Hello, Currently my server is running on IPA Server Version 4.4. I have tried to upgrade the Version to 4.5 using the ipa-server-upgrade command and got ended with the following error:
-------- 2017-09-26T02:27:32Z DEBUG stderr= 2017-09-26T02:27:50Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-09-26T02:27:53Z DEBUG Starting external process 2017-09-26T02:27:53Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-LGA-NET-SG -L -n Server-Cert -a -f /etc/dirsrv/slapd-LGA-NET-SG/pwdfile.txt 2017-09-26T02:27:56Z DEBUG Process finished, return code=255 2017-09-26T02:27:56Z DEBUG stdout= 2017-09-26T02:27:56Z DEBUG stderr=certutil: Could not find cert: Server-Cert : PR_FILE_NOT_FOUND_ERROR: File not found 2017-09-26T02:27:56Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. 2017-09-26T02:27:56Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 46, in run server.upgrade() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1913, in upgrade upgrade_configuration() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1788, in upgrade_configuration certificate_renewal_update(ca, ds, http), File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1018, in certificate_renewal_update ds.start_tracking_certificates(serverid) File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 1046, in start_tracking_certificates 'restart_dirsrv %s' % serverid) File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 362, in track_server_cert cert_obj = x509.load_certificate(cert) File "/usr/lib/python2.7/site-packages/ipalib/x509.py", line 119, in load_certificate return cryptography.x509.load_der_x509_certificate(data, default_backend()) File "/usr/lib64/python2.7/site-packages/cryptography/x509/base.py", line 47, in load_der_x509_certificate return backend.load_der_x509_certificate(data) File "/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/multibackend.py", line 350, in load_der_x509_certificate return b.load_der_x509_certificate(data) File "/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1185, in load_der_x509_certificate raise ValueError("Unable to load certificate") 2017-09-26T02:27:56Z DEBUG The ipa-server-upgrade command failed, exception: ValueError: Unable to load certificate 2017-09-26T02:27:56Z ERROR Unexpected error - see /var/log/ipaupgrade.log for details: ValueError: Unable to load certificate 2017-09-26T02:27:56Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information ------- I am using a third party signed certificate along with my IPA-CA. Is it an issue with my current CA. I can see that while fetching for the certificate, the name given to be "Server-cert" instead of the exact CA name. -- Regards, Alka Murali
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org