On Wed, 16 Nov 2011, Thomas Sailer wrote:
> Hi,
> 
> Installing a v2 freeipa server failed for me at the stage
> "configuring certificate server instance"
> 
> The machine is an updated (and now fully up2date) fedora16 x64 machine.
> 
> Here's the command line output:
> Configuring certificate server: Estimated time 3 minutes 30 seconds
>   [1/17]: creating certificate server user
>   [2/17]: creating pki-ca instance
>   [3/17]: configuring certificate server instance
> root        : CRITICAL failed to configure ca instance Command
> '/usr/bin/perl /usr/bin/pkisilent 'ConfigureCA' '-cs_hostname'
> 'server.xxxxx.com' '-cs_port' '9445' '-client_certdb_dir'
> '/tmp/tmp-HxuF_T' '-client_certdb_pwd' XXXXXXXX '-preop_pin'
> 'rgN1Coi9yfnvOUlxsUUw' '-domain_name' 'IPA' '-admin_user' 'admin'
> '-admin_email' 'root@localhost' '-admin_password' XXXXXXXX
> '-agent_name' 'ipa-ca-agent' '-agent_key_size' '2048'
> '-agent_key_type' 'rsa' '-agent_cert_subject'
> 'CN=ipa-ca-agent,O=AXSEM.COM' '-ldap_host' server.xxxxx.com'
> '-ldap_port' '7389' '-bind_dn' 'cn=Directory Manager'
> '-bind_password' XXXXXXXX '-base_dn' 'o=ipaca' '-db_name' 'ipaca'
> '-key_size' '2048' '-key_type' 'rsa' '-key_algorithm'
> 'SHA256withRSA' '-save_p12' 'true' '-backup_pwd' XXXXXXXX
> '-subsystem_name' 'pki-cad' '-token_name' 'internal'
> '-ca_subsystem_cert_subject_name' 'CN=CA Subsystem,O=XXXXX.COM'
> '-ca_ocsp_cert_subject_name' 'CN=OCSP Subsystem,O=XXXXX.COM'
> '-ca_server_cert_subject_name'
> 'CN=axextserver1.hq.axsem.com,O=XXXXX.COM'
> '-ca_audit_signing_cert_subject_name' 'CN=CA Audit,O=XXXXX.COM'
> '-ca_sign_cert_subject_name' 'CN=Certificate Authority,O=XXXXX.COM'
> '-external' 'false' '-clone' 'false'' returned non-zero exit status
> 255
> Unexpected error - see ipaserver-install.log for details:
>  Configuration of CA failed
> 
> I got it working once I removed the (link local IMO) IPv6 address
> from the ethernet interface. Otherwise, the pki ports (such as 9445)
> were only bound to IPv6 addresses. Strange.
maybe that's because server.xxxx.com resolves to IPv6 address? We pass 
FQDN of the server to pkisilent, and then it tries to set up and start 
CA.

-- 
/ Alexander Bokovoy

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to