subject:"Re\: \[Freeipa\-users\] external CA install problem"

Re: [Freeipa-users] external CA install problem

2013-07-25 Thread Armstrong, Kenneth Lawrence

On Thu, 2013-07-25 at 19:14 +0200, Martin Kosek wrote:


On 07/25/2013 06:53 PM, Armstrong, Kenneth Lawrence wrote:
> On Thu, 2013-07-25 at 11:51 -0400, Rob Crittenden wrote:
>> Armstrong, Kenneth Lawrence wrote:
>> > On Thu, 2013-07-25 at 16:22 +0200, Martin Kosek wrote:
>> >> On 07/25/2013 04:06 PM, Armstrong, Kenneth Lawrence wrote:
>> >> > On Fri, 2013-07-19 at 17:44 -0400, Dmitri Pal wrote:
>> >> > On 07/19/2013 01:11 PM, Armstrong, Kenneth Lawrence wrote:
>> >> > I'm trying to install an IPA server using an external CA.
>> >> >
>> >> > I ran the ipa-server-install --external-ca command, and got my cert 
>> >> > signed by our on-site CA.
>> >> >
>> >> > So then I go back to install using my certs:
>> >> >
>> >> > ipa-server-install --external_cert_file=/root/ipa.cer 
>> >> > --external_ca_file=/root/CACert.cer
>> >> >
>> >> >
>> >> > I get this for output:
>> >> >
>> >> > Configuring certificate server (pki-cad): Estimated time 3 minutes 30 
>> >> > seconds
>> >> >   [1/20]: creating certificate server user
>> >> >   [2/20]: configuring certificate server instance
>> >> > ipa : CRITICAL failed to configure ca instance Command 
>> >> > '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname 
>> >> > lnxrealmtest01.liberty.edu -cs_port 9445 -client_certdb_dir 
>> >> > /tmp/tmp-cQZB3x -client_certdb_pwd  -preop_pin 
>> >> > nio5yPeVonEn0tWotyjC -domain_name IPA -admin_user admin -admin_email 
>> >> > root@localhost -admin_password  -agent_name ipa-ca-agent 
>> >> > -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject 
>> >> > CN=ipa-ca-agent,O=LNXREALMTEST.LIBERTY.EDU -ldap_host 
>> >> > lnxrealmtest01.liberty.edu -ldap_port 7389 -bind_dn cn=Directory 
>> >> > Manager -bind_password  -base_dn o=ipaca -db_name ipaca 
>> >> > -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 
>> >> > true -backup_pwd  -subsystem_name pki-cad -token_name internal 
>> >> > -ca_subsystem_cert_subject_name CN=CA 
>> >> > Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_subsystem_cert_subject_name 
>> >> > CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_ocsp_cert_subject_name 
>> >> > CN=OCSP Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_s!
 erv!
>>   er_!
>> >>   cert_subje
>> >> ct_name CN=lnxrealmtest01.liberty.edu,O=LNXREALMTEST.LIBERTY.EDU 
>> >> -ca_audit_signing_cert_subject_name CN=CA 
>> >> Audit,O=LNXREALMTEST.LIBERTY.EDU -ca_sign_cert_subject_name 
>> >> CN=Certificate Authority,O=LNXREALMTEST.LIBERTY.EDU -external true 
>> >> -ext_ca_cert_file /root/ipa.cer -ext_ca_cert_chain_file /root/CACert.cer 
>> >> -clone false' returned non-zero exit status 255
>> >> > Configuration of CA failed
>> >> >
>> >> >
>> >> > [root@lnxrealmtest01 ~]# tail 
>> >> > /var/log/ipaserver-install.log
>> >> >   File 
>> >> > "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
>> >> > line 617, in configure_instanceConfiguring certificate server 
>> >> > (pki-cad): Estimated time 3 minutes 30 seconds
>> >> >   [1/20]: creating certificate server user
>> >> >   [2/20]: configuring certificate server instance
>> >> > ipa : CRITICAL failed to configure ca instance Command 
>> >> > '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname 
>> >> > lnxrealmtest01.liberty.edu -cs_port 9445 -client_certdb_dir 
>> >> > /tmp/tmp-cQZB3x -client_certdb_pwd  -preop_pin 
>> >> > nio5yPeVonEn0tWotyjC -domain_name IPA -admin_user admin -admin_email 
>> >> > root@localhost -admin_password  -agent_name ipa-ca-agent 
>> >> > -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject 
>> >> > CN=ipa-ca-agent,O=LNXREALMTEST.LIBERTY.EDU -ldap_host 
>> >> > lnxrealmtest01.liberty.edu -ldap_port 7389 -bind_dn cn=Directory 
>> >> > Manager -bind_password  -base_dn o=ipaca -db_name ipaca 
>> >> > -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 
>> >> > true -backup_pwd  -subsystem_name pki-cad -token_name internal 
>> >> > -ca_subsystem_cert_subject_name CN=CA 
>> >> > Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_subsystem_cert_subject_name 
>> >> > CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_ocsp_cert_subject_name 
>> >> > CN=OCSP Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_s!
 erv!
>>   er_!
>> >>   cert_subje
>> >> ct_name CN=lnxrealmtest01.liberty.edu,O=LNXREALMTEST.LIBERTY.EDU 
>> >> -ca_audit_signing_cert_subject_name CN=CA 
>> >> Audit,O=LNXREALMTEST.LIBERTY.EDU -ca_sign_cert_subject_name 
>> >> CN=Certificate Authority,O=LNXREALMTEST.LIBERTY.EDU -external true 
>> >> -ext_ca_cert_file /root/ipa.cer -ext_ca_cert_chain_file /root/CACert.cer 
>> >> -clone false' returned non-zero exit status 255
>> >> > Configuration of CA failed
>> >> > [root@lnxrealmtest01 ~]# tail 
>> >> > /var/log/ipaserver-install.log
>> >> >   File 
>> >> > "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
>> >> > line 617, in configure_instance
>> >> > self.start_creation(runtime=

