Hi,

Installing a v2 freeipa server failed for me at the stage "configuring certificate server instance"

The machine is an updated (and now fully up2date) fedora16 x64 machine.

Here's the command line output:
Configuring certificate server: Estimated time 3 minutes 30 seconds
  [1/17]: creating certificate server user
  [2/17]: creating pki-ca instance
  [3/17]: configuring certificate server instance
root : CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent 'ConfigureCA' '-cs_hostname' 'server.xxxxx.com' '-cs_port' '9445' '-client_certdb_dir' '/tmp/tmp-HxuF_T' '-client_certdb_pwd' XXXXXXXX '-preop_pin' 'rgN1Coi9yfnvOUlxsUUw' '-domain_name' 'IPA' '-admin_user' 'admin' '-admin_email' 'root@localhost' '-admin_password' XXXXXXXX '-agent_name' 'ipa-ca-agent' '-agent_key_size' '2048' '-agent_key_type' 'rsa' '-agent_cert_subject' 'CN=ipa-ca-agent,O=AXSEM.COM' '-ldap_host' server.xxxxx.com' '-ldap_port' '7389' '-bind_dn' 'cn=Directory Manager' '-bind_password' XXXXXXXX '-base_dn' 'o=ipaca' '-db_name' 'ipaca' '-key_size' '2048' '-key_type' 'rsa' '-key_algorithm' 'SHA256withRSA' '-save_p12' 'true' '-backup_pwd' XXXXXXXX '-subsystem_name' 'pki-cad' '-token_name' 'internal' '-ca_subsystem_cert_subject_name' 'CN=CA Subsystem,O=XXXXX.COM' '-ca_ocsp_cert_subject_name' 'CN=OCSP Subsystem,O=XXXXX.COM' '-ca_server_cert_subject_name' 'CN=axextserver1.hq.axsem.com,O=XXXXX.COM' '-ca_audit_signing_cert_subject_name' 'CN=CA Audit,O=XXXXX.COM' '-ca_sign_cert_subject_name' 'CN=Certificate Authority,O=XXXXX.COM' '-external' 'false' '-clone' 'false'' returned non-zero exit status 255
Unexpected error - see ipaserver-install.log for details:
 Configuration of CA failed

I got it working once I removed the (link local IMO) IPv6 address from the ethernet interface. Otherwise, the pki ports (such as 9445) were only bound to IPv6 addresses. Strange.

Tom

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to