[Freeipa-users] ipa-server-install problem

Fri Jun 14 13:37:01 UTC 2013

I'm trying to install freeipa on RHEL6.4 running version 
ipa-server-3.0.0-26.el6_4.2.x86_64 but it keeps failing at the 
"Configuration of CA failed".  I believe the problem is that the python 
used to generate the perl command doesn't wrap any of the arguments in 
quotes.

   [1/20]: creating certificate server user
ipa         : DEBUG    ca user pkiuser exists
ipa         : DEBUG      duration: 0 seconds
ipa         : DEBUG      [2/20]: configuring certificate server instance
   [2/20]: configuring certificate server instance
ipa         : DEBUG    args=/usr/bin/perl /usr/bin/pkisilent ConfigureCA 
-cs_hostname jokajak.example.com -cs_port 9445 -client_certdb_dir 
/tmp/tmp-nRzpxE -client_certdb_pwd XXXXXXXX -preop_pin 
5czI1yO2iWaHLp2WlffW -domain_name IPA -admin_user admin -admin_email 
root at localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent 
-agent_key_size 2048 -agent_key_type rsa -agent_cert_subject 
CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host jokajak.example.com -ldap_port 
7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX -base_dn 
o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm 
SHA256withRSA
-save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name 
internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM 
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM 
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM 
-ca_server_cert_subject_name CN=jokajak.example.com,O=EXAMPLE.COM 
-ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM 
-ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM 
-external false -clone false
ipa         : DEBUG    stdout=libpath=/usr/lib64
#######################################################################

#######################################################################

ipa         : DEBUG    stderr=sh: -c: line 0: syntax error near 
unexpected token `)'
sh: -c: line 0: `java -cp 
/usr/share/java/pki/pki-silent.jar:/usr/share/java/pki/pki-certsrv.jar:/usr/share/java/pki/pki-cmscore.jar:/usr/share/java/pki/pki-nsutil.jar:/usr/share/java/pki/pki-cmsutil.jar:/usr/share/java/pki/pki-tools.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/xerces-j2.jar:/usr/share/java/xml-commons-apis.jar:/usr/share/java/xml-commons-resolver.jar:/usr/lib/java/dirsec/jss4.jar:/usr/lib/java/jss4.jar:/usr/lib/java/dirsec/osutil.jar:/usr/lib/java/osutil.jar: 
ConfigureCA -cs_hostname jokajak.example.com -cs_port 9445 
-client_certdb_dir /tmp/tmp-nRzpxE -client_certdb_pwd XXXXXXXX 
-preop_pin 5czI1yO2iWaHLp2WlffW -domain_name IPA -admin_user admin 
-admin_email root at localhost -admin_password XXXXXXXX -agent_name 
ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa 
-agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host 
jokajak.example.com -ldap_port 7389 -bind_dn cn=Directory Manager 
-bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 
-key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd 
XXXXXXXX -subsystem_name pki-cad -token_name internal 
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM 
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM 
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM 
-ca_server_cert_subject_name CN=jokajak.example.com,O=EXAMPLE.COM 
-ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM 
-ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM 
-external false -clone false'

ipa         : CRITICAL failed to configure ca instance Command 
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname 
jokajak.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-nRzpxE 
-client_certdb_pwd XXXXXXXX -preop_pin 5czI1yO2iWaHLp2WlffW -domain_name 
IPA -admin_user admin -admin_email root at localhost -admin_password 
XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type 
rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host 
jokajak.example.com -ldap_port 7389 -bind_dn cn=Directory Manager 
-bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 
-key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd 
XXXXXXXX -subsystem_name pki-cad -token_name internal 
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM 
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM 
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM 
-ca_server_cert_subject_name CN=jokajak.example.com,O=EXAMPLE.COM 
-ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM 
-ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM 
-external false -clone false' returned non-zero exit status 255
ipa         : INFO       File 
"/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", 
line 614, in run_script
     return_value = main_function()

   File "/usr/sbin/ipa-server-install", line 942, in main
     subject_base=options.subject)

   File 
"/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 
617, in configure_instance
     self.start_creation(runtime=210)

   File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", 
line 358, in start_creation
     method()

   File 
"/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 
879, in __configure_instance
     raise RuntimeError('Configuration of CA failed')

ipa         : INFO     The ipa-server-install command failed, exception: 
RuntimeError: Configuration of CA failed
Configuration of CA failed

Any recommendations on how to proceed?

Thanks,
-josh