Re: [Freeipa-users] external CA install problem

2013-07-25 Thread Martin Kosek


On 07/25/2013 06:53 PM, Armstrong, Kenneth Lawrence wrote:

On Thu, 2013-07-25 at 11:51 -0400, Rob Crittenden wrote:

Armstrong, Kenneth Lawrence wrote:
> On Thu, 2013-07-25 at 16:22 +0200, Martin Kosek wrote:
>> On 07/25/2013 04:06 PM, Armstrong, Kenneth Lawrence wrote:
>> > On Fri, 2013-07-19 at 17:44 -0400, Dmitri Pal wrote:
>> > On 07/19/2013 01:11 PM, Armstrong, Kenneth Lawrence wrote:
>> > I'm trying to install an IPA server using an external CA.
>> >
>> > I ran the ipa-server-install --external-ca command, and got my cert signed 
by our on-site CA.
>> >
>> > So then I go back to install using my certs:
>> >
>> > ipa-server-install --external_cert_file=/root/ipa.cer 
--external_ca_file=/root/CACert.cer
>> >
>> >
>> > I get this for output:
>> >
>> > Configuring certificate server (pki-cad): Estimated time 3 minutes 30 
seconds
>> >   [1/20]: creating certificate server user
>> >   [2/20]: configuring certificate server instance
>> > ipa : CRITICAL failed to configure ca instance Command 
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname lnxrealmtest01.liberty.edu 
-cs_port 9445 -client_certdb_dir /tmp/tmp-cQZB3x -client_certdb_pwd  -preop_pin 
nio5yPeVonEn0tWotyjC -domain_name IPA -admin_user admin -admin_email root@localhost 
-admin_password  -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type 
rsa -agent_cert_subject CN=ipa-ca-agent,O=LNXREALMTEST.LIBERTY.EDU -ldap_host 
lnxrealmtest01.liberty.edu -ldap_port 7389 -bind_dn cn=Directory Manager -bind_password 
 -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm 
SHA256withRSA -save_p12 true -backup_pwd  -subsystem_name pki-cad -token_name 
internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_s!

erv!

  er_!
>>   cert_subje
>> ct_name CN=lnxrealmtest01.liberty.edu,O=LNXREALMTEST.LIBERTY.EDU 
-ca_audit_signing_cert_subject_name CN=CA Audit,O=LNXREALMTEST.LIBERTY.EDU 
-ca_sign_cert_subject_name CN=Certificate Authority,O=LNXREALMTEST.LIBERTY.EDU 
-external true -ext_ca_cert_file /root/ipa.cer -ext_ca_cert_chain_file 
/root/CACert.cer -clone false' returned non-zero exit status 255
>> > Configuration of CA failed
>> >
>> >
>> > [root@lnxrealmtest01 ~]# tail 
/var/log/ipaserver-install.log
>> >   File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
line 617, in configure_instanceConfiguring certificate server (pki-cad): Estimated time 3 minutes 
30 seconds
>> >   [1/20]: creating certificate server user
>> >   [2/20]: configuring certificate server instance
>> > ipa : CRITICAL failed to configure ca instance Command 
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname lnxrealmtest01.liberty.edu 
-cs_port 9445 -client_certdb_dir /tmp/tmp-cQZB3x -client_certdb_pwd  -preop_pin 
nio5yPeVonEn0tWotyjC -domain_name IPA -admin_user admin -admin_email root@localhost 
-admin_password  -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type 
rsa -agent_cert_subject CN=ipa-ca-agent,O=LNXREALMTEST.LIBERTY.EDU -ldap_host 
lnxrealmtest01.liberty.edu -ldap_port 7389 -bind_dn cn=Directory Manager -bind_password 
 -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm 
SHA256withRSA -save_p12 true -backup_pwd  -subsystem_name pki-cad -token_name 
internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_s!

erv!

  er_!
>>   cert_subje
>> ct_name CN=lnxrealmtest01.liberty.edu,O=LNXREALMTEST.LIBERTY.EDU 
-ca_audit_signing_cert_subject_name CN=CA Audit,O=LNXREALMTEST.LIBERTY.EDU 
-ca_sign_cert_subject_name CN=Certificate Authority,O=LNXREALMTEST.LIBERTY.EDU 
-external true -ext_ca_cert_file /root/ipa.cer -ext_ca_cert_chain_file 
/root/CACert.cer -clone false' returned non-zero exit status 255
>> > Configuration of CA failed
>> > [root@lnxrealmtest01 ~]# tail 
/var/log/ipaserver-install.log
>> >   File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
line 617, in configure_instance
>> > self.start_creation(runtime=210)
>> >
>> >   File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", 
line 358, in start_creation
>> > method()
>> >
>> >   File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
line 879, in __configure_instance
>> > raise RuntimeError('Configuration of CA failed')
>> >
>> > 2013-07-19T17:02:51Z INFO The ipa-server-install command failed, 
exception: RuntimeError: Configuration of CA failed
>> > self.start_creation(runtime=210)
>> >
>> >   File "/usr/lib/python2.6/site-packages/ipaserver/install/service.p

