Hi,
we are running a FreeIPA server instance (with an externally supplied and still valid CA
certificate) in our company network (on Fedora):
# rpm -qa *ipa-server
freeipa-server-4.8.3-1.fc31.x86_64
Somewhen in the last months the FreeIPA failed to renew its internal certificates, so now
we cannot add new user certificates anymore.
I found a few semi-recent blog posts about this topic
https://frasertweedale.github.io/blog-redhat/posts/2019-02-28-dogtag-cert...
https://frasertweedale.github.io/blog-redhat/posts/2019-05-24-ipa-cert-fi...
and tried to use the ipa-cert-fix tool to solve the problem
# ipa-cert-fix -v
unfortunately it failed... any hint what I could do to resolve this issue without
reinstalling the whole system?
Henning Rogge
Fraunhofer FKIE, Germany
[root@support-rhn ~]# ipa-cert-fix -v
ipapython.admintool: DEBUG: Not logging to a file
ipalib.install.sysrestore: DEBUG: Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
ipalib.install.sysrestore: DEBUG: Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
ipaserver.install.installutils: DEBUG: httpd is configured
ipaserver.install.installutils: DEBUG: kadmin is configured
ipaserver.install.installutils: DEBUG: dirsrv is configured
ipaserver.install.installutils: DEBUG: pki-tomcatd is configured
ipaserver.install.installutils: DEBUG: install is not configured
ipaserver.install.installutils: DEBUG: krb5kdc is configured
ipaserver.install.installutils: DEBUG: named is configured
ipaserver.install.installutils: DEBUG: filestore has files
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['pki-server', 'cert-fix',
'--help']
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=Usage: pki-server cert-fix [OPTIONS]
--cert <Cert ID> Fix specified system cert (default: all certs).
--extra-cert <Serial> Also renew cert with given serial number.
--agent-uid <String> UID of Dogtag agent user
--ldapi-socket <Path> Path to DS LDAPI socket
--ldap-url <URL> LDAP URL (mutually exclusive to --ldapi-socket)
-i, --instance <instance ID> Instance ID (default: pki-tomcat).
-p, --port <port number> Secure port number (default: 8443).
-v, --verbose Run in verbose mode.
--debug Run in debug mode.
--help Show help message.
ipapython.ipautil: DEBUG: stderr=
ipalib.plugable: DEBUG: importing all plugin modules in ipaserver.plugins...
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.aci
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.automember
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.automount
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.baseldap
ipalib.plugable: DEBUG: ipaserver.plugins.baseldap is not a valid plugin module
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.baseuser
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.batch
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.ca
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.caacl
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.cert
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.certmap
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.certprofile
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.config
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.delegation
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.dns
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.dnsserver
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.dogtag
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.domainlevel
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.group
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.hbac
ipalib.plugable: DEBUG: ipaserver.plugins.hbac is not a valid plugin module
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.hbacrule
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.hbacsvc
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.hbacsvcgroup
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.hbactest
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.host
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.hostgroup
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.idrange
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.idviews
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.internal
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.join
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.krbtpolicy
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.ldap2
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.location
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.migration
