IPA Replica installation failed during CA setup
Issue
ipa-replica-manage --setup-ca /replica-info-[fqdn].gpg
...
[3/17]: configuring certificate server instance
..
ipa : CRITICAL failed to configure ca instance Command '/usr/bin/perl
/usr/bin/pkisilent ConfigureCA -cs_hostname XXXXXXXX -cs_port 9445
-client_certdb_dir /tmp/tmp-lhZ4xM -client_certdb_pwd XXXXXXXX -preop_pin XXXXX
-domain_name IPA -admin_user admin -admin_email root@localhost -admin_password
XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa
-agent_cert_subject CN=ipa-ca-agent,O=XXXXXX -ldap_host XXXXXX -ldap_port 7389
-bind_dn cn=Directory Manager -bind_password XXXXXXXX -base_dn o=ipaca -db_name
ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true
-backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=XXXXXXX
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=XXXXX
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=XXXXX
-ca_server_cert_subject_name CN=fqdn,O=XXXXXXX
-ca_audit_signing_cert_subject_name CN=CA Audit,O=XXXXXX
-ca_sign_cert_subject_name CN=Certificate Authority,O=XXXX -external false
-clone true -clone_p12_file ca.p12 -clone_p12_password XXXXXXXX -sd_hostname
XXXXXX -sd_admin_port 443 -sd_admin_name admin -sd_admin_password XXXXXXXX
-clone_start_tls true -clone_uri https://XXXXXXX:443' returned non-zero exit
status 255
Environment
- Red Hat Enterprise Linux
- Identity Management
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
