Attachment 1451884 Details for Bug 1591703 – The IPA installation log.

The IPA installation log.

ipaserver-install.log (text/plain), 980.34 KB, created by Lukas Ruzicka on 2018-06-15 10:23:52 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Lukas Ruzicka

Created: 2018-06-15 10:23:52 UTC

Size: 980.34 KB

patch

obsolete

>2018-06-14T14:02:35Z DEBUG Logging to /var/log/ipaserver-install.log
>2018-06-14T14:02:35Z DEBUG ipa-server-install was invoked with arguments [] and options: {'unattended': False, 'ip_addresses': None, 'domain_name': None, 'realm_name': None, 'host_name': None, 'ca_cert_files': None, 'domain_level': None, 'setup_adtrust': False, 'setup_kra': False, 'setup_dns': False, 'idstart': None, 'idmax': None, 'no_hbac_allow': False, 'no_pkinit': False, 'no_ui_redirect': False, 'dirsrv_config_file': None, 'dirsrv_cert_files': None, 'http_cert_files': None, 'pkinit_cert_files': None, 'dirsrv_cert_name': None, 'http_cert_name': None, 'pkinit_cert_name': None, 'mkhomedir': False, 'ntp_servers': None, 'ntp_pool': None, 'no_ntp': False, 'force_ntpd': False, 'ssh_trust_dns': False, 'no_ssh': False, 'no_sshd': False, 'no_dns_sshfp': False, 'external_ca': False, 'external_ca_type': None, 'external_ca_profile': None, 'external_cert_files': None, 'subject_base': None, 'ca_subject': None, 'ca_signing_algorithm': None, 'allow_zone_overlap': False, 'reverse_zones': None, 'no_reverse': False, 'auto_reverse': False, 'zonemgr': None, 'forwarders': None, 'no_forwarders': False, 'auto_forwarders': False, 'forward_policy': None, 'no_dnssec_validation': False, 'no_host_dns': False, 'enable_compat': False, 'netbios_name': None, 'no_msdcs': False, 'rid_base': None, 'secondary_rid_base': None, 'ignore_topology_disconnect': False, 'ignore_last_of_role': False, 'verbose': False, 'quiet': False, 'log_file': None, 'uninstall': False}
>2018-06-14T14:02:35Z DEBUG IPA version 4.6.90.pre2-3.fc28
>2018-06-14T14:02:35Z DEBUG Searching for an interface of IP address: ::1
>2018-06-14T14:02:35Z DEBUG Testing local IP address: ::1/128 (interface: lo)
>2018-06-14T14:02:35Z DEBUG Starting external process
>2018-06-14T14:02:35Z DEBUG args=['/usr/sbin/selinuxenabled']
>2018-06-14T14:02:35Z DEBUG Process finished, return code=0
>2018-06-14T14:02:35Z DEBUG stdout=
>2018-06-14T14:02:35Z DEBUG stderr=
>2018-06-14T14:02:35Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:02:35Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:02:35Z DEBUG httpd is not configured
>2018-06-14T14:02:35Z DEBUG kadmin is not configured
>2018-06-14T14:02:35Z DEBUG dirsrv is not configured
>2018-06-14T14:02:35Z DEBUG pki-tomcatd is not configured
>2018-06-14T14:02:35Z DEBUG install is not configured
>2018-06-14T14:02:35Z DEBUG krb5kdc is not configured
>2018-06-14T14:02:35Z DEBUG named is not configured
>2018-06-14T14:02:35Z DEBUG filestore is tracking no files
>2018-06-14T14:02:35Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
>2018-06-14T14:02:35Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:02:35Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:02:35Z DEBUG Starting external process
>2018-06-14T14:02:35Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ntpd.service']
>2018-06-14T14:02:35Z DEBUG Process finished, return code=1
>2018-06-14T14:02:35Z DEBUG stdout=
>2018-06-14T14:02:35Z DEBUG stderr=Failed to get unit file state for ntpd.service: No such file or directory
>
>2018-06-14T14:02:35Z DEBUG Starting external process
>2018-06-14T14:02:35Z DEBUG args=['/bin/systemctl', 'is-active', 'ntpd.service']
>2018-06-14T14:02:35Z DEBUG Process finished, return code=3
>2018-06-14T14:02:35Z DEBUG stdout=inactive
>
>2018-06-14T14:02:35Z DEBUG stderr=
>2018-06-14T14:02:37Z DEBUG Check if ipa.example.com is a primary hostname for localhost
>2018-06-14T14:02:37Z DEBUG Primary hostname for localhost: ipa.example.com
>2018-06-14T14:02:37Z DEBUG Search DNS for ipa.example.com
>2018-06-14T14:02:37Z DEBUG Check if ipa.example.com is not a CNAME
>2018-06-14T14:02:37Z DEBUG Check reverse address of 192.168.122.201
>2018-06-14T14:02:37Z DEBUG Found reverse name: ipa.example.com
>2018-06-14T14:02:37Z DEBUG will use host_name: ipa.example.com
>
>2018-06-14T14:02:38Z DEBUG read domain_name: example.com
>
>2018-06-14T14:02:38Z DEBUG read realm_name: EXAMPLE.COM
>
>2018-06-14T14:02:50Z DEBUG Writing configuration file /etc/ipa/default.conf
>2018-06-14T14:02:50Z DEBUG [global]
>host = ipa.example.com
>basedn = dc=example,dc=com
>realm = EXAMPLE.COM
>domain = example.com
>xmlrpc_uri = https://ipa.example.com/ipa/xml
>ldap_uri = ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket
>
>mode = production
>enable_ra = True
>ra_plugin = dogtag
>dogtag_version = 10
>
>
>
>2018-06-14T14:02:50Z DEBUG importing all plugin modules in ipaserver.plugins...
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.aci
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.automember
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.automount
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.baseldap
>2018-06-14T14:02:50Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.baseuser
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.batch
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.ca
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.caacl
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.cert
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.certmap
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.certprofile
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.config
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.delegation
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.dns
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.dnsserver
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.dogtag
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.domainlevel
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.group
