IPA Replica installation failed during CA setup

Solution Verified - Updated -

Issue

ipa-replica-manage --setup-ca /replica-info-[fqdn].gpg
...
[3/17]: configuring certificate server instance
..
ipa         : CRITICAL failed to configure ca instance Command '/usr/bin/perl
/usr/bin/pkisilent ConfigureCA -cs_hostname XXXXXXXX -cs_port 9445
-client_certdb_dir /tmp/tmp-lhZ4xM -client_certdb_pwd XXXXXXXX -preop_pin XXXXX
-domain_name IPA -admin_user admin -admin_email root@localhost -admin_password
XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa
-agent_cert_subject CN=ipa-ca-agent,O=XXXXXX -ldap_host XXXXXX -ldap_port 7389
-bind_dn cn=Directory Manager -bind_password XXXXXXXX -base_dn o=ipaca -db_name
ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true
-backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=XXXXXXX
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=XXXXX
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=XXXXX
-ca_server_cert_subject_name CN=fqdn,O=XXXXXXX
-ca_audit_signing_cert_subject_name CN=CA Audit,O=XXXXXX
-ca_sign_cert_subject_name CN=Certificate Authority,O=XXXX -external false
-clone true -clone_p12_file ca.p12 -clone_p12_password XXXXXXXX -sd_hostname
XXXXXX -sd_admin_port 443 -sd_admin_name admin -sd_admin_password XXXXXXXX
-clone_start_tls true -clone_uri https://XXXXXXX:443' returned non-zero exit
status 255

Environment

  • Red Hat Enterprise Linux
  • Identity Management

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content