Re: [Freeipa-users] external CA install problem

2013-07-25 Thread Armstrong, Kenneth Lawrence

On Thu, 2013-07-25 at 11:51 -0400, Rob Crittenden wrote:


Armstrong, Kenneth Lawrence wrote:
> On Thu, 2013-07-25 at 16:22 +0200, Martin Kosek wrote:
>> On 07/25/2013 04:06 PM, Armstrong, Kenneth Lawrence wrote:
>> > On Fri, 2013-07-19 at 17:44 -0400, Dmitri Pal wrote:
>> > On 07/19/2013 01:11 PM, Armstrong, Kenneth Lawrence wrote:
>> > I'm trying to install an IPA server using an external CA.
>> >
>> > I ran the ipa-server-install --external-ca command, and got my cert signed 
>> > by our on-site CA.
>> >
>> > So then I go back to install using my certs:
>> >
>> > ipa-server-install --external_cert_file=/root/ipa.cer 
>> > --external_ca_file=/root/CACert.cer
>> >
>> >
>> > I get this for output:
>> >
>> > Configuring certificate server (pki-cad): Estimated time 3 minutes 30 
>> > seconds
>> >   [1/20]: creating certificate server user
>> >   [2/20]: configuring certificate server instance
>> > ipa : CRITICAL failed to configure ca instance Command 
>> > '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname 
>> > lnxrealmtest01.liberty.edu -cs_port 9445 -client_certdb_dir 
>> > /tmp/tmp-cQZB3x -client_certdb_pwd  -preop_pin 
>> > nio5yPeVonEn0tWotyjC -domain_name IPA -admin_user admin -admin_email 
>> > root@localhost -admin_password  -agent_name ipa-ca-agent 
>> > -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject 
>> > CN=ipa-ca-agent,O=LNXREALMTEST.LIBERTY.EDU -ldap_host 
>> > lnxrealmtest01.liberty.edu -ldap_port 7389 -bind_dn cn=Directory Manager 
>> > -bind_password  -base_dn o=ipaca -db_name ipaca -key_size 2048 
>> > -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd 
>> >  -subsystem_name pki-cad -token_name internal 
>> > -ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
>> > -ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
>> > -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
>> > -ca_serv!
 er_!
>>   cert_subje
>> ct_name CN=lnxrealmtest01.liberty.edu,O=LNXREALMTEST.LIBERTY.EDU 
>> -ca_audit_signing_cert_subject_name CN=CA Audit,O=LNXREALMTEST.LIBERTY.EDU 
>> -ca_sign_cert_subject_name CN=Certificate 
>> Authority,O=LNXREALMTEST.LIBERTY.EDU -external true -ext_ca_cert_file 
>> /root/ipa.cer -ext_ca_cert_chain_file /root/CACert.cer -clone false' 
>> returned non-zero exit status 255
>> > Configuration of CA failed
>> >
>> >
>> > [root@lnxrealmtest01 ~]# tail 
>> > /var/log/ipaserver-install.log
>> >   File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
>> > line 617, in configure_instanceConfiguring certificate server (pki-cad): 
>> > Estimated time 3 minutes 30 seconds
>> >   [1/20]: creating certificate server user
>> >   [2/20]: configuring certificate server instance
>> > ipa : CRITICAL failed to configure ca instance Command 
>> > '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname 
>> > lnxrealmtest01.liberty.edu -cs_port 9445 -client_certdb_dir 
>> > /tmp/tmp-cQZB3x -client_certdb_pwd  -preop_pin 
>> > nio5yPeVonEn0tWotyjC -domain_name IPA -admin_user admin -admin_email 
>> > root@localhost -admin_password  -agent_name ipa-ca-agent 
>> > -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject 
>> > CN=ipa-ca-agent,O=LNXREALMTEST.LIBERTY.EDU -ldap_host 
>> > lnxrealmtest01.liberty.edu -ldap_port 7389 -bind_dn cn=Directory Manager 
>> > -bind_password  -base_dn o=ipaca -db_name ipaca -key_size 2048 
>> > -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd 
>> >  -subsystem_name pki-cad -token_name internal 
>> > -ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
>> > -ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
>> > -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
>> > -ca_serv!
 er_!
>>   cert_subje
>> ct_name CN=lnxrealmtest01.liberty.edu,O=LNXREALMTEST.LIBERTY.EDU 
>> -ca_audit_signing_cert_subject_name CN=CA Audit,O=LNXREALMTEST.LIBERTY.EDU 
>> -ca_sign_cert_subject_name CN=Certificate 
>> Authority,O=LNXREALMTEST.LIBERTY.EDU -external true -ext_ca_cert_file 
>> /root/ipa.cer -ext_ca_cert_chain_file /root/CACert.cer -clone false' 
>> returned non-zero exit status 255
>> > Configuration of CA failed
>> > [root@lnxrealmtest01 ~]# tail 
>> > /var/log/ipaserver-install.log
>> >   File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
>> > line 617, in configure_instance
>> > self.start_creation(runtime=210)
>> >
>> >   File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", 
>> > line 358, in start_creation
>> > method()
>> >
>> >   File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
>> > line 879, in __configure_instance
>> > raise RuntimeError('Configuration of CA failed')
>> >
>> > 2013-07-19T17:02:51Z INFO The ipa-server-install command failed, 
>>