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.misc
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.netgroup
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.otp
ipalib.plugable: DEBUG: ipaserver.plugins.otp is not a valid plugin module
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.otpconfig
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.otptoken
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.passwd
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.permission
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.ping
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.pkinit
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.privilege
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.pwpolicy
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.rabase
ipalib.plugable: DEBUG: ipaserver.plugins.rabase is not a valid plugin module
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.radiusproxy
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.realmdomains
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.role
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.schema
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.selfservice
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.selinuxusermap
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.server
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.serverrole
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.serverroles
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.service
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.servicedelegation
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.session
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.stageuser
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.sudo
ipalib.plugable: DEBUG: ipaserver.plugins.sudo is not a valid plugin module
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.sudocmd
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.sudocmdgroup
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.sudorule
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.topology
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.trust
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.user
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.vault
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.virtual
ipalib.plugable: DEBUG: ipaserver.plugins.virtual is not a valid plugin module
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.whoami
ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.xmlserver
ipalib.backend: DEBUG: Created connection context.ldap2_140018425957584
ipalib.install.sysrestore: DEBUG: Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
ipalib.install.sysrestore: DEBUG: Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
ipaserver.install.dsinstance: DEBUG: Trying to find certificate subject base in
sysupgrade
ipalib.install.sysrestore: DEBUG: Loading StateFile from
'/var/lib/ipa/sysupgrade/sysupgrade.state'
ipalib.install.sysrestore: DEBUG: Loading StateFile from
'/var/lib/ipa/sysupgrade/sysupgrade.state'
ipaserver.install.dsinstance: DEBUG: Found certificate subject base in sysupgrade:
O=RHNLAB.FKIE.FRAUNHOFER.DE
ipapython.ipaldap: DEBUG: retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-RHNLAB-FKIE-FRAUNHOFER-DE.socket
conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f5893f2e810>
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['/usr/bin/certutil', '-d',
'sql:/etc/pki/pki-tomcat/alias', '-L', '-n', 'Server-Cert
cert-pki-ca', '-a', '-f',
'/etc/pki/pki-tomcat/alias/pwdfile.txt']
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=-----BEGIN CERTIFICATE-----
MIIDWzCCAkOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBEMSIwIAYDVQQKExlSSE5M
QUIuRktJRS5GUkFVTkhPRkVSLkRFMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRo
b3JpdHkwHhcNMjEwMzA0MDcxNjU0WhcNMjEwNjA0MDcxNjU0WjBUMSIwIAYDVQQK
DBlSSE5MQUIuRktJRS5GUkFVTkhPRkVSLkRFMS4wLAYDVQQDDCVzdXBwb3J0LXJo
bi5yaG5sYWIuZmtpZS5mcmF1bmhvZmVyLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAzf4f25p1eB8PbBhApOYSRd5GKu4LikVhuD5wb+vhWBjQYJaK
I2eexyRDuVoOUxJFc07J0ztAiQ5yFr5V8vnzBWXxd856GSI1lVbIV/FG82bH9782
wGnwOkfBKhp1aI+HFILfm4i69AbsIHoZtlHiGiS1spDrWjHMdHGywynSObauFgfQ
7ZkmfJnI+kyXJgPca+fcjHtkmsVFzvI2rbjpEBCwJFV4+kGmqT722rwTldqxxKmB
Bdg7YUs6SlLZ6o6XLZ6BB8g32d9M3e3Ig8oOQsQdAOzsrMrFIZvVE3O4MoWwzVr1
W2l+ukZJ0oxbRgwb6fCx6M/jh2G20b/gk0RA0wIDAQABo0gwRjAfBgNVHSMEGDAW
gBQY9syKfwtDf41k3FhuqbKUtGlb6TATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNV
HQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQELBQADggEBAG3vtmANQadB44n2ctpM+sEt
xtUIKWcai5L2XaCHfHM34JEyNi1QD7bNlgS594/9InSNsKy4U/kgbboreDN+JjP/
18+og6yQ/FKspVV3paTV54y6uKcagB1rwxjUmYUFrBnem7DrDT0aM+WOp+UjOh3Z
AVKWxXHYpBTZbMzUmi/Ux8xw965yLua3RkKZnFCt5eswArHVQY0OddZBSB9Zjtwj
xK7LGior78ACmFvb2GR5iB6UCnDPO8pl+CSv6l4UycsuD2wmTgBhEyLkeJr9kz+n
id9RVEzW5X6LLMzd5Tk/KL0MecEGF+eRifZ0IeaPhtycTVl2BJOjBfe03t/OlvM=
-----END CERTIFICATE-----
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['/usr/bin/certutil', '-d',
'sql:/etc/pki/pki-tomcat/alias', '-L', '-n', 'subsystemCert
cert-pki-ca', '-a', '-f',
'/etc/pki/pki-tomcat/alias/pwdfile.txt']
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=-----BEGIN CERTIFICATE-----
MIIDkTCCAnmgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBEMSIwIAYDVQQKExlSSE5M
QUIuRktJRS5GUkFVTkhPRkVSLkRFMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRo
b3JpdHkwHhcNMTkwMjIwMTIxNTA1WhcNMjEwMjA5MTIxNTA1WjA7MSIwIAYDVQQK
DBlSSE5MQUIuRktJRS5GUkFVTkhPRkVSLkRFMRUwEwYDVQQDDAxDQSBTdWJzeXN0
ZW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8Jpy5bBV5zsDSGHfI
yfgibz50iWANCbRzJLGuX9xsi3NjxDqRTY3SJy6RdydaVLhCtfa2odu3PbptDt/m
WS5TcQwSJmcPbHKXAyH5IfuvCddrW9ELVZATitfw5RmArs7g/X5xb87eV2XSJ9QW
sSXtCcTKgcByWL9guUZEyDBK5xYo7FmlDGP0zku6dHddiVCIax6SiXvGqQP1MMep
tPyM5opdi48rFuyvZriKGcTyIn5zIvhpUo7guFjv4T7oKldJyoePBwHJmWTn2EDv
MJroqc0/6gRYDfj2cZ0vJ/CsVWwwY9GeXo+Kl9+faq6aUxqTcSBkRuJc5w5y/g9Z
lRRFAgMBAAGjgZYwgZMwHwYDVR0jBBgwFoAUGPbMin8LQ3+NZNxYbqmylLRpW+kw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzABhi9odHRwOi8vaXBhLWNhLnJobmxh
Yi5ma2llLmZyYXVuaG9mZXIuZGUvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYD
VR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAFbtpzk7dQbuNNG9
nZz2TW1pY30hHNEPIQ7gHqymM2TCadiXkeXrpLCk9wvCW25jq/O31O1Rex35NLdU
03Xr7Gp2WqBTqk7Dadc/KWR25UTzWxDgOdsYviypDexUZHxkvDc17jM00fy9ieGb
qwovt48U6UiMSYXGb9WcDcDGa9BzTMkILJpoec7JMQ/mAROOS0rKR9Y/gVflR2dP
7MY/BFpGdjiFASulV6Ejj7e+RaorwQ5LXbed+9EL+dq/2eAthNca5aW4qu3G/h++
mhOWUkY+lGSOLg5OzNpwYNSxYxbi+t4sq4qw4KuFzs1btG71QiyVSPs4EW40nE9X
Pzjm0mM=
-----END CERTIFICATE-----
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['/usr/bin/certutil', '-d',
'sql:/etc/pki/pki-tomcat/alias', '-L', '-n', 'ocspSigningCert
cert-pki-ca', '-a', '-f',
'/etc/pki/pki-tomcat/alias/pwdfile.txt']
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=-----BEGIN CERTIFICATE-----
MIIDlDCCAnygAwIBAgIBATANBgkqhkiG9w0BAQsFADBEMSIwIAYDVQQKExlSSE5M
QUIuRktJRS5GUkFVTkhPRkVSLkRFMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRo
b3JpdHkwHhcNMTkwMjIwMTIxNTAyWhcNMjEwMjA5MTIxNTAyWjA9MSIwIAYDVQQK
DBlSSE5MQUIuRktJRS5GUkFVTkhPRkVSLkRFMRcwFQYDVQQDDA5PQ1NQIFN1YnN5
c3RlbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMhL15A0ZIswS1bA
DUUBw+Fd0bA1Zaggz6kTKmjEVUta54DipL9QC6GQMP34mIq4zZgx7HIt/7/qjupT
kUT1MMpwWWgB1ofOxuOgJmQExzJlP8uv4dv1Hwr8HAJV4lqcossA3/ibceb3Js0A
/QYpkBvcN7UiPTzomDcz/v/ITm9G4MYDDn6hGsrlFr6Gkl3iKtWQwp+hmQNJcEuL
IegX0BwcLcD7+zUJG15NVYbPAgu3kWb4tCXzjs94IeyB+ERYITIuQKy80kZCkzXV
3vKC5KZyjTfH6MJgLAQkavmLTGEAV52T1k9LQPNNC+hopRCu0TwrC4m6Gn0PAoQ/
xlYXJisCAwEAAaOBlzCBlDAfBgNVHSMEGDAWgBQY9syKfwtDf41k3FhuqbKUtGlb
6TBLBggrBgEFBQcBAQQ/MD0wOwYIKwYBBQUHMAGGL2h0dHA6Ly9pcGEtY2Eucmhu
bGFiLmZraWUuZnJhdW5ob2Zlci5kZS9jYS9vY3NwMBMGA1UdJQQMMAoGCCsGAQUF
BwMJMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQELBQADggEBABi32zg2GuOw
OAaEdwy5kNqb/Ah3DRBvvdUm/0lSvxhtlLP7VSdadKFWfcUYy5IseZbnBB5CV15c
3k8tRc6kDI2RB4vspBb1n+RfVc9C5B30q+CWJ1DLJjQXNoUxKNLuN6Ls2/fjb22W
wCGQ8Fmd6n1dVO6cEh/MQv5VhGImqxk1hL1PoX0tjn/cAdgyY1wVAGuqU86bAKVS
Y52rbFVpa8/QOUA6V/N1i9YgU8rPTFQ1CqHEb6N/c9OGpEOl3xsJiiR9uQYqvx54
E7xHyLD4sJFrau1Ir2eFBB1CuCiVDxhgA9MgfBFF35TXWgrUMCCvTpaM6BuMcPdD
0uLBwSt9JfI=
-----END CERTIFICATE-----
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['/usr/bin/certutil', '-d',
'sql:/etc/pki/pki-tomcat/alias', '-L', '-n', 'auditSigningCert
cert-pki-ca', '-a', '-f',
'/etc/pki/pki-tomcat/alias/pwdfile.txt']
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=-----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIBBDANBgkqhkiG9w0BAQsFADBEMSIwIAYDVQQKExlSSE5M
QUIuRktJRS5GUkFVTkhPRkVSLkRFMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRo
b3JpdHkwHhcNMTkwMjIwMTIxNTA3WhcNMjEwMjA5MTIxNTA3WjA3MSIwIAYDVQQK
DBlSSE5MQUIuRktJRS5GUkFVTkhPRkVSLkRFMREwDwYDVQQDDAhDQSBBdWRpdDCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAs+20SRgE3mE0CPCECL16/
ooQ70VvQycefH0OjnjFwSnaDP1hHsQHs516m4lXULEsNOEoR0ce2r98v6Iep7AWC
Prupow8rtY35io847kIIraj3DvmBQFuJvwZSEFASdaetR81KbmDNlpzZr6xQ0z8j
