Failed to install IPA Server: Server unreachable due to SSL error: [SSL: WRONG_VERSION_NUMBER]

Solution Verified - Updated -

Issue

  • Failed to install IPA server when running ipa-server-install. Below error message was returned:

    Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
  [1/29]: configuring certificate server instance
Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpqrtqf61i'] returned non-zero exit status 1: 'Notice: Trust flag u is set automatically if the private key is present.\nERROR: Exception: Server unreachable due to SSL error: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:897)\n  File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 562, in main\n    scriptlet.spawn(deployer)\n  File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", line 836, in spawn\n    request_timeout=status_request_timeout,\n  File "/usr/lib/python3.6/site-packages/pki/server/deployment/pkihelper.py", line 911, in wait_for_startup\n    raise Exception(\'Server unreachable due to SSL error: %s\' % reason) from exc\n\n')
See the installation logs and the following files/directories for more information:
  /var/log/pki/pki-tomcat
  [error] RuntimeError: CA configuration failed.
CA configuration failed.
The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

  • Below error message was found in /var/log/ipaserver-install.log

    Installing CA into /var/lib/pki/pki-tomcat.

Installation failed: Server unreachable due to SSL error: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:897)


2020-10-28T19:59:47Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present.
ERROR: Exception: Server unreachable due to SSL error: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:897)
  File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 562, in main
    scriptlet.spawn(deployer)
  File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", line 836, in spawn
    request_timeout=status_request_timeout,
  File "/usr/lib/python3.6/site-packages/pki/server/deployment/pkihelper.py", line 911, in wait_for_startup
    raise Exception('Server unreachable due to SSL error: %s' % reason) from exc

Environment

  • Red Hat Enterprise Linux 8.2
  • Red Hat Identity Management (IdM) / FreeIPA
    • ipa-server-4.8
  • OpenJDK
    • java-1.8.0-openjdk-1.8.0.272.b10-1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content