Re: [Freeipa-users] external CA install problem

2013-07-25 Thread Rob Crittenden


Armstrong, Kenneth Lawrence wrote:

On Thu, 2013-07-25 at 16:22 +0200, Martin Kosek wrote:

On 07/25/2013 04:06 PM, Armstrong, Kenneth Lawrence wrote:
> On Fri, 2013-07-19 at 17:44 -0400, Dmitri Pal wrote:
> On 07/19/2013 01:11 PM, Armstrong, Kenneth Lawrence wrote:
> I'm trying to install an IPA server using an external CA.
>
> I ran the ipa-server-install --external-ca command, and got my cert signed by 
our on-site CA.
>
> So then I go back to install using my certs:
>
> ipa-server-install --external_cert_file=/root/ipa.cer 
--external_ca_file=/root/CACert.cer
>
>
> I get this for output:
>
> Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds
>   [1/20]: creating certificate server user
>   [2/20]: configuring certificate server instance
> ipa : CRITICAL failed to configure ca instance Command '/usr/bin/perl 
/usr/bin/pkisilent ConfigureCA -cs_hostname lnxrealmtest01.liberty.edu -cs_port 
9445 -client_certdb_dir /tmp/tmp-cQZB3x -client_certdb_pwd  -preop_pin 
nio5yPeVonEn0tWotyjC -domain_name IPA -admin_user admin -admin_email 
root@localhost -admin_password  -agent_name ipa-ca-agent -agent_key_size 
2048 -agent_key_type rsa -agent_cert_subject 
CN=ipa-ca-agent,O=LNXREALMTEST.LIBERTY.EDU -ldap_host lnxrealmtest01.liberty.edu 
-ldap_port 7389 -bind_dn cn=Directory Manager -bind_password  -base_dn 
o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA 
-save_p12 true -backup_pwd  -subsystem_name pki-cad -token_name internal 
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_serv!

er_!

  cert_subje
ct_name CN=lnxrealmtest01.liberty.edu,O=LNXREALMTEST.LIBERTY.EDU 
-ca_audit_signing_cert_subject_name CN=CA Audit,O=LNXREALMTEST.LIBERTY.EDU 
-ca_sign_cert_subject_name CN=Certificate Authority,O=LNXREALMTEST.LIBERTY.EDU 
-external true -ext_ca_cert_file /root/ipa.cer -ext_ca_cert_chain_file 
/root/CACert.cer -clone false' returned non-zero exit status 255
> Configuration of CA failed
>
>
> [root@lnxrealmtest01 ~]# tail 
/var/log/ipaserver-install.log
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
line 617, in configure_instanceConfiguring certificate server (pki-cad): Estimated time 3 
minutes 30 seconds
>   [1/20]: creating certificate server user
>   [2/20]: configuring certificate server instance
> ipa : CRITICAL failed to configure ca instance Command '/usr/bin/perl 
/usr/bin/pkisilent ConfigureCA -cs_hostname lnxrealmtest01.liberty.edu -cs_port 
9445 -client_certdb_dir /tmp/tmp-cQZB3x -client_certdb_pwd  -preop_pin 
nio5yPeVonEn0tWotyjC -domain_name IPA -admin_user admin -admin_email 
root@localhost -admin_password  -agent_name ipa-ca-agent -agent_key_size 
2048 -agent_key_type rsa -agent_cert_subject 
CN=ipa-ca-agent,O=LNXREALMTEST.LIBERTY.EDU -ldap_host lnxrealmtest01.liberty.edu 
-ldap_port 7389 -bind_dn cn=Directory Manager -bind_password  -base_dn 
o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA 
-save_p12 true -backup_pwd  -subsystem_name pki-cad -token_name internal 
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_serv!

er_!

  cert_subje
ct_name CN=lnxrealmtest01.liberty.edu,O=LNXREALMTEST.LIBERTY.EDU 
-ca_audit_signing_cert_subject_name CN=CA Audit,O=LNXREALMTEST.LIBERTY.EDU 
-ca_sign_cert_subject_name CN=Certificate Authority,O=LNXREALMTEST.LIBERTY.EDU 
-external true -ext_ca_cert_file /root/ipa.cer -ext_ca_cert_chain_file 
/root/CACert.cer -clone false' returned non-zero exit status 255
> Configuration of CA failed
> [root@lnxrealmtest01 ~]# tail 
/var/log/ipaserver-install.log
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
line 617, in configure_instance
> self.start_creation(runtime=210)
>
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 
358, in start_creation
> method()
>
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
line 879, in __configure_instance
> raise RuntimeError('Configuration of CA failed')
>
> 2013-07-19T17:02:51Z INFO The ipa-server-install command failed, exception: 
RuntimeError: Configuration of CA failed
> self.start_creation(runtime=210)
>
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 
358, in start_creation
> method()
>
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
line 879, in __configure_instance
> raise RuntimeError('Configuration of CA failed')
>
>
>
> 2013-07-19T17:02:51Z INFO The ipa-s

