There is no support for FUTURE policy and will never be.

Once components of the FUTURE policy get trickled down to DEFAULT and FIPS, they get tested against and supported. However, running in FUTURE is not supported.

/ Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland

On Thu, 29 May 2025, 15.56 Entrepreneur AJ via FreeIPA-users, < freeipa-users@lists.fedorahosted.org> wrote:

Cross posted on https://lists.dogtagpki.org/archives/list/users@lists.dogtagpki.org/thread/O... but looks like the community there has dwindled:

On a fresh install of Alma Linux 9.6 I ran update-crypto-policies --set FUTURE then rebooted my system.

I then attempted to install FreeIPA Server which failed due with the following message: 2025-05-29T12:26:11Z DEBUG The ipa-server-install command failed, exception: RuntimeError: CA configuration failed. 2025-05-29T12:26:11Z ERROR CA configuration failed. 2025-05-29T12:26:11Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

I looked further back in the logs to find: INFO: Creating new temp SSL server cert for ipa1.man-gb.eajglobal.net DEBUG: Command: pki -d /var/lib/pki/pki-tomcat/conf/alias -f /var/lib/pki/pki-tomcat/conf/password.conf nss-cert-request --subject cn=ipa1.man-gb.eajglobal.net,o=2025-05-29 13:25:36 --csr /tmp/tmpdvz_k8lc/sslserver.csr --key-type RSA --key-size 2048 --hash SHA256 --debug FINE: Initializing NSS FINE: Logging into internal token FINE: Using internal token FINE: NSSDatabase: Creating RSA key FINE: NSSDatabase: - size: 2048 FINE: CryptoUtil: Generating KRA key pair FINE: CryptoUtil: - temporary: null FINE: CryptoUtil: - sensitive: null FINE: CryptoUtil: - extractable: null FINE: CryptoUtil: generateRSAKeyPair with key usage FINE: CryptoUtil: generateRSAKeyPair with key usage mask FINE: CryptoUtil: - key size: 2048 WARNING: Ignored jss.crypto.Policy violation: unsafe RSA key size of 2048. Policy.RSA_MINIMUM_KEY_SIZE dictates a minimum of 4096 FINE: NSSDatabase: Creating PKCS #10 request FINE: NSSDatabase: - subjecct: cn=ipa1.man-gb.eajglobal.net,o=2025-05-29 13:25:36 FINE: NSSDatabase: - algorithm: SHA256withRSA FINE: CryptoUtil: Creating PKCS #10 request FINE: CryptoUtil: - algorithm: SHA256withRSA java.security.InvalidKeyException: Token exception occurred: Unable to create signing context: (-8011) Unknown error at

org.mozilla.jss.provider.java.security.JSSSignatureSpi.engineInitSign(JSSSignatureSpi.java:60) at java.base/java.security.Signature$Delegate.engineInitSign(Signature.java:1370) at java.base/java.security.Signature.initSign(Signature.java:635) at com.netscape.cmsutil.crypto.CryptoUtil.createPKCS10Request(CryptoUtil.java:1124) at org.dogtagpki.nss.NSSDatabase.createPKCS10Request(NSSDatabase.java:1109) at com.netscape.cmstools.nss.NSSCertRequestCLI.execute(NSSCertRequestCLI.java:152) at org.dogtagpki.cli.CommandCLI.execute(CommandCLI.java:58) at org.dogtagpki.cli.CLI.execute(CLI.java:353) at org.dogtagpki.cli.CLI.execute(CLI.java:353) at org.dogtagpki.cli.CLI.execute(CLI.java:353) at com.netscape.cmstools.cli.MainCLI.execute(MainCLI.java:680) at com.netscape.cmstools.cli.MainCLI.main(MainCLI.java:719) Caused by: org.mozilla.jss.crypto.TokenException: Unable to create signing context: (-8011) Unknown error at org.mozilla.jss.pkcs11.PK11Signature.initSigContext(Native Method) at org.mozilla.jss.pkcs11.PK11Signature.engineInitSign(PK11Signature.java:133) at org.mozilla.jss.crypto.Signature.initSign(Signature.java:56) at

org.mozilla.jss.provider.java.security.JSSSignatureSpi.engineInitSign(JSSSignatureSpi.java:56) ... 11 more ERROR: CalledProcessError: Command '['runuser', '-u', 'pkiuser', '--', 'pki', '-d', '/var/lib/pki/pki-tomcat/conf/alias', '-f', '/var/lib/pki/pki-tomcat/conf/password.conf', 'nss-cert-request', '--subject', 'cn=ipa1.man-gb.eajglobal.net,o=2025-05-29 13:25:36', '--csr', '/tmp/tmpdvz_k8lc/sslserver.csr', '--key-type', 'RSA', '--key-size', '2048', '--hash', 'SHA256', '--debug']' returned non-zero exit status 255. File "/usr/lib/python3.9/site-packages/pki/server/pkispawn.py", line 594, in main deployer.spawn() File "/usr/lib/python3.9/site-packages/pki/server/deployment/__init__.py", line 5986, in spawn scriptlet.spawn(self) File

