Hello,
Currently my server is running on IPA Server Version 4.4. I have tried to
upgrade the Version to 4.5 using the ipa-server-upgrade command and got
ended with the following error:
--------
2017-09-26T02:27:32Z DEBUG stderr=
2017-09-26T02:27:50Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-09-26T02:27:53Z DEBUG Starting external process
2017-09-26T02:27:53Z DEBUG args=/usr/bin/certutil -d
/etc/dirsrv/slapd-LGA-NET-SG -L -n Server-Cert -a -f
/etc/dirsrv/slapd-LGA-NET-SG/pwdfile.txt
2017-09-26T02:27:56Z DEBUG Process finished, return code=255
2017-09-26T02:27:56Z DEBUG stdout=
2017-09-26T02:27:56Z DEBUG stderr=certutil: Could not find cert: Server-Cert
: PR_FILE_NOT_FOUND_ERROR: File not found
2017-09-26T02:27:56Z ERROR IPA server upgrade failed: Inspect
/var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
2017-09-26T02:27:56Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in
execute
return_value = self.run()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py",
line 46, in run
server.upgrade()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py",
line 1913, in upgrade
upgrade_configuration()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py",
line 1788, in upgrade_configuration
certificate_renewal_update(ca, ds, http),
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py",
line 1018, in certificate_renewal_update
ds.start_tracking_certificates(serverid)
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
line 1046, in start_tracking_certificates
'restart_dirsrv %s' % serverid)
File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line
362, in track_server_cert
cert_obj = x509.load_certificate(cert)
File "/usr/lib/python2.7/site-packages/ipalib/x509.py", line 119, in
load_certificate
return cryptography.x509.load_der_x509_certificate(data,
default_backend())
File "/usr/lib64/python2.7/site-packages/cryptography/x509/base.py", line
47, in load_der_x509_certificate
return backend.load_der_x509_certificate(data)
File
"/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/multibackend.py",
line 350, in load_der_x509_certificate
return b.load_der_x509_certificate(data)
File
"/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py",
line 1185, in load_der_x509_certificate
raise ValueError("Unable to load certificate")
2017-09-26T02:27:56Z DEBUG The ipa-server-upgrade command failed,
exception: ValueError: Unable to load certificate
2017-09-26T02:27:56Z ERROR Unexpected error - see /var/log/ipaupgrade.log
for details:
ValueError: Unable to load certificate
2017-09-26T02:27:56Z ERROR The ipa-server-upgrade command failed. See
/var/log/ipaupgrade.log for more information
-------
I am using a third party signed certificate along with my IPA-CA. Is it an
issue with my current CA. I can see that while fetching for the
certificate, the name given to be "Server-cert" instead of the exact CA
name.
--
Regards,
Alka Murali
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
