug > 2025-05-29 13:26:09 INFO: Loading subsystem config: > /var/lib/pki/pki-tomcat/conf/ca/CS.cfg > 2025-05-29 13:26:09 INFO: Loading subsystem registry: > /var/lib/pki/pki-tomcat/conf/ca/registry.cfg > 2025-05-29 13:26:09 INFO: Request ID generator: legacy > 2025-05-29 13:26:09 INFO: Enabling CA subsystem > 2025-05-29 13:26:09 INFO: Deploying ca web application > 2025-05-29 13:26:09 INFO: Creating > /var/lib/pki/pki-tomcat/conf/Catalina/localhost/ca.xml > 2025-05-29 13:26:09 INFO: Creating temporary SSL server cert > 2025-05-29 13:26:09 INFO: Updating > /var/lib/pki/pki-tomcat/conf/serverCertNick.conf > 2025-05-29 13:26:09 INFO: Updating serverCertNickFile in server.xml > 2025-05-29 13:26:09 INFO: Checking existing temp SSL server cert: temp > Server-Cert > cert-pki-ca > 2025-05-29 13:26:09 DEBUG: NSSDatabase.get_cert(temp Server-Cert > cert-pki-ca) begins > 2025-05-29 13:26:09 DEBUG: Command: certutil -L -d > /var/lib/pki/pki-tomcat/conf/alias -f > /tmp/tmp9l_1_dt_/password.txt -n temp Server-Cert cert-pki-ca -a > 2025-05-29 13:26:09 DEBUG: stdout: -1 > 2025-05-29 13:26:09 DEBUG: NSSDatabase: stderr: > certutil: Could not find cert: temp Server-Cert cert-pki-ca > : PR_FILE_NOT_FOUND_ERROR: File not found > > 2025-05-29 13:26:09 DEBUG: Cert not found: temp Server-Cert cert-pki-ca > 2025-05-29 13:26:09 INFO: Creating new temp SSL server cert for > ipa1.man-gb.eajglobal.net > 2025-05-29 13:26:09 DEBUG: Command: pki -d > /var/lib/pki/pki-tomcat/conf/alias -f > /var/lib/pki/pki-tomcat/conf/password.conf nss-cert-request --subject > cn=ipa1.man-gb.eajglobal.net,o=2025-05-29 13:25:36 --csr > /tmp/tmpdvz_k8lc/sslserver.csr > --key-type RSA --key-size 2048 --hash SHA256 --debug > > Restoring a snapshot prior to freeipa-server-install and setting > update-crypto-policies > --set DEFAULT and rebooting allows the install to run without issue. > -- > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