"/usr/lib/python3.9/site-packages/pki/server/deployment/scriptlets/configuration.py", line 114, in spawn deployer.create_temp_sslserver_cert() File "/usr/lib/python3.9/site-packages/pki/server/deployment/__init__.py", line 3403, in create_temp_sslserver_cert nssdb.create_request( File "/usr/lib/python3.9/site-packages/pki/nssdb.py", line 1009, in create_request self.__create_request( File "/usr/lib/python3.9/site-packages/pki/nssdb.py", line 1608, in __create_request self.run(cmd, check=True, runas=True) File "/usr/lib/python3.9/site-packages/pki/nssdb.py", line 332, in run result = subprocess.run( File "/usr/lib64/python3.9/subprocess.py", line 528, in run raise CalledProcessError(retcode, process.args,

2025-05-29T12:26:11Z CRITICAL Failed to configure CA instance 2025-05-29T12:26:11Z CRITICAL See the installation logs and the following files/directories for more information: 2025-05-29T12:26:11Z CRITICAL /var/log/pki/pki-tomcat

The only log file in /var/log/pki or it's sub directories that had any logs was pki-ca-spawn, the logs are as follows: 2025-05-29 13:25:36 INFO: Connecting to LDAP server at ldap://ipa1.man-gb.eajglobal.net:389 2025-05-29 13:25:36 INFO: Connecting to LDAP server at ldap://ipa1.man-gb.eajglobal.net:389 2025-05-29 13:25:36 INFO: BEGIN spawning CA subsystem in pki-tomcat instance 2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat 2025-05-29 13:25:36 INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf 2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf 2025-05-29 13:25:36 INFO: Loading external certs from /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: File does not exist: /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: Reusing pkiuser group (GID: 17) 2025-05-29 13:25:36 INFO: Reusing pkiuser user (UID: 17) 2025-05-29 13:25:36 DEBUG: Retrieving UID for 'pkiuser' 2025-05-29 13:25:36 DEBUG: UID of 'pkiuser' is 17 2025-05-29 13:25:36 DEBUG: Retrieving GID for 'pkiuser' 2025-05-29 13:25:36 DEBUG: GID of 'pkiuser' is 17 2025-05-29 13:25:36 INFO: Initialization 2025-05-29 13:25:36 INFO: Setting up infrastructure 2025-05-29 13:25:36 INFO: Preparing pki-tomcat instance 2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat 2025-05-29 13:25:36 INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf 2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf 2025-05-29 13:25:36 INFO: Loading external certs from /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: File does not exist: /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/bin to /usr/share/tomcat/bin 2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/tomcat/bin /var/lib/pki/pki-tomcat/bin 2025-05-29 13:25:36 INFO: Creating /etc/pki/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: mkdir /etc/pki/pki-tomcat 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf to /etc/pki/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: ln -s /etc/pki/pki-tomcat /var/lib/pki/pki-tomcat/conf 2025-05-29 13:25:36 INFO: Creating /var/log/pki/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/log/pki/pki-tomcat 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/logs to /var/log/pki/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: ln -s /var/log/pki/pki-tomcat /var/lib/pki/pki-tomcat/logs 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/lib to /usr/share/pki/server/lib 2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/pki/server/lib /var/lib/pki/pki-tomcat/lib 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/common 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/common 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/common/lib to /usr/share/pki/server/common/lib 2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/pki/server/common/lib /var/lib/pki/pki-tomcat/common/lib 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/temp 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/temp 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/work 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/work 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/certs 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/certs 2025-05-29 13:25:36 INFO: Copying /etc/tomcat/server.xml to /var/lib/pki/pki-tomcat/conf/server.xml 2025-05-29 13:25:36 DEBUG: Command: cp /etc/tomcat/server.xml /var/lib/pki/pki-tomcat/conf/server.xml 2025-05-29 13:25:36 INFO: Removing LockOutRealm 2025-05-29 13:25:36 INFO: Removing UserDatabase 2025-05-29 13:25:36 INFO: Updating AccessLogValve 2025-05-29 13:25:36 INFO: Configuring Tomcat admin port 2025-05-29 13:25:36 INFO: Removing AprLifecycleListener 2025-05-29 13:25:36 INFO: Adding PKIListener 2025-05-29 13:25:36 INFO: Configuring HTTP connector 2025-05-29 13:25:36 INFO: Adding HTTPS connector 2025-05-29 13:25:36 INFO: Adding SSL host configuration 2025-05-29 13:25:36 INFO: Adding SSL certificate configuration 2025-05-29 13:25:36 INFO: Adding RewriteValve 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/Catalina 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/Catalina 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/Catalina/localhost 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/Catalina/localhost 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf/Catalina/localhost/rewrite.config to /usr/share/pki/server/conf/Catalina/localhost/rewrite.config 2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/pki/server/conf/Catalina/localhost/rewrite.config /var/lib/pki/pki-tomcat/conf/Catalina/localhost/rewrite.config 2025-05-29 13:25:36 INFO: Adding AJP connector for IPv4 2025-05-29 13:25:36 INFO: Adding AJP connector for IPv6 2025-05-29 13:25:36 INFO: Updating AccessLogValve 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf/catalina.properties to /usr/share/pki/server/conf/catalina.properties 2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/pki/server/conf/catalina.properties /var/lib/pki/pki-tomcat/conf/catalina.properties 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf/context.xml to /etc/tomcat/context.xml 2025-05-29 13:25:36 DEBUG: Command: ln -s /etc/tomcat/context.xml /var/lib/pki/pki-tomcat/conf/context.xml 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf/logging.properties to /usr/share/pki/server/conf/logging.properties 2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/pki/server/conf/logging.properties /var/lib/pki/pki-tomcat/conf/logging.properties 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf/web.xml to /etc/tomcat/web.xml 2025-05-29 13:25:36 DEBUG: Command: ln -s /etc/tomcat/web.xml /var/lib/pki/pki-tomcat/conf/web.xml 2025-05-29 13:25:36 INFO: Using specified server NSS database password 2025-05-29 13:25:36 INFO: Using specified internal database password 2025-05-29 13:25:36 INFO: Generating random replication manager password 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/password.conf 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/alias 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/alias 2025-05-29 13:25:36 INFO: Creating NSS database: /var/lib/pki/pki-tomcat/conf/alias 2025-05-29 13:25:36 DEBUG: Command: certutil -N -d /var/lib/pki/pki-tomcat/conf/alias -f /tmp/tmp2c_5a4u2/internal_password.txt 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/alias to /var/lib/pki/pki-tomcat/conf/alias 2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/conf/alias /var/lib/pki/pki-tomcat/alias 2025-05-29 13:25:36 INFO: Creating /etc/sysconfig/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/sysconfig/pki-tomcat 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/tomcat.conf 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /var/lib/pki/pki-tomcat/conf/tomcat.conf 2025-05-29 13:25:36 INFO: Deploying ROOT web application 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/Catalina/localhost/ROOT.xml 2025-05-29 13:25:36 INFO: Deploying pki web application 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/Catalina/localhost/pki.xml 2025-05-29 13:25:36 INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: mkdir /etc/sysconfig/pki/tomcat/pki-tomcat 2025-05-29 13:25:36 INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/setup/pkidaemon_registry /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat 2025-05-29 13:25:36 INFO: Creating /etc/systemd/system/pki-tomcatd(a)pki-tomcat.service.d 2025-05-29 13:25:36 DEBUG: Command: mkdir /etc/systemd/system/pki-tomcatd(a)pki-tomcat.service.d 2025-05-29 13:25:36 DEBUG: Command: systemctl daemon-reload 2025-05-29 13:25:36 INFO: Linking /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd(a)pki-tomcat.service to /lib/systemd/system/pki-tomcatd@.service 2025-05-29 13:25:36 DEBUG: Command: ln -s /lib/systemd/system/pki-tomcatd@ .service

