[Freeipa-users] Setup of freeipa 4.2.3 failed

Markus Roth markus at die5roths.de
Fri Jan 8 12:06:02 UTC 2016 

Hi all,

I tried to install freeipa server (freeipa-server.armv7hl  4.2.3-
1.1.fc23), but the installation failed.

-----------------------------------------------------
Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv). Estimated time: 1 minute
  [1/43]: creating directory server user
  [2/43]: creating directory server instance
  [3/43]: adding default schema
  [4/43]: enabling memberof plugin
  [5/43]: enabling winsync plugin
  [6/43]: configuring replication version plugin
  [7/43]: enabling IPA enrollment plugin
  [8/43]: enabling ldapi
  [9/43]: configuring uniqueness plugin
  [10/43]: configuring uuid plugin
  [11/43]: configuring modrdn plugin
  [12/43]: configuring DNS plugin
  [13/43]: enabling entryUSN plugin
  [14/43]: configuring lockout plugin
  [15/43]: creating indices
  [16/43]: enabling referential integrity plugin
  [17/43]: configuring certmap.conf
  [18/43]: configure autobind for root
  [19/43]: configure new location for managed entries
  [20/43]: configure dirsrv ccache
  [21/43]: enable SASL mapping fallback
  [22/43]: restarting directory server
  [23/43]: adding default layout
  [24/43]: adding delegation layout
  [25/43]: creating container for managed entries
  [26/43]: configuring user private groups
  [27/43]: configuring netgroups from hostgroups
  [28/43]: creating default Sudo bind user
  [29/43]: creating default Auto Member layout
  [30/43]: adding range check plugin
  [31/43]: creating default HBAC rule allow_all
  [32/43]: creating default CA ACL rule
  [33/43]: adding entries for topology management
  [34/43]: initializing group membership
  [35/43]: adding master entry
  [36/43]: initializing domain level
  [37/43]: configuring Posix uid/gid generation
  [38/43]: adding replication acis
  [39/43]: enabling compatibility plugin
  [40/43]: activating sidgen plugin
  [41/43]: activating extdom plugin
  [42/43]: tuning directory server
  [43/43]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
30 seconds
  [1/25]: creating certificate server user
  [2/25]: configuring certificate server instance
  [3/25]: stopping certificate server instance to update CS.cfg
  [4/25]: backing up CS.cfg
  [5/25]: disabling nonces
  [6/25]: set up CRL publishing
  [7/25]: enable PKIX certificate path discovery and validation
  [8/25]: starting certificate server instance
  [9/25]: creating RA agent certificate database
  [10/25]: importing CA chain to RA certificate database
  [11/25]: fixing RA database permissions
  [12/25]: setting up signing cert profile
  [13/25]: setting audit signing renewal to 2 years
  [14/25]: restarting certificate server
  [15/25]: requesting RA certificate from CA
  [16/25]: issuing RA agent certificate
  [17/25]: adding RA agent as a trusted user
  [18/25]: authorizing RA to modify profiles
  [19/25]: configure certmonger for renewals
  [20/25]: configure certificate renewals
  [21/25]: configure RA certificate renewal
  [22/25]: configure Server-Cert certificate renewal
  [23/25]: Configure HTTP to proxy connections
  [24/25]: restarting certificate server
  [25/25]: Importing IPA certificate profiles
Done configuring certificate server (pki-tomcatd).
Configuring directory server (dirsrv). Estimated time: 10 seconds
  [1/3]: configuring ssl for ds instance
  [error] RuntimeError: Certificate issuance failed
ipa.ipapython.install.cli.install_tool(Server): ERROR    Certificate
issuance failed 

-----------------------------------------------

The last messages in the log file (/var/log/ipaserver-install.log):

 File "/usr/lib/python2.7/site-
packages/ipaserver/install/dsinstance.py", line 637, in __enable_ssl
    self.nickname, self.fqdn, cadb)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py",
line 337, in create_server_cert
    cdb.issue_server_cert(self.certreq_fname, self.certder_fname)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py",
line 419, in issue_server_cert
    raise RuntimeError("Certificate issuance failed")

2016-01-08T09:33:47Z DEBUG The ipa-server-install command failed,
exception: RuntimeError: Certificate issuance failed
2016-01-08T09:33:47Z ERROR Certificate issuance failed

any ideas about this error?

Markus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160108/3fe54dc6/attachment.htm>

More information about the Freeipa-users mailing list