IPA Replica installation failed during CA setup
Issue
ipa-replica-manage --setup-ca /replica-info-[fqdn].gpg
...
[3/17]: configuring certificate server instance
..
ipa : CRITICAL failed to configure ca instance Command '/usr/bin/perl
/usr/bin/pkisilent ConfigureCA -cs_hostname XXXXXXXX -cs_port 9445
-client_certdb_dir /tmp/tmp-lhZ4xM -client_certdb_pwd XXXXXXXX -preop_pin XXXXX
-domain_name IPA -admin_user admin -admin_email root@localhost -admin_password
XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa
-agent_cert_subject CN=ipa-ca-agent,O=XXXXXX -ldap_host XXXXXX -ldap_port 7389
-bind_dn cn=Directory Manager -bind_password XXXXXXXX -base_dn o=ipaca -db_name
ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true
-backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=XXXXXXX
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=XXXXX
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=XXXXX
-ca_server_cert_subject_name CN=fqdn,O=XXXXXXX
-ca_audit_signing_cert_subject_name CN=CA Audit,O=XXXXXX
-ca_sign_cert_subject_name CN=Certificate Authority,O=XXXX -external false
-clone true -clone_p12_file ca.p12 -clone_p12_password XXXXXXXX -sd_hostname
XXXXXX -sd_admin_port 443 -sd_admin_name admin -sd_admin_password XXXXXXXX
-clone_start_tls true -clone_uri https://XXXXXXX:443' returned non-zero exit
status 255
Environment
- Red Hat Enterprise Linux
- Identity Management
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.