/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd(a)pki-tomcat.service 2025-05-29 13:25:36 INFO: Creating CA subsystem 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/ca 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/registry to /etc/sysconfig/pki/tomcat/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: ln -s /etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat/ca/registry 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/ca 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/ca 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/conf to /var/lib/pki/pki-tomcat/conf/ca 2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/conf/ca /var/lib/pki/pki-tomcat/ca/conf 2025-05-29 13:25:36 INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/conf/ca/CS.cfg 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/registry.cfg to /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/registry.cfg /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/logs/ca 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/logs/ca 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/logs to /var/lib/pki/pki-tomcat/logs/ca 2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/logs/ca /var/lib/pki/pki-tomcat/ca/logs 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/logs/ca/archive 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/logs/ca/archive 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/logs/ca/signedAudit 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/logs/ca/signedAudit 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/alias to /var/lib/pki/pki-tomcat/alias 2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/ca/alias 2025-05-29 13:25:36 INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca 2025-05-29 13:25:36 DEBUG: Command: mkdir /etc/sysconfig/pki/tomcat/pki-tomcat/ca 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/server/etc/default.cfg to /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/server/etc/default.cfg /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg 2025-05-29 13:25:36 INFO: Creating /tmp/tmpmh3m7z49/CS.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/CS.cfg /tmp/tmpmh3m7z49/CS.cfg 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/emails to /var/lib/pki/pki-tomcat/conf/ca/emails 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/ca/emails 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJob /var/lib/pki/pki-tomcat/conf/ca/emails/ExpiredUnpublishJob 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJobItem /var/lib/pki/pki-tomcat/conf/ca/emails/ExpiredUnpublishJobItem 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA /var/lib/pki/pki-tomcat/conf/ca/emails/certIssued_CA 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA.html /var/lib/pki/pki-tomcat/conf/ca/emails/certIssued_CA.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA /var/lib/pki/pki-tomcat/conf/ca/emails/certIssued_RA 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA.html /var/lib/pki/pki-tomcat/conf/ca/emails/certIssued_RA.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certRequestRejected.html /var/lib/pki/pki-tomcat/conf/ca/emails/certRequestRejected.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA /var/lib/pki/pki-tomcat/conf/ca/emails/certRevoked_CA 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA.html /var/lib/pki/pki-tomcat/conf/ca/emails/certRevoked_CA.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA /var/lib/pki/pki-tomcat/conf/ca/emails/certRevoked_RA 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA.html /var/lib/pki/pki-tomcat/conf/ca/emails/certRevoked_RA.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/euJob1.html /var/lib/pki/pki-tomcat/conf/ca/emails/euJob1.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/euJob1Item.html /var/lib/pki/pki-tomcat/conf/ca/emails/euJob1Item.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/publishCerts.html /var/lib/pki/pki-tomcat/conf/ca/emails/publishCerts.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/publishCertsItem.html /var/lib/pki/pki-tomcat/conf/ca/emails/publishCertsItem.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA /var/lib/pki/pki-tomcat/conf/ca/emails/reqInQueue_CA 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA.html /var/lib/pki/pki-tomcat/conf/ca/emails/reqInQueue_CA.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA /var/lib/pki/pki-tomcat/conf/ca/emails/reqInQueue_RA 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA.html /var/lib/pki/pki-tomcat/conf/ca/emails/reqInQueue_RA.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/riq1Item.html /var/lib/pki/pki-tomcat/conf/ca/emails/riq1Item.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/riq1Summary.html /var/lib/pki/pki-tomcat/conf/ca/emails/riq1Summary.html 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1.txt /var/lib/pki/pki-tomcat/conf/ca/emails/rnJob1.txt 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Item.txt /var/lib/pki/pki-tomcat/conf/ca/emails/rnJob1Item.txt 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Summary.txt /var/lib/pki/pki-tomcat/conf/ca/emails/rnJob1Summary.txt 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/emails to /var/lib/pki/pki-tomcat/conf/ca/emails 2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/conf/ca/emails /var/lib/pki/pki-tomcat/ca/emails 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/profiles to /var/lib/pki/pki-tomcat/conf/ca/profiles 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/ca/profiles 2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/ca/profiles/ca 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/DomainController.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/DomainController.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/ECAdminCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/ECAdminCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/acmeServerCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/acmeServerCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAdminCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caAdminCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentFileSigning.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caAgentFileSigning.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentServerCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caAgentServerCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAuditSigningCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caAuditSigningCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCACert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCACert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCECUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECserverCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCECserverCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECserverCertWithCRLDP.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCECserverCertWithCRLDP.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECsubsystemCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCECsubsystemCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCauditSigningCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCauditSigningCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCcaCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCcaIssuanceProtectionCert.cfg

/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCcaIssuanceProtectionCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraStorageCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCkraStorageCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraTransportCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCkraTransportCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCocspCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCocspCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCserverCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCserverCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCserverCertWithCRLDP.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCserverCertWithCRLDP.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCsubsystemCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCsubsystemCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCrossSignedCACert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCrossSignedCACert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirBasedDualCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDirBasedDualCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirPinUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDirPinUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDirUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserRenewal.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDirUserRenewal.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDualCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualRAuserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDualRAuserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAdminCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECAdminCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAgentServerCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECAgentServerCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirPinUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECDirPinUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECDirUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDualCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECDualCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECFullCMCUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECFullCMCUserSignedCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECInternalAuthServerCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg

/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECServerCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCertWithCRLDP.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECServerCertWithCRLDP.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECServerCertWithSCT.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECSimpleCMCUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSubsystemCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECSubsystemCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncECUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caEncECUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caEncUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caFullCMCSharedTokenCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caFullCMCUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caFullCMCUserSignedCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caIPAserviceCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInstallCACert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInstallCACert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg

