[Freeipa-users] Configuration of CA failed

Martin Basti mbasti at redhat.com
Thu May 14 11:04:36 UTC 2015 

On 14/05/15 11:58, Remigio Moncayo Serrano wrote:
>
> Hello,
>
> I’ve been put in charge of implementing a solution that uses LDAP and 
> kerberos authentication. At first thought I should use openLDAP and 
> Kerberos but found freeIPA and looks really cool, however, when trying 
> to install I keep getting this error about configuration of CA:
>
> The following operations may take some minutes to complete.
>
> Please wait until the prompt is returned.
>
> Configuring NTP daemon (ntpd)
>
>   [1/4]: stopping ntpd
>
>   [2/4]: writing configuration
>
>   [3/4]: configuring ntpd to start on boot
>
>   [4/4]: starting ntpd
>
> Done configuring NTP daemon (ntpd).
>
> Configuring directory server for the CA (pkids): Estimated time 30 seconds
>
>   [1/3]: creating directory server user
>
>   [2/3]: creating directory server instance
>
>   [3/3]: restarting directory server
>
> ipa         : CRITICAL Failed to restart the directory server. See the 
> installation log for details.
>
> Done configuring directory server for the CA (pkids).
>
> Configuring certificate server (pki-cad): Estimated time 3 minutes 30 
> seconds
>
>   [1/20]: creating certificate server user
>
>   [2/20]: configuring certificate server instance
>
> ipa         : CRITICAL failed to configure ca instance Command 
> '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname 
> ipatest.ingenia.local -cs_port 9445 -client_certdb_dir /tmp/tmp-ARezzO 
> -client_certdb_pwd XXXXXXXX -preop_pin f0dLhx9bLX5qWHYx50h6 
> -domain_name IPA -admin_user admin -admin_email root at localhost 
> -admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 
> -agent_key_type rsa -agent_cert_subject 
> CN=ipa-ca-agent,O=INGENIA.LOCAL -ldap_host ipatest.ingenia.local 
> -ldap_port 7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX 
> -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa 
> -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX 
> -subsystem_name pki-cad -token_name internal 
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=INGENIA.LOCAL 
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=INGENIA.LOCAL 
> -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=INGENIA.LOCAL 
> -ca_server_cert_subject_name CN=ipatest.ingenia.local,O=INGENIA.LOCAL 
> -ca_audit_signing_cert_subject_name CN=CA Audit,O=INGENIA.LOCAL 
> -ca_sign_cert_subject_name CN=Certificate Authority,O=INGENIA.LOCAL 
> -external false -clone false' returned non-zero exit status 255
>
> Configuration of CA failed
>
> I’m including two install logs, one with dns-setup and the other 
> without it. Don’t really know what I’m doing wrong, thought maybe I 
> should allow connections to certain ports in ip tables or something 
> but have no clue really and I’m quite new to this, help please..
>
> Regards,
>
> Remigio
>
>
>
Hello,

can you please check error logs of DS?
/var/log/dirsrv/slapd-*/errors

And please post here an error why DS restart failed.

Martin

-- 
Martin Basti

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150514/b8cd6870/attachment.htm>

More information about the Freeipa-users mailing list