On 22.07.2016 20:17, pgb205 wrote:
ipa-srv1 already has CA installed but *NOT *ipa-srv2.
The reason I would like to add CA on ipa-srv2 is because I want the
setup to ultimately become
however I am unable to create gpg replication file on ipa-srv2 (to be
used to establish replication agreement to ipa-srv3)
as I get an error message: /Certificate operation cannot be completed:
Unable to communicate with CMS (Internal Server Error)/
From what I've found gpg can only be created on replica with CA
to install CA I tried the following command
/ipa-ca-install --skip-conncheck ./replica-info-ipa-srv2.gpg/
This errors out at
/ [8/21]: starting certificate server instance/
/ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to
restart the Dogtag instance.See the installation log for details./
/ [9/21]: importing CA chain to RA certificate database/
/ [error] RuntimeError: Unable to retrieve CA chain: request failed
with HTTP status 500/
can you please check /var/log/pki/pki-tomcat/ca/debug for more specific
systemctl status email@example.com
shows the pki service is running, surprisingly.
but it's still not listed in ipactl status output
further attempts to install are halted with error : CA is already
installed on this system and I have to manually delete everything with:
pkidestroy -s CA -i pki-tomcat
1003 rm -rf /var/log/pki/pki-tomcat
1004 rm -rf /etc/sysconfig/pki-tomcat
1005 rm -rf /etc/sysconfig/pki/tomcat/pki-tomcat
1006 rm -rf /var/lib/pki/pki-tomcat
1007 rm -rf /etc/pki/pki-tomcat
in error logs the one message that stands out is:
500 internal server error. which repeats multiple times at the end of
Please suggest on what can be done in this situation.
PS: regarding pkidestroy and pkiremove commands. What is the
difference or does pkidestroy superceeds pkiremove.
Alexander B suggests pkiremove in one of his older posts and 'yum
whatprovides pkiremove' also suggests that it should be available.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project