Re: [Freeipa-users] external CA install problem

2013-07-25 Thread Armstrong, Kenneth Lawrence

On Thu, 2013-07-25 at 14:34 +, Armstrong, Kenneth Lawrence wrote:
On Thu, 2013-07-25 at 16:22 +0200, Martin Kosek wrote:


On 07/25/2013 04:06 PM, Armstrong, Kenneth Lawrence wrote:
> On Fri, 2013-07-19 at 17:44 -0400, Dmitri Pal wrote:
> On 07/19/2013 01:11 PM, Armstrong, Kenneth Lawrence wrote:
> I'm trying to install an IPA server using an external CA.
>
> I ran the ipa-server-install --external-ca command, and got my cert signed by 
> our on-site CA.
>
> So then I go back to install using my certs:
>
> ipa-server-install --external_cert_file=/root/ipa.cer 
> --external_ca_file=/root/CACert.cer
>
>
> I get this for output:
>
> Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds
>   [1/20]: creating certificate server user
>   [2/20]: configuring certificate server instance
> ipa : CRITICAL failed to configure ca instance Command '/usr/bin/perl 
> /usr/bin/pkisilent ConfigureCA -cs_hostname lnxrealmtest01.liberty.edu 
> -cs_port 9445 -client_certdb_dir /tmp/tmp-cQZB3x -client_certdb_pwd  
> -preop_pin nio5yPeVonEn0tWotyjC -domain_name IPA -admin_user admin 
> -admin_email root@localhost -admin_password  -agent_name ipa-ca-agent 
> -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject 
> CN=ipa-ca-agent,O=LNXREALMTEST.LIBERTY.EDU -ldap_host 
> lnxrealmtest01.liberty.edu -ldap_port 7389 -bind_dn cn=Directory Manager 
> -bind_password  -base_dn o=ipaca -db_name ipaca -key_size 2048 
> -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd 
>  -subsystem_name pki-cad -token_name internal 
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
> -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
> -ca_server_!
 cert_subje
ct_name CN=lnxrealmtest01.liberty.edu,O=LNXREALMTEST.LIBERTY.EDU 
-ca_audit_signing_cert_subject_name CN=CA Audit,O=LNXREALMTEST.LIBERTY.EDU 
-ca_sign_cert_subject_name CN=Certificate Authority,O=LNXREALMTEST.LIBERTY.EDU 
-external true -ext_ca_cert_file /root/ipa.cer -ext_ca_cert_chain_file 
/root/CACert.cer -clone false' returned non-zero exit status 255
> Configuration of CA failed
>
>
> [root@lnxrealmtest01 ~]# tail 
> /var/log/ipaserver-install.log
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
> line 617, in configure_instanceConfiguring certificate server (pki-cad): 
> Estimated time 3 minutes 30 seconds
>   [1/20]: creating certificate server user
>   [2/20]: configuring certificate server instance
> ipa : CRITICAL failed to configure ca instance Command '/usr/bin/perl 
> /usr/bin/pkisilent ConfigureCA -cs_hostname lnxrealmtest01.liberty.edu 
> -cs_port 9445 -client_certdb_dir /tmp/tmp-cQZB3x -client_certdb_pwd  
> -preop_pin nio5yPeVonEn0tWotyjC -domain_name IPA -admin_user admin 
> -admin_email root@localhost -admin_password  -agent_name ipa-ca-agent 
> -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject 
> CN=ipa-ca-agent,O=LNXREALMTEST.LIBERTY.EDU -ldap_host 
> lnxrealmtest01.liberty.edu -ldap_port 7389 -bind_dn cn=Directory Manager 
> -bind_password  -base_dn o=ipaca -db_name ipaca -key_size 2048 
> -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd 
>  -subsystem_name pki-cad -token_name internal 
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
> -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
> -ca_server_!
 cert_subje
ct_name CN=lnxrealmtest01.liberty.edu,O=LNXREALMTEST.LIBERTY.EDU 
-ca_audit_signing_cert_subject_name CN=CA Audit,O=LNXREALMTEST.LIBERTY.EDU 
-ca_sign_cert_subject_name CN=Certificate Authority,O=LNXREALMTEST.LIBERTY.EDU 
-external true -ext_ca_cert_file /root/ipa.cer -ext_ca_cert_chain_file 
/root/CACert.cer -clone false' returned non-zero exit status 255
> Configuration of CA failed
> [root@lnxrealmtest01 ~]# tail 
> /var/log/ipaserver-install.log
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
> line 617, in configure_instance
> self.start_creation(runtime=210)
>
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 
> 358, in start_creation
> method()
>
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
> line 879, in __configure_instance
> raise RuntimeError('Configuration of CA failed')
>
> 2013-07-19T17:02:51Z INFO The ipa-server-install command failed, exception: 
> RuntimeError: Configuration of CA failed
> self.start_creation(runtime=210)
>
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 
> 358, in start_creation
> method()
>
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
> line 879, in __configure

