Setting up FreeIPA server fails at "Configuring the web interface", step 12/21
It's in a cleanly started LXC Ubuntu Bionic container. The ppa:freeipa/ppa is also used to get tomcat 8.5.30-1ubuntu1.2
Configuring the web interface (httpd) [1/21]: stopping httpd [2/21]: backing up ssl.conf [3/21]: disabling nss.conf [4/21]: configuring mod_ssl certificate paths [5/21]: setting mod_ssl protocol list to TLSv1.0 - TLSv1.2 [6/21]: configuring mod_ssl log directory [7/21]: disabling mod_ssl OCSP [8/21]: adding URL rewriting rules [9/21]: configuring httpd [10/21]: setting up httpd keytab [11/21]: configuring Gssproxy [12/21]: setting up ssl [error] RuntimeError: Certificate issuance failed (CA_REJECTED) ipapython.admintool: ERROR Certificate issuance failed (CA_REJECTED) ipapython.admintool: ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
and in the log there is
2018-05-05T20:37:29Z DEBUG stderr= 2018-05-05T20:37:29Z DEBUG step duration: httpd configure_gssproxy 1.09 sec 2018-05-05T20:37:29Z DEBUG [12/21]: setting up ssl 2018-05-05T20:37:33Z DEBUG certmonger request is in state dbus.String(u'GENERATING_KEY_PAIR', variant_level=1) 2018-05-05T20:37:38Z DEBUG certmonger request is in state dbus.String(u'CA_REJECTED', variant_level=1) 2018-05-05T20:37:42Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 555, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 541, in run_step method() File "/usr/lib/python2.7/dist-packages/ipaserver/install/httpinstance.py", line 376, in __setup_ssl passwd_fname=key_passwd_file File "/usr/lib/python2.7/dist-packages/ipalib/install/certmonger.py", line 320, in request_and_wait_for_cert raise RuntimeError("Certificate issuance failed ({})".format(state)) RuntimeError: Certificate issuance failed (CA_REJECTED)
2018-05-05T20:37:42Z DEBUG [error] RuntimeError: Certificate issuance failed (CA_REJECTED) 2018-05-05T20:37:42Z DEBUG File "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 174, in exec ute ...
Setting up FreeIPA server fails at "Configuring the web interface", step 12/21
It's in a cleanly started LXC Ubuntu Bionic container. The ppa:freeipa/ppa is also used to get tomcat 8.5.30-1ubuntu1.2
Configuring the web interface (httpd) admintool: ERROR Certificate issuance failed (CA_REJECTED) admintool: ERROR The ipa-server-install command failed. See /var/log/ ipaserver- install. log for more information
[1/21]: stopping httpd
[2/21]: backing up ssl.conf
[3/21]: disabling nss.conf
[4/21]: configuring mod_ssl certificate paths
[5/21]: setting mod_ssl protocol list to TLSv1.0 - TLSv1.2
[6/21]: configuring mod_ssl log directory
[7/21]: disabling mod_ssl OCSP
[8/21]: adding URL rewriting rules
[9/21]: configuring httpd
[10/21]: setting up httpd keytab
[11/21]: configuring Gssproxy
[12/21]: setting up ssl
[error] RuntimeError: Certificate issuance failed (CA_REJECTED)
ipapython.
ipapython.
and in the log there is
2018-05- 05T20:37: 29Z DEBUG stderr= 05T20:37: 29Z DEBUG step duration: httpd configure_gssproxy 1.09 sec 05T20:37: 29Z DEBUG [12/21]: setting up ssl 05T20:37: 33Z DEBUG certmonger request is in state dbus.String( u'GENERATING_ KEY_PAIR' , variant_level=1) 05T20:37: 38Z DEBUG certmonger request is in state dbus.String( u'CA_REJECTED' , variant_level=1) 05T20:37: 42Z DEBUG Traceback (most recent call last): python2. 7/dist- packages/ ipaserver/ install/ service. py", line 555, in start_creation step(full_ msg, method) python2. 7/dist- packages/ ipaserver/ install/ service. py", line 541, in run_step python2. 7/dist- packages/ ipaserver/ install/ httpinstance. py", line 376, in __setup_ssl fname=key_ passwd_ file python2. 7/dist- packages/ ipalib/ install/ certmonger. py", line 320, in request_ and_wait_ for_cert "Certificate issuance failed ({})".format( state))
2018-05-
2018-05-
2018-05-
2018-05-
2018-05-
File "/usr/lib/
run_
File "/usr/lib/
method()
File "/usr/lib/
passwd_
File "/usr/lib/
raise RuntimeError(
RuntimeError: Certificate issuance failed (CA_REJECTED)
2018-05- 05T20:37: 42Z DEBUG [error] RuntimeError: Certificate issuance failed (CA_REJECTED) 05T20:37: 42Z DEBUG File "/usr/lib/ python2. 7/dist- packages/ ipapython/ admintool. py", line 174, in exec
2018-05-
ute
...