[Freeipa-users] Fedora 17 -- ipa-server-install fails at "configuring certificate server instance"
Brian Wheeler
bdwheele at indiana.edu
Thu Jul 19 18:13:09 UTC 2012
I've been fighting with this for a couple of hours so it must be time to
ask for help :)
I've got a clean (and up to date) Fedora 17 install and when I try to
install freeipa it fails when its running pkisilent to configure the
certificate server instance.
==================
Configuring certificate server: Estimated time 3 minutes 30 seconds
[1/17]: creating certificate server user
[2/17]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
wombat.dlib.indiana.edu -cs_port 9445 -client_certdb_dir /tmp/tmp-dxxeEf
-client_certdb_pwd XXXXXXXX -preop_pin hR0AShCYdzVB5g5frPxh -domain_name
IPA -admin_user admin -admin_email root at localhost -admin_password
XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type
rsa -agent_cert_subject CN=ipa-ca-agent,O=DLIB.INDIANA.EDU -ldap_host
wombat.dlib.indiana.edu -ldap_port 7389 -bind_dn cn=Directory Manager
-bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048
-key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd
XXXXXXXX -subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=DLIB.INDIANA.EDU
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=DLIB.INDIANA.EDU
-ca_server_cert_subject_name
CN=wombat.dlib.indiana.edu,O=DLIB.INDIANA.EDU
-ca_audit_signing_cert_subject_name CN=CA Audit,O=DLIB.INDIANA.EDU
-ca_sign_cert_subject_name CN=Certificate Authority,O=DLIB.INDIANA.EDU
-external false -clone false' returned non-zero exit status 255
Unexpected error - see ipaserver-install.log for details:
Configuration of CA failed
=================
The relevant logs in ipaserver-install.log seem to be:
============
Attempting to connect to: wombat.dlib.indiana.edu:9445
Exception in LoginPanel(): java.lang.NullPointerException
ERROR: ConfigureCA: LoginPanel() failure
ERROR: unable to create CA
#######################################################################
2012-07-19T18:06:23Z DEBUG stderr=Exception: Unable to Send
Request:java.net.ConnectException: Connection refused
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)
at java.net.Socket.connect(Socket.java:579)
at java.net.Socket.connect(Socket.java:528)
at java.net.Socket.<init>(Socket.java:425)
at java.net.Socket.<init>(Socket.java:241)
at HTTPClient.sslConnect(HTTPClient.java:326)
at ConfigureCA.LoginPanel(ConfigureCA.java:244)
at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
at ConfigureCA.main(ConfigureCA.java:1672)
java.lang.NullPointerException
at ConfigureCA.LoginPanel(ConfigureCA.java:245)
at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1157)
at ConfigureCA.main(ConfigureCA.java:1672)
=============
Any troubleshooting hints for this?
More information about the Freeipa-users
mailing list