Re: [Freeipa-users] external CA install problem

2013-07-25 Thread Martin Kosek

On 07/25/2013 04:06 PM, Armstrong, Kenneth Lawrence wrote:
> On Fri, 2013-07-19 at 17:44 -0400, Dmitri Pal wrote:
> On 07/19/2013 01:11 PM, Armstrong, Kenneth Lawrence wrote:
> I'm trying to install an IPA server using an external CA.
> 
> I ran the ipa-server-install --external-ca command, and got my cert signed by 
> our on-site CA.
> 
> So then I go back to install using my certs:
> 
> ipa-server-install --external_cert_file=/root/ipa.cer 
> --external_ca_file=/root/CACert.cer
> 
> 
> I get this for output:
> 
> Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds
>   [1/20]: creating certificate server user
>   [2/20]: configuring certificate server instance
> ipa : CRITICAL failed to configure ca instance Command '/usr/bin/perl 
> /usr/bin/pkisilent ConfigureCA -cs_hostname lnxrealmtest01.liberty.edu 
> -cs_port 9445 -client_certdb_dir /tmp/tmp-cQZB3x -client_certdb_pwd  
> -preop_pin nio5yPeVonEn0tWotyjC -domain_name IPA -admin_user admin 
> -admin_email root@localhost -admin_password  -agent_name ipa-ca-agent 
> -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject 
> CN=ipa-ca-agent,O=LNXREALMTEST.LIBERTY.EDU -ldap_host 
> lnxrealmtest01.liberty.edu -ldap_port 7389 -bind_dn cn=Directory Manager 
> -bind_password  -base_dn o=ipaca -db_name ipaca -key_size 2048 
> -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd 
>  -subsystem_name pki-cad -token_name internal 
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
> -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
> -ca_server_!
 cert_subje
ct_name CN=lnxrealmtest01.liberty.edu,O=LNXREALMTEST.LIBERTY.EDU 
-ca_audit_signing_cert_subject_name CN=CA Audit,O=LNXREALMTEST.LIBERTY.EDU 
-ca_sign_cert_subject_name CN=Certificate Authority,O=LNXREALMTEST.LIBERTY.EDU 
-external true -ext_ca_cert_file /root/ipa.cer -ext_ca_cert_chain_file 
/root/CACert.cer -clone false' returned non-zero exit status 255
> Configuration of CA failed
> 
> 
> [root@lnxrealmtest01 ~]# tail 
> /var/log/ipaserver-install.log
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
> line 617, in configure_instanceConfiguring certificate server (pki-cad): 
> Estimated time 3 minutes 30 seconds
>   [1/20]: creating certificate server user
>   [2/20]: configuring certificate server instance
> ipa : CRITICAL failed to configure ca instance Command '/usr/bin/perl 
> /usr/bin/pkisilent ConfigureCA -cs_hostname lnxrealmtest01.liberty.edu 
> -cs_port 9445 -client_certdb_dir /tmp/tmp-cQZB3x -client_certdb_pwd  
> -preop_pin nio5yPeVonEn0tWotyjC -domain_name IPA -admin_user admin 
> -admin_email root@localhost -admin_password  -agent_name ipa-ca-agent 
> -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject 
> CN=ipa-ca-agent,O=LNXREALMTEST.LIBERTY.EDU -ldap_host 
> lnxrealmtest01.liberty.edu -ldap_port 7389 -bind_dn cn=Directory Manager 
> -bind_password  -base_dn o=ipaca -db_name ipaca -key_size 2048 
> -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd 
>  -subsystem_name pki-cad -token_name internal 
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
> -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=LNXREALMTEST.LIBERTY.EDU 
> -ca_server_!
 cert_subje
ct_name CN=lnxrealmtest01.liberty.edu,O=LNXREALMTEST.LIBERTY.EDU 
-ca_audit_signing_cert_subject_name CN=CA Audit,O=LNXREALMTEST.LIBERTY.EDU 
-ca_sign_cert_subject_name CN=Certificate Authority,O=LNXREALMTEST.LIBERTY.EDU 
-external true -ext_ca_cert_file /root/ipa.cer -ext_ca_cert_chain_file 
/root/CACert.cer -clone false' returned non-zero exit status 255
> Configuration of CA failed
> [root@lnxrealmtest01 ~]# tail 
> /var/log/ipaserver-install.log
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
> line 617, in configure_instance
> self.start_creation(runtime=210)
> 
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 
> 358, in start_creation
> method()
> 
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
> line 879, in __configure_instance
> raise RuntimeError('Configuration of CA failed')
> 
> 2013-07-19T17:02:51Z INFO The ipa-server-install command failed, exception: 
> RuntimeError: Configuration of CA failed
> self.start_creation(runtime=210)
> 
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 
> 358, in start_creation
> method()
> 
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", 
> line 879, in __configure_instance
> raise RuntimeError('Configuration of CA failed')
> 
> 
> 
> 2013-07-19T17:02:51Z INFO The ipa-serv

Re: [Freeipa-users] external CA install problem

2013-07-25 Thread Armstrong, Kenneth Lawrence

On Fri, 2013-07-19 at 17:44 -0400, Dmitri Pal wrote:
On 07/19/2013 01:11 PM, Armstrong, Kenneth Lawrence wrote:
I'm trying to install an IPA server using an external CA.

