Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
Nikalay Gromihaylo2017-10-31 18:51:38
LDAP
Nikalay Gromihaylo, 2017-10-31 18:51:38

Freeipa 4.4.4, error creating CA replica, OS Fedora 25, what's the catch?

Hello!
There are 3 containers located on different proxmox (5.0) nodes. One of the containers is a working freeipa. The other 2 should become replicas (both the ca part and the domain).
Domain replicates fine, but replica-ca-install fails.
Here's what's interesting in the log:
Loading deployment configuration from /tmp/tmpU9FpHx. Installing CA into /var/lib/pki/pki-tomcat. Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg. Importing certificates from /tmp/ca.p12:
--------------- 6 entries found
/*
certificates here
*/
Imported certificates in /etc/pki/pki-tomcat/alias:
Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI
DSTRootCAX3 C,, caSigningCert cert-pki-ca CTu,Cu,Cu auditSigningCert cert-pki-ca u,u,Pu letsencryptx3 C,, ocspSigningCert cert-pki-ca u,u,u ,u
Installation failed: com.netscape.certsrv.base.BadRequestException: Clone URI does not match available subsystems: https://ipa.my-domain:443
Please check the CA logs in /var/log/pki/pki-tomcat /ca.
2017-10-30T12:50:29Z DEBUG stderr=certutil: Could not find cert: DSTRootCAX3 : PR_FILE_NOT_FOUND_ERROR: File not found certutil: Could not find cert: letsencryptx3 : PR_FILE_NOT_FOUND_ERROR: File not found
2017-10-30T12:50:29Z CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpU9FpHx' returned non-zero exit status 1 CRITICAL See the installation logs and the following files/directories for more information: 2017-10-30T12:50:29Z last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 449, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site -packages/ipaserver/install/service.py", line 439, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 587, in __spawn_instance DogtagInstance .spawn_instance(self, cfg_file) File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 181,in spawn_instance self.handle_setup_error(e) File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 420, in handle_setup_error raise RuntimeError("%s configuration failed." % self. subsystem) RuntimeError: CA configuration failed.
after which the replica fails, I have been struggling with the problem for 3 days, please point me in the right direction).
PS Judging by active googling, I'm not the first to have such a problem, but I still haven't found a solution to the master-ip that has an ssl certificate from letsencrypt, however, it is imported into replicas. Thanks in advance)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
@
@granmer2017-11-01 14:35:40
Why doesn't authorization via LDAP (ActiveDirectory) work in Redmine? 2Reply
A
Anatoly2017-11-12 20:41:30
How to enable LDAP support in PHP 5.6.32 at compile level? 1Reply
D
Darkcloud2020-03-23 14:54:53
How to remove the ability for users to change other people's passwords in FreeIPA? 2Reply
D
DuD2017-11-19 21:10:32
Is it possible to configure OpenVPN authentication by certificate+ldap? 2Reply
N
Nikolai Savelyev2017-12-19 09:02:38
How to make debian see all groups of a user in ldap? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question