[Freeipa-users] ipa-server-install problem
Josh
jokajak at gmail.com
Fri Jun 14 13:37:01 UTC 2013
I'm trying to install freeipa on RHEL6.4 running version
ipa-server-3.0.0-26.el6_4.2.x86_64 but it keeps failing at the
"Configuration of CA failed". I believe the problem is that the python
used to generate the perl command doesn't wrap any of the arguments in
quotes.
[1/20]: creating certificate server user
ipa : DEBUG ca user pkiuser exists
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [2/20]: configuring certificate server instance
[2/20]: configuring certificate server instance
ipa : DEBUG args=/usr/bin/perl /usr/bin/pkisilent ConfigureCA
-cs_hostname jokajak.example.com -cs_port 9445 -client_certdb_dir
/tmp/tmp-nRzpxE -client_certdb_pwd XXXXXXXX -preop_pin
5czI1yO2iWaHLp2WlffW -domain_name IPA -admin_user admin -admin_email
root at localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent
-agent_key_size 2048 -agent_key_type rsa -agent_cert_subject
CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host jokajak.example.com -ldap_port
7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX -base_dn
o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm
SHA256withRSA
-save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name
internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM
-ca_server_cert_subject_name CN=jokajak.example.com,O=EXAMPLE.COM
-ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM
-ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM
-external false -clone false
ipa : DEBUG stdout=libpath=/usr/lib64
#######################################################################
#######################################################################
ipa : DEBUG stderr=sh: -c: line 0: syntax error near
unexpected token `)'
sh: -c: line 0: `java -cp
/usr/share/java/pki/pki-silent.jar:/usr/share/java/pki/pki-certsrv.jar:/usr/share/java/pki/pki-cmscore.jar:/usr/share/java/pki/pki-nsutil.jar:/usr/share/java/pki/pki-cmsutil.jar:/usr/share/java/pki/pki-tools.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/xerces-j2.jar:/usr/share/java/xml-commons-apis.jar:/usr/share/java/xml-commons-resolver.jar:/usr/lib/java/dirsec/jss4.jar:/usr/lib/java/jss4.jar:/usr/lib/java/dirsec/osutil.jar:/usr/lib/java/osutil.jar:
ConfigureCA -cs_hostname jokajak.example.com -cs_port 9445
-client_certdb_dir /tmp/tmp-nRzpxE -client_certdb_pwd XXXXXXXX
-preop_pin 5czI1yO2iWaHLp2WlffW -domain_name IPA -admin_user admin
-admin_email root at localhost -admin_password XXXXXXXX -agent_name
ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa
-agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host
jokajak.example.com -ldap_port 7389 -bind_dn cn=Directory Manager
-bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048
-key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd
XXXXXXXX -subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM
-ca_server_cert_subject_name CN=jokajak.example.com,O=EXAMPLE.COM
-ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM
-ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM
-external false -clone false'
ipa : CRITICAL failed to configure ca instance Command
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
jokajak.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-nRzpxE
-client_certdb_pwd XXXXXXXX -preop_pin 5czI1yO2iWaHLp2WlffW -domain_name
IPA -admin_user admin -admin_email root at localhost -admin_password
XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type
rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host
jokajak.example.com -ldap_port 7389 -bind_dn cn=Directory Manager
-bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048
-key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd
XXXXXXXX -subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM
-ca_server_cert_subject_name CN=jokajak.example.com,O=EXAMPLE.COM
-ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM
-ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM
-external false -clone false' returned non-zero exit status 255
ipa : INFO File
"/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py",
line 614, in run_script
return_value = main_function()
File "/usr/sbin/ipa-server-install", line 942, in main
subject_base=options.subject)
File
"/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line
617, in configure_instance
self.start_creation(runtime=210)
File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py",
line 358, in start_creation
method()
File
"/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line
879, in __configure_instance
raise RuntimeError('Configuration of CA failed')
ipa : INFO The ipa-server-install command failed, exception:
RuntimeError: Configuration of CA failed
Configuration of CA failed
Any recommendations on how to proceed?
Thanks,
-josh
More information about the Freeipa-users
mailing list