Hi, i'm trying to install FreeIPA with external CA (again)

Now i use FreeIPA 3.3.* and i found a strange error on "[17/22]: requesting RA 
certificate from CA":

>2013-11-08T11:07:38Z DEBUG   File 
>"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 
>622, in run_script
>    return_value = main_function()
>
>  File "/usr/sbin/ipa-server-install", line 1096, in main
>    subject_base=options.subject)
>
>  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", 
> line 478, in configure_instance
>    self.start_creation(runtime=210)
>
>  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
> 364, in start_creation
>    method()
>
>  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", 
> line 1089, in __request_ra_certificate
>    self.requestId = item_node[0].childNodes[0].data
>
>2013-11-08T11:07:38Z DEBUG The ipa-server-install command failed, exception: 
>IndexError: list index out of range

So, i open /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py on 
the line 1089:

>  # Send the request to the CA
>  conn = httplib.HTTPConnection(
>      self.fqdn, self.dogtag_constants.UNSECURE_PORT)
>  params = urllib.urlencode({'profileId': 'caServerCert',
>          'cert_request_type': 'pkcs10',
>          'requestor_name': 'IPA Installer',
>          'cert_request': csr,
>          'xmlOutput': 'true'})
>  headers = {"Content-type": "application/x-www-form-urlencoded",
>             "Accept": "text/plain"}
>
>  conn.request("POST", "/ca/ee/ca/profileSubmit", params, headers)
>  res = conn.getresponse()
>  if res.status == 200:
>      data = res.read()
>      conn.close()
>      doc = xml.dom.minidom.parseString(data)
>      item_node = doc.getElementsByTagName("RequestId")
>      self.requestId = item_node[0].childNodes[0].data   <--  exception: 
> IndexError: list index out of range
>      doc.unlink()
>      self.requestId = self.requestId.strip()
>      if self.requestId is None:
>          raise RuntimeError("Unable to determine RA certificate requestId")

I read the value of "data":

> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
> <XMLResponse>
> <Status>1</Status>
> <Error>Profile caServerCert Not Found</Error>
> </XMLResponse>

Can someone help me?

Thank you

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to