eXnlj+e+g7eDXXENKVmMbHqCBQQje2zGLyC+ahQjB50wlMFR8VWwW+iHmjbY2itf
4MmQijEeWj6t3K1MuM7uj7hokW/4KF/hWoUXONSmnBpT/WD226dr/JQiRsHiz9Gv
J/8aEwjlmpFinHn6+C3q1GpK1+yEMrCwowYfD3+SuVx8V4xzCY3WWvPN7ORtUG0C
AwEAAaOBgDB+MB8GA1UdIwQYMBaAFBj2zIp/C0N/jWTcWG6pspS0aVvpMA4GA1Ud
DwEB/wQEAwIGwDBLBggrBgEFBQcBAQQ/MD0wOwYIKwYBBQUHMAGGL2h0dHA6Ly9p
cGEtY2EucmhubGFiLmZraWUuZnJhdW5ob2Zlci5kZS9jYS9vY3NwMA0GCSqGSIb3
DQEBCwUAA4IBAQB7qQcW3MXCDqpFooaIGF3IIYo8JJTd7FSU+BgxErr46aPaqbSl
yodPyy0FxPEw+xrHASbqxJo3J1G/6JhvzgCXZvR7NEWcwup4Vni6jKmUEFwZ8gcI
GEVc7B9ORGmxfx7w91E0DsQfGhQV93nsmTixhfx7gJm7GfaPsXX83pvASC2cBDgb
St86j5n8Rv8JedQ+7ptG1GuXD8J5GgDjLeLZDO9i+d8KsHAMuVxGFQB7pcjs1tW9
osX87THDG1C4SFpJFXfXvzsFw5ALIMT2m2Px/TkOuUlWnhYp+Rs5DgvTDX4+WRPi
5+lLDURyYUUscgvpYgiEQvdgWXujTS93Dkt6
-----END CERTIFICATE-----
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['/usr/bin/certutil', '-d',
'sql:/etc/pki/pki-tomcat/alias', '-L', '-n', 'transportCert
cert-pki-kra', '-a', '-f',
'/etc/pki/pki-tomcat/alias/pwdfile.txt']
ipapython.ipautil: DEBUG: Process finished, return code=255
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=certutil: Could not find cert: transportCert
cert-pki-kra
: PR_FILE_NOT_FOUND_ERROR: File not found
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['/usr/bin/certutil', '-d',
'sql:/etc/pki/pki-tomcat/alias', '-L', '-n', 'storageCert
cert-pki-kra', '-a', '-f',
'/etc/pki/pki-tomcat/alias/pwdfile.txt']
ipapython.ipautil: DEBUG: Process finished, return code=255
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=certutil: Could not find cert: storageCert cert-pki-kra
: PR_FILE_NOT_FOUND_ERROR: File not found
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['/usr/bin/certutil', '-d',
'sql:/etc/pki/pki-tomcat/alias', '-L', '-n', 'auditSigningCert
cert-pki-kra', '-a', '-f',
'/etc/pki/pki-tomcat/alias/pwdfile.txt']
ipapython.ipautil: DEBUG: Process finished, return code=255
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=certutil: Could not find cert: auditSigningCert
cert-pki-kra
: PR_FILE_NOT_FOUND_ERROR: File not found
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['/usr/bin/certutil', '-d',
'sql:/etc/dirsrv/slapd-RHNLAB-FKIE-FRAUNHOFER-DE/', '-L', '-n',
'Server-Cert', '-a', '-f',
'/etc/dirsrv/slapd-RHNLAB-FKIE-FRAUNHOFER-DE/pwdfile.txt']
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgIBczANBgkqhkiG9w0BAQsFADBEMSIwIAYDVQQKExlSSE5M
QUIuRktJRS5GUkFVTkhPRkVSLkRFMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRo
b3JpdHkwHhcNMjEwMTIzMTIyNDM2WhcNMjMwMTI0MTIyNDM2WjBUMSIwIAYDVQQK
DBlSSE5MQUIuRktJRS5GUkFVTkhPRkVSLkRFMS4wLAYDVQQDDCVzdXBwb3J0LXJo
bi5yaG5sYWIuZmtpZS5mcmF1bmhvZmVyLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAvyDl9I62Vo9Je5U2jvae9oTUN6OCRnoBWyzn4GPh5MNeDm7v
9JKeRJugxkT2wvJf5s8AHTdulYhBxk5dmjin0v/6e4j1it4oEBfL03ggjdLJ2+3+
/a663aT0o3YCwMUsDazY6+uJit3z6mYwUtAECUU+qj37CF2e/3NAgWaJLD7R+LnZ
B+D/o+kuwejudUbMMnXYGOa3wj29LZyJ8DnS+Ji0mBuKlvcUw3zEmSTq8RxCnK/v
uYXbFRyMhJBUwQfmfi8G9VVP3P10OHD1tf3mcYdV6zV4ApaPU+iKobKGkObUwumI
keG1Pl2WCMDKJ3DIySTJn1GVq/6SzIOaB6LRcwIDAQABo4ICNzCCAjMwHwYDVR0j
BBgwFoAUGPbMin8LQ3+NZNxYbqmylLRpW+kwSwYIKwYBBQUHAQEEPzA9MDsGCCsG
AQUFBzABhi9odHRwOi8vaXBhLWNhLnJobmxhYi5ma2llLmZyYXVuaG9mZXIuZGUv
Y2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMIGEBgNVHR8EfTB7MHmgQaA/hj1odHRwOi8vaXBhLWNhLnJobmxhYi5m
a2llLmZyYXVuaG9mZXIuZGUvaXBhL2NybC9NYXN0ZXJDUkwuYmluojSkMjAwMQ4w
DAYDVQQKDAVpcGFjYTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0G
A1UdDgQWBBSnyP9CPlRgyi7FT51ReCjB6gggXDCB7QYDVR0RBIHlMIHigiVzdXBw
b3J0LXJobi5yaG5sYWIuZmtpZS5mcmF1bmhvZmVyLmRloFQGCisGAQQBgjcUAgOg
RgxEbGRhcC9zdXBwb3J0LXJobi5yaG5sYWIuZmtpZS5mcmF1bmhvZmVyLmRlQFJI
TkxBQi5GS0lFLkZSQVVOSE9GRVIuREWgYwYGKwYBBQICoFkwV6AbGxlSSE5MQUIu
RktJRS5GUkFVTkhPRkVSLkRFoTgwNqADAgEBoS8wLRsEbGRhcBslc3VwcG9ydC1y
aG4ucmhubGFiLmZraWUuZnJhdW5ob2Zlci5kZTANBgkqhkiG9w0BAQsFAAOCAQEA
cIBxuXBVEHzyjiLJuLoRov5PT1L6CGwzaKgJBKuw6kTeERe5l2Uq99KTp8ATkdQu
H68HGyrpGqDRXVmuikZFHu/7z7USul5+ELSe7iGHlTkb4YMArNUdf+53gQLTPCDR
egcSo9+aCQGX3vZ+VEFd2RY+z09tBKW32dxZ3Rgv5W7T64jcCem6fqdzJgax4bDi
2EWO9P9bQ6GyYNE/jRACgPjwU2f4zgtn3ttUL0P6oHk6VXx+ToU9Cr6/f7vlV0DE
ek1C41OjHBAzJ0AeZjN7SX2PK+qkoTOTT1Vy5+V0iJpYQa0b3zTuq+M4JMQXVc4q
/r5NX9S7xYLxGPOD43/FpQ==
-----END CERTIFICATE-----
ipapython.ipautil: DEBUG: stderr=
WARNING
ipa-cert-fix is intended for recovery when expired certificates
prevent the normal operation of FreeIPA. It should ONLY be used
in such scenarios, and backup of the system, especially certificates
and keys, is STRONGLY RECOMMENDED.
