I am trying to install freeipa 2.1.3-9 with external CA and it failed.

Any help is appreciated and thanks in advance!

[r...@ipa.dev.example.com ~]# ipa-server-install 
--external_cert_file=/root/ipa.crt --external_ca_file=/root/ca.crt

The log file for this installation can be found in 
Directory Manager password:

================================================== ============================
This program will set up the IPA Server.

This includes:
* Configure a stand-alone CA (dogtag) for certificate management
* Create and configure an instance of Directory Server
* Create and configure a Kerberos Key Distribution Center (KDC)
* Configure Apache (httpd)

Excluded by options:
* Configure the Network Time Daemon (ntpd)

To accept the default shown in brackets, press the Enter key.

The IPA Master Server will be configured with
Hostname: ipa.dev.example.com
IP address: x.x.x.x
Domain name: example.com

Configuring certificate server: Estimated time 3 minutes 30 seconds
[1/16]: creating certificate server user
[2/16]: configuring certificate server instance
[3/16]: disabling nonces
[4/16]: creating CA agent PKCS#12 file in /root
[5/16]: creating RA agent certificate database
[6/16]: importing CA chain to RA certificate database
[7/16]: fixing RA database permissions
[8/16]: setting up signing cert profile
[9/16]: set up CRL publishing
[10/16]: set certificate subject base
[11/16]: configuring certificate server to start on boot
[12/16]: restarting certificate server
[13/16]: requesting RA certificate from CA
[14/16]: issuing RA agent certificate
Unexpected error - see ipaserver-install.log for details:
Command '/usr/bin/sslget -n ipa-ca-agent -p XXXXXXXX -d /tmp/tmp-aZzm2V -r 
/ca/agent/ca/profileReview?requestId=6 ipa.dev.example.com:9443' returned 
non-zero exit status 4

[r...@ipa.dev.example.com ~]# /usr/bin/sslget -n ipa-ca-agent -p XXXXXXXX -d 
/tmp/tmp-aZzm2V -r /ca/agent/ca/profileReview?requestId=6 
ipa.dev.example.com:9443 -v
GET /ca/agent/ca/profileReview?requestId=6 HTTP/1.0

port: 9443
Subject: CN=ipa.dev.example.com,O=example.com
Issuer : CN=Certificate Authority,O=example.com
Called mygetclientauthdata - nickname = ipa-ca-agent
mygetclientauthdata - cert = 9716d0
mygetclientauthdata - privkey = 9b6f10
exit after PR_Write bigBuf with error -12271:

/va/log/ipaserver-install.log information

2012-05-21 16:54:58,852 DEBUG duration: 1 seconds
2012-05-21 16:54:58,852 DEBUG [14/16]: issuing RA agent certificate
2012-05-21 16:54:58,866 DEBUG args=/usr/bin/certutil -d /tmp/tmp-aZzm2V -f 
XXXXXXXX -M -t CT,C,C -n System Engineering - Currenex, Inc.
2012-05-21 16:54:58,867 DEBUG stdout=
2012-05-21 16:54:58,867 DEBUG stderr=
2012-05-21 16:54:58,873 DEBUG args=/usr/bin/certutil -d /tmp/tmp-aZzm2V -f 
XXXXXXXX -M -t CT,C,C -n Certificate Authority - Currenex, Inc.
2012-05-21 16:54:58,874 DEBUG stdout=
2012-05-21 16:54:58,874 DEBUG stderr=
2012-05-21 16:54:58,909 DEBUG args=/usr/bin/sslget -n ipa-ca-agent -p XXXXXXXX 
-d /tmp/tmp-aZzm2V -r /ca/agent/ca/profileReview?requestId=6 
2012-05-21 16:54:58,909 DEBUG stdout=
2012-05-21 16:54:58,909 DEBUG stderr=
2012-05-21 16:54:59,067 DEBUG Command '/usr/bin/sslget -n ipa-ca-agent -p 
XXXXXXXX -d /tmp/tmp-aZzm2V -r /ca/agent/ca/profileReview?requestId=6 
ipa.dev.eexchange.com:9443' returned non-zero exit status 4
File "/usr/sbin/ipa-server-install", line 1151, in <module>

File "/usr/sbin/ipa-server-install", line 975, in main

File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 
537, in configure_instance
self.start_creation("Configuring certificate server", 210)

File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 248, 
in start_creation

File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 
755, in __issue_ra_cert
(stdout, stderr, returncode) = ipautil.run(args, nolog=(self.admin_password,))

File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 273, in run
raise CalledProcessError(p.returncode, args)

The information contained in this e-mail (including any attachments) is 
intended solely for the use of the intended recipient(s), may be used solely 
for the purpose for which it was sent, may contain confidential, proprietary, 
or personally identifiable information, and/or may be subject to the 
attorney-client or attorney work product privilege or other applicable 
confidentiality protections. If you are not an intended recipient please notify 
the author by replying to this e-mail and delete this e-mail immediately. Any 
unauthorized copying, disclosure, retention, distribution or other use of this 
email, its contents or its attachments is strictly prohibited.

<<inline: image001.gif>>

Freeipa-users mailing list

Reply via email to