IPA installation fails with the error : "Configuration of CA failed"
Issue
Brand new IPA installation fails with the following message:
Configuring certificate server: Estimated time 3 minutes 30 seconds
[1/17]: creating certificate server user
[2/17]: creating pki-ca instance
[3/17]: configuring certificate server instance
root : CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent 'ConfigureCA' '-cs_hostname' '<a class="make_room_for_kcs" href="http://gredv005.dev.grenergydev.com" target="_blank">gredv005.dev.grenergydev.com</a>' '-cs_port' '9445' '-client_certdb_dir' '/tmp/tmp-rokUZK' '-client_certdb_pwd' XXXXXXXX '-preop_pin' 'YWeyAGbcp5BaLmYTsOzG' '-domain_name' 'IPA' '-admin_user' 'admin' '-admin_email' 'root@localhost' '-admin_password' XXXXXXXX '-agent_name' 'ipa-ca-agent' '-agent_key_size' '2048' '-agent_key_type' 'rsa' '-agent_cert_subject' 'CN=ipa-ca-agent,O=DEV.GRENERGYDEV.COM' '-ldap_host' '<a class="make_room_for_kcs" href="http://gredv005.dev.grenergydev.com" target="_blank">gredv005.dev.grenergydev.com</a>' '-ldap_port' '7389' '-bind_dn' 'cn=Directory Manager' '-bind_password' XXXXXXXX '-base_dn' 'o=ipaca' '-db_name' 'ipaca' '-key_size' '2048' '-key_type' 'rsa' '-key_algorithm' 'SHA256withRSA' '-save_p12' 'true' '-backup_pwd' XXXXXXXX '-subsystem_name' 'pki-cad' '-token_name' 'internal' '-ca_subsystem_cert_subject_name' 'CN=CA Subsystem,O=DEV.GRENERGYDEV.COM' '-ca_ocsp_cert_subject_name' 'CN=OCSP Subsystem,O=DEV.GRENERGYDEV.COM' '-ca_server_cert_subject_name' 'CN=<a class="make_room_for_kcs" href="http://gredv005.dev.grenergydev.com" target="_blank">gredv005.dev.grenergydev.com</a>,O=DEV.GRENERGYDEV.COM' '-ca_audit_signing_cert_subject_name' 'CN=CA Audit,O=DEV.GRENERGYDEV.COM' '-ca_sign_cert_subject_name' 'CN=Certificate Authority,O=DEV.GRENERGYDEV.COM' '-external' 'false' '-clone' 'false'' returned non-zero exit status 255
Unexpected error - see ipaserver-install.log for details:
Configuration of CA failed
Environment
- Red Hat Enterprise Linux 6.2
- ipa-admintools-2.1.3-9.el6.x86_64
- ipa-client-2.1.3-9.el6.x86_64
- ipa-pki-ca-theme-9.0.3-7.el6.noarch
- ipa-pki-common-theme-9.0.3-7.el6.noarch
- ipa-python-2.1.3-9.el6.x86_64
- ipa-server-2.1.3-9.el6.x86_64
- ipa-server-selinux-2.1.3-9.el6.x86_64
- libipa_hbac-1.5.1-66.el6_2.3.x86_64
- libipa_hbac-python-1.5.1-66.el6_2.3.x86_64
- python-iniparse-0.3.1-2.1.el6.noarch
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