/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg

/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthOCSPCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthOCSPCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthServerCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthSubsystemCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthSubsystemCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthTransportCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthTransportCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caJarSigningCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caJarSigningCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caManualRenewal.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caManualRenewal.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOCSPCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caOCSPCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOtherCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caOtherCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRACert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRACert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRARouterCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRARouterCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAagentCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRAagentCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAserverCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRAserverCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRouterCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRouterCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSSLClientSelfRenewal.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSSLClientSelfRenewal.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCertWithCRLDP.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerCertWithCRLDP.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerCertWithSCT.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_DirUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerKeygen_DirUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_UserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerKeygen_UserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSignedLogCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSignedLogCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningECUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSigningECUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSigningUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSimpleCMCUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caStorageCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caStorageCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSubsystemCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSubsystemCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTPSCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTPSCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg

/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg

/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg

/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenMSLoginEnrollment.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenMSLoginEnrollment.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg

/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg

/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg

/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg

/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg

/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg

/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTransportCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTransportCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUUIDdeviceCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caUUIDdeviceCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caUserCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserSMIMEcapCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caUserSMIMEcapCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/estServiceCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/estServiceCert.cfg 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/AdminCert.cfg /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/AdminCert.cfg 2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/profiles to /var/lib/pki/pki-tomcat/conf/ca/profiles 2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/conf/ca/profiles /var/lib/pki/pki-tomcat/ca/profiles 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/flatfile.txt to /var/lib/pki/pki-tomcat/conf/ca/flatfile.txt 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/flatfile.txt /var/lib/pki/pki-tomcat/conf/ca/flatfile.txt 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/rsaAdminCert.profile to /var/lib/pki/pki-tomcat/conf/ca/adminCert.profile 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/rsaAdminCert.profile /var/lib/pki/pki-tomcat/conf/ca/adminCert.profile 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/caAuditSigningCert.profile to /var/lib/pki/pki-tomcat/conf/ca/caAuditSigningCert.profile 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/caAuditSigningCert.profile /var/lib/pki/pki-tomcat/conf/ca/caAuditSigningCert.profile 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/caCert.profile to /var/lib/pki/pki-tomcat/conf/ca/caCert.profile 