The following certificates will be renewed:
Dogtag subsystem certificate:
Subject: CN=CA Subsystem,O=RHNLAB.FKIE.FRAUNHOFER.DE
Serial: 3
Expires: 2021-02-09 12:15:05
Dogtag ca_ocsp_signing certificate:
Subject: CN=OCSP Subsystem,O=RHNLAB.FKIE.FRAUNHOFER.DE
Serial: 1
Expires: 2021-02-09 12:15:02
Dogtag ca_audit_signing certificate:
Subject: CN=CA Audit,O=RHNLAB.FKIE.FRAUNHOFER.DE
Serial: 4
Expires: 2021-02-09 12:15:07
IPA IPA RA certificate:
Subject: CN=IPA RA,O=RHNLAB.FKIE.FRAUNHOFER.DE
Serial: 6
Expires: 2021-02-09 12:18:08
Enter "yes" to proceed: yes
Proceeding.
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['pki-server', 'cert-fix',
'--ldapi-socket', '/var/run/slapd-RHNLAB-FKIE-FRAUNHOFER-DE.socket',
'--agent-uid', 'ipara', '--cert', 'subsystem',
'--cert', 'ca_ocsp_signing', '--cert', 'ca_audit_signing',
'--extra-cert', '6']
ipapython.ipautil: DEBUG: Process finished, return code=1
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=INFO: Loading instance: pki-tomcat
INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf
INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf
INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf
INFO: Loading password config: /etc/pki/pki-tomcat/password.conf
INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat
INFO: Loading subsystem: ca
INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg
INFO: Fixing the following system certs: ['subsystem', 'ca_ocsp_signing',
'ca_audit_signing']
INFO: Renewing the following additional certs: ['6']
INFO: Stopping the instance to proceed with system cert renewal
INFO: Configuring LDAP password authentication
INFO: Setting pkidbuser password via ldappasswd
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
INFO: Selftests disabled for subsystems: ca
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
INFO: Resetting password for uid=ipara,ou=people,o=ipaca
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
INFO: Starting the instance
INFO: Sleeping for 10 seconds to allow server time to start...
INFO: Requesting new cert for subsystem
INFO: Getting subsystem cert info for ca from CS.cfg
INFO: Getting subsystem cert info for ca from NSS database
INFO: Trying to setup a secure connection to CA subsystem.
INFO: Stopping the instance
INFO: Selftests enabled for subsystems: ca
INFO: Restoring previous LDAP configuration
Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672,
in urlopen
chunked=chunked,
File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 376,
in _make_request
self._validate_conn(conn)
File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 994,
in _validate_conn
conn.connect()
File "/usr/lib/python3.7/site-packages/urllib3/connection.py", line 394, in
connect
ssl_context=context,
File "/usr/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 370, in
ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib64/python3.7/ssl.py", line 423, in wrap_socket
session=session
File "/usr/lib64/python3.7/ssl.py", line 870, in _create
self.do_handshake()
File "/usr/lib64/python3.7/ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
OSError: [Errno 0] Error
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/requests/adapters.py", line 449, in
send
timeout=timeout
File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 720,
in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File "/usr/lib/python3.7/site-packages/urllib3/util/retry.py", line 400, in
increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/lib/python3.7/site-packages/urllib3/packages/six.py", line 692, in
reraise
raise value.with_traceback(tb)
File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672,
in urlopen
chunked=chunked,
File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 376,
in _make_request
self._validate_conn(conn)
File "/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 994,
in _validate_conn
conn.connect()
File "/usr/lib/python3.7/site-packages/urllib3/connection.py", line 394, in
connect
ssl_context=context,
File "/usr/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 370, in
ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib64/python3.7/ssl.py", line 423, in wrap_socket
session=session
File "/usr/lib64/python3.7/ssl.py", line 870, in _create
self.do_handshake()
File "/usr/lib64/python3.7/ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
urllib3.exceptions.ProtocolError: ('Connection aborted.', OSError(0,
'Error'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/pki/server/pkiserver.py", line 38, in
<module>
cli.execute(sys.argv)
File "/usr/lib/python3.7/site-packages/pki/server/cli/__init__.py", line 142,
in execute
super(PKIServerCLI, self).execute(args)
File "/usr/lib/python3.7/site-packages/pki/cli/__init__.py", line 204, in
execute
module.execute(module_args)
File "/usr/lib/python3.7/site-packages/pki/cli/__init__.py", line 204, in
execute
module.execute(module_args)
File "/usr/lib/python3.7/site-packages/pki/server/cli/cert.py", line 1256, in
