On Wed, Jun 14, 2017 at 08:27:09AM -0500, Kat via FreeIPA-users wrote: >Hi all, > >Having a problem with a new server install on RHEL 7 - > >Done configuring directory server (dirsrv). >Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 >seconds > [1/31]: creating certificate server user > [2/31]: configuring certificate server instance >ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA >instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmphCcxuk' returned >non-zero exit status 1 > >I have researched through "the google", and not much luck. Although I see >others who have had the problem, there seems to be no specific fix. > >This is RHEL 7.3 in AWS and ipa-server-4.4.0-14.el7_3.7.x86_64 > >I have an exact duplicate of this in another VPC with no issues, so just >wondering if there are some places to look? > >_______________________________________________ >FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Hi Kat, the first thing to look at are the Dogtag logs located in /var/log/pki-ca-spawn.$TIMESTAMP.log and then the logs in pki-tomcat/ subdirectory (mainly ca/debug and ca/system). You can also look at https://www.freeipa.org/page/Files_to_be_attached_to_bug_report#Dogtag_CA_failed to see where to look for errors. -- Martin Babinsky _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
