[Freeipa-users] installing freeipa v2 server fails at "configuring certificate server instance"

[Thomas Sailer]

Hi,

Installing a v2 freeipa server failed for me at the stage "configuring 
certificate server instance"

The machine is an updated (and now fully up2date) fedora16 x64 machine.

Here's the command line output:
Configuring certificate server: Estimated time 3 minutes 30 seconds
   [1/17]: creating certificate server user
   [2/17]: creating pki-ca instance
   [3/17]: configuring certificate server instance
root        : CRITICAL failed to configure ca instance Command 
'/usr/bin/perl /usr/bin/pkisilent 'ConfigureCA' '-cs_hostname' 
'server.xxxxx.com' '-cs_port' '9445' '-client_certdb_dir' 
'/tmp/tmp-HxuF_T' '-client_certdb_pwd' XXXXXXXX '-preop_pin' 
'rgN1Coi9yfnvOUlxsUUw' '-domain_name' 'IPA' '-admin_user' 'admin' 
'-admin_email' 'root at localhost' '-admin_password' XXXXXXXX '-agent_name' 
'ipa-ca-agent' '-agent_key_size' '2048' '-agent_key_type' 'rsa' 
'-agent_cert_subject' 'CN=ipa-ca-agent,O=AXSEM.COM' '-ldap_host' 
server.xxxxx.com' '-ldap_port' '7389' '-bind_dn' 'cn=Directory Manager' 
'-bind_password' XXXXXXXX '-base_dn' 'o=ipaca' '-db_name' 'ipaca' 
'-key_size' '2048' '-key_type' 'rsa' '-key_algorithm' 'SHA256withRSA' 
'-save_p12' 'true' '-backup_pwd' XXXXXXXX '-subsystem_name' 'pki-cad' 
'-token_name' 'internal' '-ca_subsystem_cert_subject_name' 'CN=CA 
Subsystem,O=XXXXX.COM' '-ca_ocsp_cert_subject_name' 'CN=OCSP 
Subsystem,O=XXXXX.COM' '-ca_server_cert_subject_name' 
'CN=axextserver1.hq.axsem.com,O=XXXXX.COM' 
'-ca_audit_signing_cert_subject_name' 'CN=CA Audit,O=XXXXX.COM' 
'-ca_sign_cert_subject_name' 'CN=Certificate Authority,O=XXXXX.COM' 
'-external' 'false' '-clone' 'false'' returned non-zero exit status 255
Unexpected error - see ipaserver-install.log for details:
  Configuration of CA failed

I got it working once I removed the (link local IMO) IPv6 address from 
the ethernet interface. Otherwise, the pki ports (such as 9445) were 
only bound to IPv6 addresses. Strange.

Tom