execute
username=agent_uid, password=agent_pass, secure_port=port)
File "/usr/lib/python3.7/site-packages/pki/server/__init__.py", line 1763, in
cert_create
username, password, subsystem_name='ca', secure_port=secure_port)
File "/usr/lib/python3.7/site-packages/pki/server/__init__.py", line 711, in
setup_password_authentication
account_client.login()
File "/usr/lib/python3.7/site-packages/pki/__init__.py", line 423, in handler
return fn_call(inst, *args, **kwargs)
File "/usr/lib/python3.7/site-packages/pki/account.py", line 56, in login
self.connection.get('/rest/account/login')
File "/usr/lib/python3.7/site-packages/pki/client.py", line 46, in wrapper
return func(self, *args, **kwargs)
File "/usr/lib/python3.7/site-packages/pki/client.py", line 163, in get
timeout=timeout,
File "/usr/lib/python3.7/site-packages/requests/sessions.py", line 546, in
get
return self.request('GET', url, **kwargs)
File "/usr/lib/python3.7/site-packages/requests/sessions.py", line 533, in
request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3.7/site-packages/requests/sessions.py", line 646, in
send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3.7/site-packages/requests/adapters.py", line 498, in
send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', OSError(0,
'Error'))
ERROR: ('Connection aborted.', OSError(0, 'Error'))
ipapython.admintool: DEBUG: File
"/usr/lib/python3.7/site-packages/ipapython/admintool.py", line 179, in execute
return_value = self.run()
File "/usr/lib/python3.7/site-packages/ipaserver/install/ipa_cert_fix.py",
line 118, in run
run_cert_fix(certs, extra_certs)
File "/usr/lib/python3.7/site-packages/ipaserver/install/ipa_cert_fix.py",
line 246, in run_cert_fix
ipautil.run(cmd, raiseonerr=True)
File "/usr/lib/python3.7/site-packages/ipapython/ipautil.py", line 598, in
run
p.returncode, arg_string, output_log, error_log
ipapython.admintool: DEBUG: The ipa-cert-fix command failed, exception:
CalledProcessError: CalledProcessError(Command ['pki-server', 'cert-fix',
'--ldapi-socket', '/var/run/slapd-RHNLAB-FKIE-FRAUNHOFER-DE.socket',
'--agent-uid', 'ipara', '--cert', 'subsystem',
'--cert', 'ca_ocsp_signing', '--cert', 'ca_audit_signing',
'--extra-cert', '6'] returned non-zero exit status 1: 'INFO: Loading
instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO:
Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat
config: /etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config:
/etc/pki/pki-tomcat/password.conf\nINFO: Loading instance registry:
/etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: Loading subsystem: ca\nINFO:
Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Fixing the
following system certs: [\'subsystem\', \'ca_ocsp_signing\',
\'ca_audit_signing\']\nINFO: Renewing the following additional certs:
[\'6\']\nINFO: Stopping the instance to proceed with system cert renewal\nINFO:
Configuring LDAP password authentication\nINFO: Setting pkidbuser password via
ldappasswd\nSASL/EXTERNAL authentication started\nSASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nINFO: Selftests
disabled for subsystems: ca\nSASL/EXTERNAL authentication started\nSASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nINFO: Resetting
password for uid=ipara,ou=people,o=ipaca\nSASL/EXTERNAL authentication started\nSASL
username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nINFO:
Starting the instance\nINFO: Sleeping for 10 seconds to allow server time to
start...\nINFO: Requesting new cert for subsystem\nINFO: Getting subsystem cert info for
ca from CS.cfg\nINFO: Getting subsystem cert info for ca from NSS database\nINFO: Trying
to setup a secure connection to CA subsystem.\nINFO: Stopping the instance\nINFO:
Selftests enabled for subsystems: ca\nINFO: Restoring previous LDAP
configuration\nTraceback (most recent call last):\n File
"/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672, in
urlopen\n chunked=chunked,\n File
"/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 376, in
_make_request\n self._validate_conn(conn)\n File
"/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 994, in
_validate_conn\n conn.connect()\n File
"/usr/lib/python3.7/site-packages/urllib3/connection.py", line 394, in connect\n
ssl_context=context,\n File
"/usr/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 370, in
ssl_wrap_socket\n return context.wrap_socket(sock, server_hostname=server_hostname)\n
File "/usr/lib64/python3.7/ssl.py", line 423, in wrap_socket\n
session=session\n File "/usr/lib64/python3.7/ssl.py", line 870, in _create\n
self.do_handshake()\n File "/usr/lib64/python3.7/ssl.py", line 1139, in
do_handshake\n self._sslobj.do_handshake()\nOSError: [Errno 0] Error\n\nDuring handling
of the above exception, another exception occurred:\n\nTraceback (most recent call
last):\n File "/usr/lib/python3.7/site-packages/requests/adapters.py", line
449, in send\n timeout=timeout\n File
"/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 720, in
