freeipa-server is still quite broken on Ubuntu I believe. It should
install fine, but certmonger can not renew the CA successfully, as nss
on Debian/Ubuntu is missing nss-pem, so it can't read certificate
files. I wrote about this in a thread titled "Dogtag certs did not
auto-renew, very stuck!".
I'd recommend running the server on a Redhat derivative for the
On 01/05/17 13:18, Robert L. Harris wrote:
> Gave up on freeipa and Ubuntu 17.10. Re-installed with 16.04 and
> some base packages which does include freeipa-client. When I do an
> apt-get install on freeipa-server it runs along happily until I find this:
> Setting up pki-server (10.2.6+git20160317-1) ...
> Job for pki-tomcatd.service failed because the control process exited
> with error code. See "systemctl status pki-tomcatd.service" and
> "journalctl -xe" for details.
> invoke-rc.d: initscript pki-tomcatd, action "start" failed.
> * pki-tomcatd.service - LSB: Start pki-tomcatd at boot time
> Loaded: loaded (/etc/init.d/pki-tomcatd; bad; vendor preset: enabled)
> Active: failed (Result: exit-code) since Sun 2017-04-30 20:38:29
> MDT; 3ms ago
> Docs: man:systemd-sysv-generator(8)
> Process: 9645 ExecStart=/etc/init.d/pki-tomcatd start (code=exited,
> Apr 30 20:38:29 ipa systemd: Starting LSB: Start pki-tomcatd at
> boot time...
> Apr 30 20:38:29 ipa pki-tomcatd: ERROR: No 'tomcat' instances
> ... because no CA instance has been configured yet.
> pki-tomcatd-nuxwdog.target is a disabled or a static unit, not
> starting it.
> pki-tomcatd.target is a disabled or a static unit, not starting it.
> Setting up pki-ca (10.2.6+git20160317-1) ...
> I have been googling but can't find a relevant fix that resolves this.
> Any ideas?
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project