I ran the ipa-server-install --external-ca command, and got my cert signed by 
our on-site CA.

So then I go back to install using my certs:

ipa-server-install --external_cert_file=/root/ipa.cer 
--external_ca_file=/root/CACert.cer


I get this for output:

Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds
  [1/20]: creating certificate server user
  [2/20]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command '/usr/bin/perl 
/usr/bin/pkisilent ConfigureCA -cs_hostname lnxrealmtest01.liberty.edu -cs_port 
9445 -client_certdb_dir /tmp/tmp-cQZB3x -client_certdb_pwd  -preop_pin 
nio5yPeVonEn0tWotyjC -domain_name IPA -admin_user admin -admin_email 
root@localhost -admin_password  -agent_name ipa-ca-agent 
-agent_key_size 2048 -agent_key_type rsa -agent_cert_subject 
CN=ipa-ca-agent,O=LNXREALMTEST.LIBERTY.EDU -ldap_host 
lnxrealmtest01.liberty.edu -ldap_port 7389 -bind_dn cn=Directory Manager 
-bind_password  -base_dn o=ipaca -db_name ipaca -key_size 2048 
-key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd  
-subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name 
CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_subsystem_cert_subject_name 
CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_ocsp_cert_subject_name CN=OCSP 
Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_server_cert_subject_name 
CN=lnxrealmtest01.liberty.edu,O=LNXREALMTEST.LIBERTY.EDU 
-ca_audit_signing_cert_subject_name CN=CA Audit,O=LNXREALMTEST.LIBERTY.EDU 
-ca_sign_cert_subject_name CN=Certificate Authority,O=LNXREALMTEST.LIBERTY.EDU 
-external true -ext_ca_cert_file /root/ipa.cer -ext_ca_cert_chain_file 
/root/CACert.cer -clone false' returned non-zero exit status 255
Configuration of CA failed


[root@lnxrealmtest01 ~]# tail 
/var/log/ipaserver-install.log
  File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 
617, in configure_instanceConfiguring certificate server (pki-cad): Estimated 
time 3 minutes 30 seconds
  [1/20]: creating certificate server user
  [2/20]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command '/usr/bin/perl 
/usr/bin/pkisilent ConfigureCA -cs_hostname lnxrealmtest01.liberty.edu -cs_port 
9445 -client_certdb_dir /tmp/tmp-cQZB3x -client_certdb_pwd  -preop_pin 
nio5yPeVonEn0tWotyjC -domain_name IPA -admin_user admin -admin_email 
root@localhost -admin_password  -agent_name ipa-ca-agent 
-agent_key_size 2048 -agent_key_type rsa -agent_cert_subject 
CN=ipa-ca-agent,O=LNXREALMTEST.LIBERTY.EDU -ldap_host 
lnxrealmtest01.liberty.edu -ldap_port 7389 -bind_dn cn=Directory Manager 
-bind_password  -base_dn o=ipaca -db_name ipaca -key_size 2048 
-key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd  
-subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name 
CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_subsystem_cert_subject_name 
CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_ocsp_cert_subject_name CN=OCSP 
Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_server_cert_subject_name 
CN=lnxrealmtest01.liberty.edu,O=LNXREALMTEST.LIBERTY.EDU 
-ca_audit_signing_cert_subject_name CN=CA Audit,O=LNXREALMTEST.LIBERTY.EDU 
-ca_sign_cert_subject_name CN=Certificate Authority,O=LNXREALMTEST.LIBERTY.EDU 
-external true -ext_ca_cert_file /root/ipa.cer -ext_ca_cert_chain_file 
/root/CACert.cer -clone false' returned non-zero exit status 255
Configuration of CA failed
[root@lnxrealmtest01 ~]# tail 
/var/log/ipaserver-install.log
  File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 
617, in configure_instance
self.start_creation(runtime=210)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 
358, in start_creation
method()

  File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 
879, in __configure_instance
raise RuntimeError('Configuration of CA failed')

2013-07-19T17:02:51Z INFO The ipa-server-install command failed, exception: 
RuntimeError: Configuration of CA failed
self.start_creation(runtime=210)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 
358, in start_creation
method()

  File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 
879, in __configure_instance
raise RuntimeError('Configuration of CA failed')



2013-07-19T17:02:51Z INFO The ipa-server-install command failed, exception: 
RuntimeError: Configuration of CA failed

Any thoughts on what I can do to troubleshoot this?

Thanks.