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/caCert.profile /var/lib/pki/pki-tomcat/conf/ca/caCert.profile 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/caOCSPCert.profile to /var/lib/pki/pki-tomcat/conf/ca/caOCSPCert.profile 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/caOCSPCert.profile /var/lib/pki/pki-tomcat/conf/ca/caOCSPCert.profile 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/rsaServerCert.profile to /var/lib/pki/pki-tomcat/conf/ca/serverCert.profile 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/rsaServerCert.profile /var/lib/pki/pki-tomcat/conf/ca/serverCert.profile 2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/rsaSubsystemCert.profile to /var/lib/pki/pki-tomcat/conf/ca/subsystemCert.profile 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/rsaSubsystemCert.profile /var/lib/pki/pki-tomcat/conf/ca/subsystemCert.profile 2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/ca/proxy.conf 2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/proxy.conf /var/lib/pki/pki-tomcat/conf/ca/proxy.conf 2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat 2025-05-29 13:25:36 INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf 2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf 2025-05-29 13:25:36 INFO: Loading instance Tomcat config: /var/lib/pki/pki-tomcat/conf/tomcat.conf 2025-05-29 13:25:36 INFO: Loading password config: /var/lib/pki/pki-tomcat/conf/password.conf 2025-05-29 13:25:36 INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/conf/ca/CS.cfg 2025-05-29 13:25:36 INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:25:36 INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat 2025-05-29 13:25:36 DEBUG: - user: pkiuser 2025-05-29 13:25:36 DEBUG: - group: pkiuser 2025-05-29 13:25:36 INFO: Loading external certs from /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: File does not exist: /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: Enabling HTTP proxy 2025-05-29 13:25:36 INFO: Setting proxy.securePort to 443 2025-05-29 13:25:36 INFO: Setting proxy.unsecurePort to 80 2025-05-29 13:25:36 INFO: Setting subsystem.1.class to com.netscape.cmscore.profile.LDAPProfileSubsystem 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(signing) 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(signing) 2025-05-29 13:25:36 INFO: Setting ca.signing.nickname to caSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.signing.tokenname to internal 2025-05-29 13:25:36 INFO: Setting ca.cert.signing.nickname to caSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.signing.defaultSigningAlgorithm to SHA256withRSA 2025-05-29 13:25:36 INFO: Setting ca.crl.MasterCRL.signingAlgorithm to SHA256withRSA 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(ocsp_signing) 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(ocsp_signing) 2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.nickname to ocspSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.tokenname to internal 2025-05-29 13:25:36 INFO: Setting ca.cert.ocsp_signing.nickname to ocspSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.defaultSigningAlgorithm to SHA256withRSA 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(sslserver) 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(sslserver) 2025-05-29 13:25:36 INFO: Setting ca.sslserver.nickname to Server-Cert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.sslserver.tokenname to internal 2025-05-29 13:25:36 INFO: Setting ca.cert.sslserver.nickname to Server-Cert cert-pki-ca 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(subsystem) 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(subsystem) 2025-05-29 13:25:36 INFO: Setting ca.subsystem.nickname to subsystemCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.subsystem.tokenname to internal 2025-05-29 13:25:36 INFO: Setting ca.cert.subsystem.nickname to subsystemCert cert-pki-ca 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(audit_signing) 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(audit_signing) 2025-05-29 13:25:36 INFO: Setting ca.audit_signing.nickname to auditSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.audit_signing.tokenname to internal 2025-05-29 13:25:36 INFO: Setting ca.cert.audit_signing.nickname to auditSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.signing.certnickname to caSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.signing.cacertnickname to caSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.certnickname to ocspSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.cacertnickname to ocspSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting log.instance.SignedAudit.signedAuditCertNickname to auditSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Injecting SAN: False 2025-05-29 13:25:36 INFO: SSL server cert SAN: 2025-05-29 13:25:36 INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/conf/ca/CS.cfg 2025-05-29 13:25:36 INFO: Storing registry config: /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:25:36 DEBUG: Command: mkdir /root/.dogtag 2025-05-29 13:25:36 DEBUG: Command: mkdir /root/.dogtag/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: mkdir /root/.dogtag/pki-tomcat/ca 2025-05-29 13:25:36 INFO: Creating password file: /root/.dogtag/pki-tomcat/ca/password.conf 2025-05-29 13:25:36 INFO: Storing PKCS #12 password in /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf 2025-05-29 13:25:36 DEBUG: Command: mkdir /root/.dogtag/pki-tomcat/ca/alias 2025-05-29 13:25:36 DEBUG: Command: certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf 2025-05-29 13:25:36 INFO: Creating SELinux contexts 2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/restorecon -R -v /var/lib/pki/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/restorecon -R -v /var/log/pki 2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/restorecon -R -v /var/log/pki/pki-tomcat 2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/restorecon -R -v /etc/pki/pki-tomcat 2025-05-29 13:25:36 INFO: Generating system keys 2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat 2025-05-29 13:25:36 INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf 2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf 2025-05-29 13:25:36 INFO: Loading instance Tomcat config: /var/lib/pki/pki-tomcat/conf/tomcat.conf 2025-05-29 13:25:36 INFO: Loading password config: /var/lib/pki/pki-tomcat/conf/password.conf 2025-05-29 13:25:36 INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/conf/ca/CS.cfg 2025-05-29 13:25:36 INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:25:36 INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat 2025-05-29 13:25:36 DEBUG: - user: pkiuser 2025-05-29 13:25:36 DEBUG: - group: pkiuser 2025-05-29 13:25:36 INFO: Loading external certs from /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: File does not exist: /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: Fapolicy folder not found. Rule configuration skipped 2025-05-29 13:25:36 INFO: Configuring subsystem 2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat 2025-05-29 13:25:36 INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf 2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf 2025-05-29 13:25:36 INFO: Loading instance Tomcat config: /var/lib/pki/pki-tomcat/conf/tomcat.conf 2025-05-29 13:25:36 INFO: Loading password config: /var/lib/pki/pki-tomcat/conf/password.conf 2025-05-29 13:25:36 INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/conf/ca/CS.cfg 2025-05-29 13:25:36 INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:25:36 INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat 2025-05-29 13:25:36 DEBUG: - user: pkiuser 2025-05-29 13:25:36 DEBUG: - group: pkiuser 2025-05-29 13:25:36 INFO: Loading external certs from /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: File does not exist: /var/lib/pki/pki-tomcat/conf/external_certs.conf 2025-05-29 13:25:36 INFO: Setting internaldb.ldapconn.secureConn to false 2025-05-29 13:25:36 INFO: Setting internaldb.ldapconn.host to ipa1.man-gb.eajglobal.net 2025-05-29 13:25:36 INFO: Setting internaldb.ldapconn.port to 389 2025-05-29 13:25:36 INFO: Setting internaldb.ldapauth.bindDN to cn=Directory Manager 2025-05-29 13:25:36 INFO: Setting internaldb.basedn to o=ipaca 2025-05-29 13:25:36 INFO: Setting internaldb.database to ipaca 2025-05-29 13:25:36 INFO: Setting dbs.request.id.generator to legacy 2025-05-29 13:25:36 INFO: Setting dbs.beginRequestNumber to 1 2025-05-29 13:25:36 INFO: Setting dbs.endRequestNumber to 10000000 2025-05-29 13:25:36 INFO: Setting dbs.requestIncrement to 10000000 2025-05-29 13:25:36 INFO: Setting dbs.requestLowWaterMark to 2000000 2025-05-29 13:25:36 INFO: Setting dbs.requestCloneTransferNumber to 10000 2025-05-29 13:25:36 INFO: Setting dbs.beginRequestNumber to 1 2025-05-29 13:25:36 INFO: Setting dbs.endRequestNumber to 10000000 2025-05-29 13:25:36 INFO: Setting dbs.requestRangeDN to ou=requests,ou=ranges 2025-05-29 13:25:36 INFO: Setting dbs.cert.id.generator to legacy 2025-05-29 13:25:36 INFO: Setting dbs.beginSerialNumber to 1 2025-05-29 13:25:36 INFO: Setting dbs.endSerialNumber to 10000000 2025-05-29 13:25:36 INFO: Setting dbs.serialIncrement to 10000000 2025-05-29 13:25:36 INFO: Setting dbs.serialLowWaterMark to 2000000 2025-05-29 13:25:36 INFO: Setting dbs.serialCloneTransferNumber to 10000 2025-05-29 13:25:36 INFO: Setting dbs.randomSerialNumberCounter to 0 2025-05-29 13:25:36 INFO: Setting dbs.beginSerialNumber to 1 2025-05-29 13:25:36 INFO: Setting dbs.endSerialNumber to 10000000 2025-05-29 13:25:36 INFO: Setting dbs.serialRangeDN to ou=certificateRepository,ou=ranges 2025-05-29 13:25:36 INFO: Setting dbs.beginReplicaNumber to 1 2025-05-29 13:25:36 INFO: Setting dbs.endReplicaNumber to 100 2025-05-29 13:25:36 INFO: Setting ca.defaultOcspUri to http://ipa-ca.eajglobal.uk/ca/ocsp 2025-05-29 http://ipa-ca.eajglobal.uk/ca/ocsp2025-05-29 13:25:36 INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/conf/ca/CS.cfg 2025-05-29 13:25:36 INFO: Storing registry config: /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:25:36 DEBUG: PKIDeployer.import_system_certs() 2025-05-29 13:25:36 DEBUG: import_system_cert 2025-05-29 13:25:36 DEBUG: import_system_cert 2025-05-29 13:25:36 DEBUG: import_system_cert 2025-05-29 13:25:36 DEBUG: import_system_cert 2025-05-29 13:25:36 DEBUG: import_system_cert 2025-05-29 13:25:36 INFO: Checking existing cert chain: caSigningCert External CA 2025-05-29 13:25:36 DEBUG: NSSDatabase.get_cert(caSigningCert External CA) begins 2025-05-29 13:25:36 DEBUG: Command: certutil -L -d /var/lib/pki/pki-tomcat/conf/alias -f /tmp/tmpvynqogd4/password.txt -n caSigningCert External CA -a 2025-05-29 13:25:36 DEBUG: stdout: -1 2025-05-29 13:25:36 DEBUG: NSSDatabase: stderr: certutil: Could not find cert: caSigningCert External CA : PR_FILE_NOT_FOUND_ERROR: File not found