urlopen\n method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]\n File
"/usr/lib/python3.7/site-packages/urllib3/util/retry.py", line 400, in
increment\n raise six.reraise(type(error), error, _stacktrace)\n File
"/usr/lib/python3.7/site-packages/urllib3/packages/six.py", line 692, in
reraise\n raise value.with_traceback(tb)\n File
"/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672, in
urlopen\n chunked=chunked,\n File
"/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 376, in
_make_request\n self._validate_conn(conn)\n File
"/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 994, in
_validate_conn\n conn.connect()\n File
"/usr/lib/python3.7/site-packages/urllib3/connection.py", line 394, in connect\n
ssl_context=context,\n File
"/usr/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 370, in
ssl_wrap_socket\n return context.wrap_socket(sock, server_hostname=server_hostname)\n
File "/usr/lib64/python3.7/ssl.py", line 423, in wrap_socket\n
session=session\n File "/usr/lib64/python3.7/ssl.py", line 870, in _create\n
self.do_handshake()\n File "/usr/lib64/python3.7/ssl.py", line 1139, in
do_handshake\n self._sslobj.do_handshake()\nurllib3.exceptions.ProtocolError:
(\'Connection aborted.\', OSError(0, \'Error\'))\n\nDuring handling of the
above exception, another exception occurred:\n\nTraceback (most recent call last):\n File
"/usr/lib/python3.7/site-packages/pki/server/pkiserver.py", line 38, in
<module>\n cli.execute(sys.argv)\n File
"/usr/lib/python3.7/site-packages/pki/server/cli/__init__.py", line 142, in
execute\n super(PKIServerCLI, self).execute(args)\n File
"/usr/lib/python3.7/site-packages/pki/cli/__init__.py", line 204, in execute\n
module.execute(module_args)\n File
"/usr/lib/python3.7/site-packages/pki/cli/__init__.py", line 204, in execute\n
module.execute(module_args)\n File
"/usr/lib/python3.7/site-packages/pki/server/cli/cert.py", line 1256, in
execute\n username=agent_uid, password=agent_pass, secure_port=port)\n File
"/usr/lib/python3.7/site-packages/pki/server/__init__.py", line 1763, in
cert_create\n username, password, subsystem_name=\'ca\',
secure_port=secure_port)\n File
"/usr/lib/python3.7/site-packages/pki/server/__init__.py", line 711, in
setup_password_authentication\n account_client.login()\n File
"/usr/lib/python3.7/site-packages/pki/__init__.py", line 423, in handler\n
return fn_call(inst, *args, **kwargs)\n File
"/usr/lib/python3.7/site-packages/pki/account.py", line 56, in login\n
self.connection.get(\'/rest/account/login\')\n File
"/usr/lib/python3.7/site-packages/pki/client.py", line 46, in wrapper\n
return func(self, *args, **kwargs)\n File
"/usr/lib/python3.7/site-packages/pki/client.py", line 163, in get\n
timeout=timeout,\n File
"/usr/lib/python3.7/site-packages/requests/sessions.py", line 546, in get\n
return self.request(\'GET\', url, **kwargs)\n File
"/usr/lib/python3.7/site-packages/requests/sessions.py", line 533, in request\n
resp = self.send(prep, **send_kwargs)\n File
"/usr/lib/python3.7/site-packages/requests/sessions.py", line 646, in send\n
r = adapter.send(request, **kwargs)\n File
"/usr/lib/python3.7/site-packages/requests/adapters.py", line 498, in send\n
raise ConnectionError(err, request=request)\nrequests.exceptions.ConnectionError:
(\'Connection aborted.\', OSError(0, \'Error\'))\nERROR: (\'Connection
aborted.\', OSError(0, \'Error\'))\n')
ipapython.admintool: ERROR: CalledProcessError(Command ['pki-server',
'cert-fix', '--ldapi-socket',
'/var/run/slapd-RHNLAB-FKIE-FRAUNHOFER-DE.socket', '--agent-uid',
'ipara', '--cert', 'subsystem', '--cert',
'ca_ocsp_signing', '--cert', 'ca_audit_signing',
'--extra-cert', '6'] returned non-zero exit status 1: 'INFO: Loading
instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO:
Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat
config: /etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config:
/etc/pki/pki-tomcat/password.conf\nINFO: Loading instance registry:
/etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: Loading subsystem: ca\nINFO:
Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Fixing the
following system certs: [\'subsystem\', \'ca_ocsp_signing\',
\'ca_audit_signing\']\nINFO: Renewing the following additional certs:
[\'6\']\nINFO: Stopping the instance to proceed with system cert renewal\nINFO:
Configuring LDAP password authentication\nINFO: Setting pkidbuser password via
ldappasswd\nSASL/EXTERNAL authentication started\nSASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nINFO: Selftests
disabled for subsystems: ca\nSASL/EXTERNAL authentication started\nSASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nINFO: Resetting
password for uid=ipara,ou=people,o=ipaca\nSASL/EXTERNAL authentication started\nSASL
username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nINFO:
Starting the instance\nINFO: Sleeping for 10 seconds to allow server time to