-Kenny



___
Freeipa-users mailing list
Freeipa-users@r

Re: [Freeipa-users] external CA install problem

2013-07-19 Thread Dmitri Pal

On 07/19/2013 01:11 PM, Armstrong, Kenneth Lawrence wrote:
> I'm trying to install an IPA server using an external CA.
>
> I ran the ipa-server-install --external-ca command, and got my cert
> signed by our on-site CA.
>
> So then I go back to install using my certs:
>
> ipa-server-install --external_cert_file=/root/ipa.cer
> --external_ca_file=/root/CACert.cer
>
>
> I get this for output:
>
> Configuring certificate server (pki-cad): Estimated time 3 minutes 30
> seconds
>   [1/20]: creating certificate server user
>   [2/20]: configuring certificate server instance
> ipa : CRITICAL failed to configure ca instance Command
> '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
> lnxrealmtest01.liberty.edu -cs_port 9445 -client_certdb_dir
> /tmp/tmp-cQZB3x -client_certdb_pwd  -preop_pin
> nio5yPeVonEn0tWotyjC -domain_name IPA -admin_user admin -admin_email
> root@localhost -admin_password  -agent_name ipa-ca-agent
> -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject
> CN=ipa-ca-agent,O=LNXREALMTEST.LIBERTY.EDU -ldap_host
> lnxrealmtest01.liberty.edu -ldap_port 7389 -bind_dn cn=Directory
> Manager -bind_password  -base_dn o=ipaca -db_name ipaca
> -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12
> true -backup_pwd  -subsystem_name pki-cad -token_name internal
> -ca_subsystem_cert_subject_name CN=CA
> Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_subsystem_cert_subject_name
> CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_ocsp_cert_subject_name
> CN=OCSP Subsystem,O=LNXREALMTEST.LIBERTY.EDU
> -ca_server_cert_subject_name
> CN=lnxrealmtest01.liberty.edu,O=LNXREALMTEST.LIBERTY.EDU
> -ca_audit_signing_cert_subject_name CN=CA
> Audit,O=LNXREALMTEST.LIBERTY.EDU -ca_sign_cert_subject_name
> CN=Certificate Authority,O=LNXREALMTEST.LIBERTY.EDU -external true
> -ext_ca_cert_file /root/ipa.cer -ext_ca_cert_chain_file
> /root/CACert.cer -clone false' returned non-zero exit status 255
> Configuration of CA failed
>
>
> [root@lnxrealmtest01  ~]# tail
> /var/log/ipaserver-install.log
>   File
> "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py",
> line 617, in configure_instanceConfiguring certificate server
> (pki-cad): Estimated time 3 minutes 30 seconds
>   [1/20]: creating certificate server user
>   [2/20]: configuring certificate server instance
> ipa : CRITICAL failed to configure ca instance Command
> '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
> lnxrealmtest01.liberty.edu -cs_port 9445 -client_certdb_dir
> /tmp/tmp-cQZB3x -client_certdb_pwd  -preop_pin
> nio5yPeVonEn0tWotyjC -domain_name IPA -admin_user admin -admin_email
> root@localhost -admin_password  -agent_name ipa-ca-agent
> -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject
> CN=ipa-ca-agent,O=LNXREALMTEST.LIBERTY.EDU -ldap_host
> lnxrealmtest01.liberty.edu -ldap_port 7389 -bind_dn cn=Directory
> Manager -bind_password  -base_dn o=ipaca -db_name ipaca
> -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12
> true -backup_pwd  -subsystem_name pki-cad -token_name internal
> -ca_subsystem_cert_subject_name CN=CA
> Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_subsystem_cert_subject_name
> CN=CA Subsystem,O=LNXREALMTEST.LIBERTY.EDU -ca_ocsp_cert_subject_name
> CN=OCSP Subsystem,O=LNXREALMTEST.LIBERTY.EDU
> -ca_server_cert_subject_name
> CN=lnxrealmtest01.liberty.edu,O=LNXREALMTEST.LIBERTY.EDU
> -ca_audit_signing_cert_subject_name CN=CA
> Audit,O=LNXREALMTEST.LIBERTY.EDU -ca_sign_cert_subject_name
> CN=Certificate Authority,O=LNXREALMTEST.LIBERTY.EDU -external true
> -ext_ca_cert_file /root/ipa.cer -ext_ca_cert_chain_file
> /root/CACert.cer -clone false' returned non-zero exit status 255
> Configuration of CA failed
> [root@lnxrealmtest01  ~]# tail
> /var/log/ipaserver-install.log
>   File
> "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py",
> line 617, in configure_instance
> self.start_creation(runtime=210)
>
>   File
> "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line
> 358, in start_creation
> method()
>
>   File
> "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py",
> line 879, in __configure_instance
> raise RuntimeError('Configuration of CA failed')
>
> 2013-07-19T17:02:51Z INFO The ipa-server-install command failed,
> exception: RuntimeError: Configuration of CA failed
> self.start_creation(runtime=210)
>
>   File
> "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line
> 358, in start_creation
> method()
>
>   File
> "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py",
> line 879, in __configure_instance
> raise RuntimeError('Configuration of CA failed')
>
>
>
> 2013-07-19T17:02:51Z INFO The ipa-server-install command failed,
> exception: RuntimeError: Configuration of CA failed
>
> Any thoughts on what I can do to troubleshoot this?
>
>

Re: [Freeipa-users] external CA install problem

Re: [Freeipa-users] external CA install problem

Re: [Freeipa-users] external CA install problem

Re: [Freeipa-users] external CA install problem

Re: [Freeipa-users] external CA install problem

Re: [Freeipa-users] external CA install problem

Re: [Freeipa-users] external CA install problem

Re: [Freeipa-users] external CA install problem

8 matches

Site Navigation

Mail list logo

Footer information