Hello team,
I have been trying to create a Docker container using Debian 10 for the FreeIPA server
installation and I am getting the following error almost at the end of the installation
after running:
ipa-server-install --no-ntp
The IPA Master Server will be configured with:
Hostname:
freeipa.test.com
IP address(es): x.x.x.x
Domain name:
test.com
Realm name:
TEST.COM
The CA will be configured with:
Subject DN: CN=Certificate
Authority,O=TEST.COM
Subject base:
O=TEST.COM
Chaining: self-signed
The interesting part is that almost finishes the installation, but fails at the end with
this. I really think is nothing related with cert as I selected self signed certificate
during the installation of the freeipa.
[11/30]: starting certificate server instance
[12/30]: configure certmonger for renewals
[13/30]: requesting RA certificate from CA
[error] RuntimeError: Certificate issuance failed (CA_REJECTED: Server at
"https://freeipa.******.com:8443/ca/agent/ca//profileProcess" replied: 1: You
did not provide a valid certificate for this operation)
Certificate issuance failed (CA_REJECTED: Server at
"https://freeipa.*****.com:8443/ca/agent/ca//profileProcess" replied: 1: You did
not provide a valid certificate for this operation)
The ipa-server-install command failed. See /var/log/ipaserver-install.log for more
information
I am not sure if there is any relation with my host file configuration, though it is
talking about the certificate in the following message.
Checking the freeipa logs I have got the following log in /var/log/ipaserver-install.log:
File "/usr/lib/python3/dist-packages/ipaserver/install/dogtaginstance.py", line
520, in handle_setup_error
raise RuntimeError("%s configuration failed." % self.subsystem)
2021-04-10T17:00:51Z DEBUG The ipa-server-install command failed, exception: RuntimeError:
CA configuration failed.
2021-04-10T17:00:51Z ERROR CA configuration failed.
*************
I provide more information: I can see the following services related with this already
running:
pki-tomcatd(a)pki-tomcat.service loaded active running PKI Tomcat Server pki-tomcat
systemd-journal-flush.service loaded active exited Flush Journal to Persistent Storage
systemd-journald.service loaded active running Journal Service
systemd-remount-fs.service loaded active exited Remount Root and Kernel File Systems
systemd-sysusers.service loaded active exited Create System Users
systemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in
/dev
systemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directories
systemd-update-utmp.service loaded active exited Update UTMP about System Boot/Shutdown
systemd-user-sessions.service loaded active exited Permit User Sessions
-.slice loaded active active Root Slice
system-dirsrv.slice loaded active active system-dirsrv.slice
system-getty.slice loaded active active system-getty.slice
system-modprobe.slice loaded active active system-modprobe.slice
system-pki\x2dtomcatd.slice loaded active active system-pki\x2dtomcatd.slice
system.slice loaded active active System Slice
dbus.socket loaded active running D-Bus System Message Bus Socket
systemd-initctl.socket loaded active listening initctl Compatibility Named Pipe
systemd-journald-dev-log.socket loaded active running Journal Socket (/dev/log)
systemd-journald.socket loaded active running Journal Socket
Not sure what is the issue. the /var/log/pki/pki-tomcat doesn't show much. : /
There is not much help with the logs, just trying to confirm if someone has seen something
similar.
Thank you for your help,