[Freeipa-users] ERROR CA configuration failed. - again
lejeczek
peljasz at yahoo.co.uk
Tue Sep 13 09:43:34 UTC 2016
fortunately that was a VM and with libvirt+qemu snaphost
feature I reverted filesystem to some older(prior to IPA)
state, and yes... that was that only system'slocal problem.
On 09/09/16 18:49, Rob Crittenden wrote:
> lejeczek wrote:
>> hi everybody,
>>
>> looking at ipareplica-install.log:
>>
>> raise RuntimeError("%s configuration failed." %
>> self.subsystem)
>> RuntimeError: CA configuration failed.
>>
>> 2016-09-09T16:23:17Z DEBUG [error] RuntimeError: CA
>> configuration failed.
>> 2016-09-09T16:23:17Z DEBUG File
>> "/usr/lib/python2.7/site-packages/ipapython/admintool.py",
>> line 171, in
>> execute
>>
>> then at /var/log/pki/pki-tomcat/ca/system
>
> I'd suggest looking at the debug log for more details.
>
>> 0.localhost-startStop-1 - [09/Sep/2016:16:04:22 BST] [3]
>> [3] Cannot
>> build CA chain. Error
>> java.security.cert.CertificateException:
>> Certificate is not a PKCS #11 certificate
>> 0.localhost-startStop-1 - [09/Sep/2016:16:04:22 BST] [13]
>> [3] authz
>> instance DirAclAuthz initialization failed and skipped,
>> error=Property
>> internaldb.ldapconn.port missing value
>>
>> I cannot find anything more telling in the logs. Does it
>> have anything
>> to do with what's in:
>> /etc/httpd/alias/
>> ?
>
> No.
>
>> I yum removed
>> `rpm -qa ipa* 389*` pki-base krb5-pkinit krb5-server
>> krb5-workstation
>> pki-tomcat certmonger
>> rm dirs + reinstalled, yet I cannot find the the root
>> cause of this mess.
>
> I seriously doubt the problem is local to the box.
>
> rob
>
More information about the Freeipa-users
mailing list