[Freeipa-users] Failure configuring certificate server instance
Scott Ryan
scottlryan at gmail.com
Wed May 28 09:37:06 UTC 2014
I am trying to get freeIPA up and running on a minimal CentOS6.5 installation.
i have forward and reverse DNS setup on an external DNS server - no
SELinux & no iptables (for troubleshooting)
but keep running into the following problem during installation :
[3/21]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
ipa1.int.immi.gov.au -cs_port 9445 -client_certdb_dir /tmp/tmp-RsFkUW
-client_certdb_pwd XXXXXXXX -preop_pin miTD9vj5e6KwfqQNy2ig
-domain_name IPA -admin_user admin -admin_email root at localhost
-admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048
-agent_key_type rsa -agent_cert_subject
CN=ipa-ca-agent,O=INT.IMMI.GOV.AU -ldap_host ipa1.int.immi.gov.au
-ldap_port 7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX
-base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa
-key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX
-subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=INT.IMMI.GOV.AU
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=INT.IMMI.GOV.AU
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=INT.IMMI.GOV.AU
-ca_server_cert_subject_name CN=ipa1.int.immi.gov.au,O=INT.IMMI.GOV.AU
-ca_audit_signing_cert_subject_name CN=CA Audit,O=INT.IMMI.GOV.AU
-ca_sign_cert_subject_name CN=Certificate Authority,O=INT.IMMI.GOV.AU
-external false -clone false' returned non-zero exit status 255
Configuration of CA failed
The installation log shows this :
2014-05-28T09:19:47Z DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py'
...skipping...
at java.net.URLClassLoader$1.run(URLClassLoader.java:358)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at java.lang.ClassLoader.loadClass(ClassLoader.java:412)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:215)
at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206)
at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187)
at sun.security.jca.ProviderList.loadAll(ProviderList.java:281)
at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:298)
at sun.security.jca.Providers.getFullProviderList(Providers.java:176)
at java.security.Security.insertProviderAt(Security.java:362)
at org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:942)
at org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:869)
at ComCrypto.loginDB(ComCrypto.java:420)
at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1145)
at ConfigureCA.main(ConfigureCA.java:1672)
Caused by: java.util.zip.ZipException: error in opening zip file
at java.util.zip.ZipFile.open(Native Method)
at java.util.zip.ZipFile.<init>(ZipFile.java:215)
at java.util.zip.ZipFile.<init>(ZipFile.java:145)
at java.util.jar.JarFile.<init>(JarFile.java:153)
at java.util.jar.JarFile.<init>(JarFile.java:90)
at sun.misc.URLClassPath$JarLoader.getJarFile(URLClassPath.java:728)
at sun.misc.URLClassPath$JarLoader.access$600(URLClassPath.java:591)
at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:673)
at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:666)
at java.security.AccessController.doPrivileged(Native Method)
at sun.misc.URLClassPath$JarLoader.ensureOpen(URLClassPath.java:665)
at sun.misc.URLClassPath$JarLoader.getResource(URLClassPath.java:836)
... 23 more
2014-05-28T09:20:15Z CRITICAL failed to configure ca instance Command
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
ipa1.int.immi.gov.au -cs_port 9445 -client_certdb_dir /tmp/tmp-RsFkUW
-client_certdb_pwd XXXXXXXX -preop_pin miTD9vj5e6KwfqQNy2ig
-domain_name IPA -admin_user admin -admin_email root at localhost
-admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048
-agent_key_type rsa -agent_cert_subject
CN=ipa-ca-agent,O=INT.IMMI.GOV.AU -ldap_host ipa1.int.immi.gov.au
-ldap_port 7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX
-base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa
-key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX
-subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=INT.IMMI.GOV.AU
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=INT.IMMI.GOV.AU
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=INT.IMMI.GOV.AU
-ca_server_cert_subject_name CN=ipa1.int.immi.gov.au,O=INT.IMMI.GOV.AU
-ca_audit_signing_cert_subject_name CN=CA Audit,O=INT.IMMI.GOV.AU
-ca_sign_cert_subject_name CN=Certificate Authority,O=INT.IMMI.GOV.AU
-external false -clone false' returned non-zero exit status 255
2014-05-28T09:20:15Z INFO File
"/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py",
line 614, in run_script
return_value = main_function()
Any ideas would be helpful.
Thanks
--
Scott Ryan
More information about the Freeipa-users
mailing list