start...\nINFO: Requesting new cert for subsystem\nINFO: Getting subsystem cert info for
ca from CS.cfg\nINFO: Getting subsystem cert info for ca from NSS database\nINFO: Trying
to setup a secure connection to CA subsystem.\nINFO: Stopping the instance\nINFO:
Selftests enabled for subsystems: ca\nINFO: Restoring previous LDAP
configuration\nTraceback (most recent call last):\n File
"/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672, in
urlopen\n chunked=chunked,\n File
"/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 376, in
_make_request\n self._validate_conn(conn)\n File
"/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 994, in
_validate_conn\n conn.connect()\n File
"/usr/lib/python3.7/site-packages/urllib3/connection.py", line 394, in connect\n
ssl_context=context,\n File
"/usr/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 370, in
ssl_wrap_socket\n return context.wrap_socket(sock, server_hostname=server_hostname)\n
File "/usr/lib64/python3.7/ssl.py", line 423, in wrap_socket\n
session=session\n File "/usr/lib64/python3.7/ssl.py", line 870, in _create\n
self.do_handshake()\n File "/usr/lib64/python3.7/ssl.py", line 1139, in
do_handshake\n self._sslobj.do_handshake()\nOSError: [Errno 0] Error\n\nDuring handling
of the above exception, another exception occurred:\n\nTraceback (most recent call
last):\n File "/usr/lib/python3.7/site-packages/requests/adapters.py", line
449, in send\n timeout=timeout\n File
"/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 720, in
urlopen\n method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]\n File
"/usr/lib/python3.7/site-packages/urllib3/util/retry.py", line 400, in
increment\n raise six.reraise(type(error), error, _stacktrace)\n File
"/usr/lib/python3.7/site-packages/urllib3/packages/six.py", line 692, in
reraise\n raise value.with_traceback(tb)\n File
"/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672, in
urlopen\n chunked=chunked,\n File
"/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 376, in
_make_request\n self._validate_conn(conn)\n File
"/usr/lib/python3.7/site-packages/urllib3/connectionpool.py", line 994, in
_validate_conn\n conn.connect()\n File
"/usr/lib/python3.7/site-packages/urllib3/connection.py", line 394, in connect\n
ssl_context=context,\n File
"/usr/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 370, in
ssl_wrap_socket\n return context.wrap_socket(sock, server_hostname=server_hostname)\n
File "/usr/lib64/python3.7/ssl.py", line 423, in wrap_socket\n
session=session\n File "/usr/lib64/python3.7/ssl.py", line 870, in _create\n
self.do_handshake()\n File "/usr/lib64/python3.7/ssl.py", line 1139, in
do_handshake\n self._sslobj.do_handshake()\nurllib3.exceptions.ProtocolError:
(\'Connection aborted.\', OSError(0, \'Error\'))\n\nDuring handling of the
above exception, another exception occurred:\n\nTraceback (most recent call last):\n File
"/usr/lib/python3.7/site-packages/pki/server/pkiserver.py", line 38, in
<module>\n cli.execute(sys.argv)\n File
"/usr/lib/python3.7/site-packages/pki/server/cli/__init__.py", line 142, in
execute\n super(PKIServerCLI, self).execute(args)\n File
"/usr/lib/python3.7/site-packages/pki/cli/__init__.py", line 204, in execute\n
module.execute(module_args)\n File
"/usr/lib/python3.7/site-packages/pki/cli/__init__.py", line 204, in execute\n
module.execute(module_args)\n File
"/usr/lib/python3.7/site-packages/pki/server/cli/cert.py", line 1256, in
execute\n username=agent_uid, password=agent_pass, secure_port=port)\n File
"/usr/lib/python3.7/site-packages/pki/server/__init__.py", line 1763, in
cert_create\n username, password, subsystem_name=\'ca\',
secure_port=secure_port)\n File
"/usr/lib/python3.7/site-packages/pki/server/__init__.py", line 711, in
setup_password_authentication\n account_client.login()\n File
"/usr/lib/python3.7/site-packages/pki/__init__.py", line 423, in handler\n
return fn_call(inst, *args, **kwargs)\n File
"/usr/lib/python3.7/site-packages/pki/account.py", line 56, in login\n
self.connection.get(\'/rest/account/login\')\n File
"/usr/lib/python3.7/site-packages/pki/client.py", line 46, in wrapper\n
return func(self, *args, **kwargs)\n File
"/usr/lib/python3.7/site-packages/pki/client.py", line 163, in get\n
timeout=timeout,\n File
"/usr/lib/python3.7/site-packages/requests/sessions.py", line 546, in get\n
return self.request(\'GET\', url, **kwargs)\n File
"/usr/lib/python3.7/site-packages/requests/sessions.py", line 533, in request\n
resp = self.send(prep, **send_kwargs)\n File
"/usr/lib/python3.7/site-packages/requests/sessions.py", line 646, in send\n
r = adapter.send(request, **kwargs)\n File
"/usr/lib/python3.7/site-packages/requests/adapters.py", line 498, in send\n
raise ConnectionError(err, request=request)\nrequests.exceptions.ConnectionError:
(\'Connection aborted.\', OSError(0, \'Error\'))\nERROR: (\'Connection
aborted.\', OSError(0, \'Error\'))\n')
ipapython.admintool: ERROR: The ipa-cert-fix command failed.
[root@support-rhn ~]#