2025-05-29 13:25:36 DEBUG: Cert not found: caSigningCert External CA 2025-05-29 13:25:36 INFO: Updating system certs 2025-05-29 13:25:36 INFO: Setting ca.signing.cacertnickname to caSigningCert cert-pki-ca 2025-05-29 13:25:36 INFO: Setting ca.signing.defaultSigningAlgorithm to SHA256withRSA 2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.defaultSigningAlgorithm to SHA256withRSA 2025-05-29 13:25:36 INFO: Setting ca.audit_signing.defaultSigningAlgorithm to SHA256withRSA 2025-05-29 13:25:36 INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/conf/ca/CS.cfg 2025-05-29 13:25:36 INFO: Storing registry config: /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(sslserver) 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(sslserver) 2025-05-29 13:25:36 DEBUG: PKISubsystem.get_nssdb_cert_info(sslserver) 2025-05-29 13:25:36 DEBUG: NSSDatabase.get_cert_info(Server-Cert cert-pki-ca) begins 2025-05-29 13:25:36 DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) begins 2025-05-29 13:25:36 DEBUG: Command: certutil -L -d /var/lib/pki/pki-tomcat/conf/alias -f /tmp/tmpngg9k4eu/password.txt -n Server-Cert cert-pki-ca -a 2025-05-29 13:25:36 DEBUG: stdout: -1 2025-05-29 13:25:36 DEBUG: NSSDatabase: stderr: certutil: Could not find cert: Server-Cert cert-pki-ca : PR_FILE_NOT_FOUND_ERROR: File not found

