Brian Wheeler wrote:
I've been fighting with this for a couple of hours so it must be time to
ask for help :)
I've got a clean (and up to date) Fedora 17 install and when I try to
install freeipa it fails when its running pkisilent to configure the
certificate server instance.
==
Configuring certificate server: Estimated time 3 minutes 30 seconds
[1/17]: creating certificate server user
[2/17]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
wombat.dlib.indiana.edu -cs_port 9445 -client_certdb_dir /tmp/tmp-dxxeEf
-client_certdb_pwd -preop_pin hR0AShCYdzVB5g5frPxh -domain_name
IPA -admin_user admin -admin_email root@localhost -admin_password
-agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type
rsa -agent_cert_subject CN=ipa-ca-agent,O=DLIB.INDIANA.EDU -ldap_host
wombat.dlib.indiana.edu -ldap_port 7389 -bind_dn cn=Directory Manager
-bind_password -base_dn o=ipaca -db_name ipaca -key_size 2048
-key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd
-subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=DLIB.INDIANA.EDU
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=DLIB.INDIANA.EDU
-ca_server_cert_subject_name
CN=wombat.dlib.indiana.edu,O=DLIB.INDIANA.EDU
-ca_audit_signing_cert_subject_name CN=CA Audit,O=DLIB.INDIANA.EDU
-ca_sign_cert_subject_name CN=Certificate Authority,O=DLIB.INDIANA.EDU
-external false -clone false' returned non-zero exit status 255
Unexpected error - see ipaserver-install.log for details:
Configuration of CA failed
=
The relevant logs in ipaserver-install.log seem to be:
Attempting to connect to: wombat.dlib.indiana.edu:9445
Exception in LoginPanel(): java.lang.NullPointerException
ERROR: ConfigureCA: LoginPanel() failure
ERROR: unable to create CA
###
2012-07-19T18:06:23Z DEBUG stderr=Exception: Unable to Send
Request:java.net.ConnectException: Connection refused
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)
at java.net.Socket.connect(Socket.java:579)
at java.net.Socket.connect(Socket.java:528)
at java.net.Socket.(Socket.java:425)
at java.net.Socket.(Socket.java:241)
at HTTPClient.sslConnect(HTTPClient.java:326)
at ConfigureCA.LoginPanel(ConfigureCA.java:244)
at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
at ConfigureCA.main(ConfigureCA.java:1672)
java.lang.NullPointerException
at ConfigureCA.LoginPanel(ConfigureCA.java:245)
at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
at ConfigureCA.main(ConfigureCA.java:1672)
=
Any troubleshooting hints for this?
Try re-installing the pki-selinux package.
What I would do is this:
# ipa-server-install --uninstall -U
# ls -ld /var/lib/pki-ca
If it exists run:
# pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca --force
# yum reinstall pki-selinux
We're not sure why re-installing that package is required sometimes, the
dogtag team has a bug open on it,
https://bugzilla.redhat.com/show_bug.cgi?id=746275
rob
rob
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
