[Freeipa-users] Configuration of CA failed
Martin Basti
mbasti at redhat.com
Thu May 14 11:04:36 UTC 2015
On 14/05/15 11:58, Remigio Moncayo Serrano wrote:
>
> Hello,
>
> I’ve been put in charge of implementing a solution that uses LDAP and
> kerberos authentication. At first thought I should use openLDAP and
> Kerberos but found freeIPA and looks really cool, however, when trying
> to install I keep getting this error about configuration of CA:
>
> The following operations may take some minutes to complete.
>
> Please wait until the prompt is returned.
>
> Configuring NTP daemon (ntpd)
>
> [1/4]: stopping ntpd
>
> [2/4]: writing configuration
>
> [3/4]: configuring ntpd to start on boot
>
> [4/4]: starting ntpd
>
> Done configuring NTP daemon (ntpd).
>
> Configuring directory server for the CA (pkids): Estimated time 30 seconds
>
> [1/3]: creating directory server user
>
> [2/3]: creating directory server instance
>
> [3/3]: restarting directory server
>
> ipa : CRITICAL Failed to restart the directory server. See the
> installation log for details.
>
> Done configuring directory server for the CA (pkids).
>
> Configuring certificate server (pki-cad): Estimated time 3 minutes 30
> seconds
>
> [1/20]: creating certificate server user
>
> [2/20]: configuring certificate server instance
>
> ipa : CRITICAL failed to configure ca instance Command
> '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
> ipatest.ingenia.local -cs_port 9445 -client_certdb_dir /tmp/tmp-ARezzO
> -client_certdb_pwd XXXXXXXX -preop_pin f0dLhx9bLX5qWHYx50h6
> -domain_name IPA -admin_user admin -admin_email root at localhost
> -admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048
> -agent_key_type rsa -agent_cert_subject
> CN=ipa-ca-agent,O=INGENIA.LOCAL -ldap_host ipatest.ingenia.local
> -ldap_port 7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX
> -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa
> -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX
> -subsystem_name pki-cad -token_name internal
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=INGENIA.LOCAL
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=INGENIA.LOCAL
> -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=INGENIA.LOCAL
> -ca_server_cert_subject_name CN=ipatest.ingenia.local,O=INGENIA.LOCAL
> -ca_audit_signing_cert_subject_name CN=CA Audit,O=INGENIA.LOCAL
> -ca_sign_cert_subject_name CN=Certificate Authority,O=INGENIA.LOCAL
> -external false -clone false' returned non-zero exit status 255
>
> Configuration of CA failed
>
> I’m including two install logs, one with dns-setup and the other
> without it. Don’t really know what I’m doing wrong, thought maybe I
> should allow connections to certain ports in ip tables or something
> but have no clue really and I’m quite new to this, help please..
>
> Regards,
>
> Remigio
>
>
>
Hello,
can you please check error logs of DS?
/var/log/dirsrv/slapd-*/errors
And please post here an error why DS restart failed.
Martin
--
Martin Basti
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150514/b8cd6870/attachment.htm>
More information about the Freeipa-users
mailing list