2025-05-29 13:25:36 DEBUG: Cert not found: Server-Cert cert-pki-ca 2025-05-29 13:25:36 INFO: Updating /var/lib/pki/pki-tomcat/conf/serverCertNick.conf 2025-05-29 13:25:36 INFO: Updating serverCertNickFile in server.xml 2025-05-29 13:25:36 INFO: Creating new security domain 2025-05-29 13:25:36 INFO: Setting securitydomain.host to ipa1.man-gb.eajglobal.net 2025-05-29 13:25:36 INFO: Setting securitydomain.httpport to 8080 2025-05-29 13:25:36 INFO: Setting securitydomain.httpsadminport to 8443 2025-05-29 13:25:36 INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/conf/ca/CS.cfg 2025-05-29 13:25:36 INFO: Storing registry config: /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:25:36 INFO: Removing existing database 2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-17-openjdk/bin/java -classpath

/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*

-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp

-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-remove --force --debug 2025-05-29 13:25:38 INFO: Creating database 2025-05-29 13:25:38 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-17-openjdk/bin/java -classpath

/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*

-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp

-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-create --debug 2025-05-29 13:25:40 INFO: Initializing database 2025-05-29 13:25:40 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-17-openjdk/bin/java -classpath

/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*

-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp

-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-init --debug 2025-05-29 13:26:00 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-17-openjdk/bin/java -classpath

/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*

-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp

-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-access-grant --debug uid=pkidbuser,ou=people,o=ipaca 2025-05-29 13:26:01 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-17-openjdk/bin/java -classpath

/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*

-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp

-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-index-add --debug 2025-05-29 13:26:03 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-17-openjdk/bin/java -classpath

/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*

-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp

-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-vlv-add --debug 2025-05-29 13:26:05 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-17-openjdk/bin/java -classpath

/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*

-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp

-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-vlv-reindex --debug 2025-05-29 13:26:07 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-17-openjdk/bin/java -classpath

/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*

-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp

-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-profile-import --input-folder /usr/share/pki/ca/profiles/ca --debug 2025-05-29 13:26:09 INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/conf/ca/CS.cfg 2025-05-29 13:26:09 INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/conf/ca/registry.cfg 2025-05-29 13:26:09 INFO: Request ID generator: legacy 2025-05-29 13:26:09 INFO: Enabling CA subsystem 2025-05-29 13:26:09 INFO: Deploying ca web application 2025-05-29 13:26:09 INFO: Creating /var/lib/pki/pki-tomcat/conf/Catalina/localhost/ca.xml 2025-05-29 13:26:09 INFO: Creating temporary SSL server cert 2025-05-29 13:26:09 INFO: Updating /var/lib/pki/pki-tomcat/conf/serverCertNick.conf 2025-05-29 13:26:09 INFO: Updating serverCertNickFile in server.xml 2025-05-29 13:26:09 INFO: Checking existing temp SSL server cert: temp Server-Cert cert-pki-ca 2025-05-29 13:26:09 DEBUG: NSSDatabase.get_cert(temp Server-Cert cert-pki-ca) begins 2025-05-29 13:26:09 DEBUG: Command: certutil -L -d /var/lib/pki/pki-tomcat/conf/alias -f /tmp/tmp9l_1_dt_/password.txt -n temp Server-Cert cert-pki-ca -a 2025-05-29 13:26:09 DEBUG: stdout: -1 2025-05-29 13:26:09 DEBUG: NSSDatabase: stderr: certutil: Could not find cert: temp Server-Cert cert-pki-ca : PR_FILE_NOT_FOUND_ERROR: File not found

2025-05-29 13:26:09 DEBUG: Cert not found: temp Server-Cert cert-pki-ca 2025-05-29 13:26:09 INFO: Creating new temp SSL server cert for ipa1.man-gb.eajglobal.net 2025-05-29 13:26:09 DEBUG: Command: pki -d /var/lib/pki/pki-tomcat/conf/alias -f /var/lib/pki/pki-tomcat/conf/password.conf nss-cert-request --subject cn=ipa1.man-gb.eajglobal.net,o=2025-05-29 13:25:36 --csr /tmp/tmpdvz_k8lc/sslserver.csr --key-type RSA --key-size 2048 --hash SHA256 --debug

Restoring a snapshot prior to freeipa-server-install and setting update-crypto-policies

--set DEFAULT and rebooting allows the install to run without issue.

---

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue