Any tips for diving into this a bit more to troubleshoot?

For the 1st time I'm setting up an ipa-server 4.4 replica with CA features enabled but the replica install seems to hang forever here:

Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds
  [1/27]: creating certificate server user
  [2/27]: configuring certificate server instance
  [3/27]: stopping certificate server instance to update CS.cfg
  [4/27]: backing up CS.cfg
  [5/27]: disabling nonces
  [6/27]: set up CRL publishing
  [7/27]: enable PKIX certificate path discovery and validation
  [8/27]: starting certificate server instance

< no output after this >

The replica-install.log file ends here:

2017-03-15T22:16:05Z DEBUG Starting external process
2017-03-15T22:16:05Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service
2017-03-15T22:16:05Z DEBUG Process finished, return code=0
2017-03-15T22:16:05Z DEBUG stdout=active

2017-03-15T22:16:05Z DEBUG stderr=
2017-03-15T22:16:05Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
2017-03-15T22:16:06Z DEBUG Waiting until the CA is running
2017-03-15T22:16:06Z DEBUG request POST
2017-03-15T22:16:06Z DEBUG request body ''

I've confirmed that SELINUX is disabled, there is no firewall and the AWS Security Groups are allowing TCP:8080 and TCP:8443 to the replica instance. The systemctl command also verifies that
pki-tomcatd@pki-tomcat.service is "active" as well.

Any tips for debugging further?


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to