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.hbac
>2018-06-14T14:02:50Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.hbacrule
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.hbactest
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.host
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.hostgroup
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.idrange
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.idviews
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.internal
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.join
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.ldap2
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.location
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.migration
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.misc
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.netgroup
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.otp
>2018-06-14T14:02:50Z DEBUG ipaserver.plugins.otp is not a valid plugin module
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.otpconfig
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.otptoken
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.passwd
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.permission
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.ping
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.pkinit
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.privilege
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.rabase
>2018-06-14T14:02:50Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.realmdomains
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.role
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.schema
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.selfservice
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.server
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.serverrole
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.serverroles
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.service
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.session
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.stageuser
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.sudo
>2018-06-14T14:02:50Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.sudocmd
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.sudorule
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.topology
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.trust
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.user
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.vault
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.virtual
>2018-06-14T14:02:50Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.whoami
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.plugins.xmlserver
>2018-06-14T14:02:50Z DEBUG importing all plugin modules in ipaserver.install.plugins...
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.install.plugins.dns
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.install.plugins.update_services
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
>2018-06-14T14:02:50Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
>2018-06-14T14:02:51Z DEBUG check_port_bindable: Checking IPv4/IPv6 dual stack and TCP
>2018-06-14T14:02:51Z DEBUG check_port_bindable: bind success: 8443/TCP
>2018-06-14T14:02:51Z DEBUG check_port_bindable: Checking IPv4/IPv6 dual stack and TCP
>2018-06-14T14:02:51Z DEBUG check_port_bindable: bind success: 8080/TCP
>2018-06-14T14:02:51Z DEBUG Name ipa.example.com resolved to {UnsafeIPAddress('192.168.122.201')}
>2018-06-14T14:02:51Z DEBUG Searching for an interface of IP address: 192.168.122.201
>2018-06-14T14:02:51Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo)
>2018-06-14T14:02:51Z DEBUG Testing local IP address: 192.168.122.201/255.255.255.0 (interface: ens3)
>2018-06-14T14:02:55Z DEBUG Starting external process
>2018-06-14T14:02:55Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ntpd.service']
>2018-06-14T14:02:55Z DEBUG Process finished, return code=1
>2018-06-14T14:02:55Z DEBUG stdout=
>2018-06-14T14:02:55Z DEBUG stderr=Failed to get unit file state for ntpd.service: No such file or directory
>
>2018-06-14T14:02:55Z DEBUG Starting external process
>2018-06-14T14:02:55Z DEBUG args=['/bin/systemctl', 'is-active', 'ntpd.service']
>2018-06-14T14:02:55Z DEBUG Process finished, return code=3
>2018-06-14T14:02:55Z DEBUG stdout=inactive
>
>2018-06-14T14:02:55Z DEBUG stderr=
>2018-06-14T14:02:55Z INFO Synchronizing time
>2018-06-14T14:02:55Z DEBUG Search DNS for SRV record of _ntp._udp.None
>2018-06-14T14:02:55Z DEBUG DNS record not found: NXDOMAIN
>2018-06-14T14:02:55Z WARNING No SRV records of NTP servers found and no NTP server or pool address was provided.
>2018-06-14T14:02:55Z DEBUG Starting external process
>2018-06-14T14:02:55Z DEBUG args=['/bin/systemctl', 'enable', 'chronyd.service']
>2018-06-14T14:02:55Z DEBUG Process finished, return code=0
>2018-06-14T14:02:55Z DEBUG stdout=
>2018-06-14T14:02:55Z DEBUG stderr=
>2018-06-14T14:02:55Z DEBUG Starting external process
>2018-06-14T14:02:55Z DEBUG args=['/bin/systemctl', 'restart', 'chronyd.service']
>2018-06-14T14:02:55Z DEBUG Process finished, return code=0
>2018-06-14T14:02:55Z DEBUG stdout=
>2018-06-14T14:02:55Z DEBUG stderr=
>2018-06-14T14:02:55Z DEBUG Starting external process
>2018-06-14T14:02:55Z DEBUG args=['/bin/systemctl', 'is-active', 'chronyd.service']
>2018-06-14T14:02:55Z DEBUG Process finished, return code=0
>2018-06-14T14:02:55Z DEBUG stdout=active
>
>2018-06-14T14:02:55Z DEBUG stderr=
>2018-06-14T14:02:55Z DEBUG Restart of chronyd.service complete
>2018-06-14T14:02:55Z INFO Attempting to sync time with chronyc.
>2018-06-14T14:02:55Z DEBUG Starting external process
>2018-06-14T14:02:55Z DEBUG args=['/usr/bin/chronyc', 'waitsync', '3', '-d']
>2018-06-14T14:03:05Z DEBUG Process finished, return code=0
>2018-06-14T14:03:05Z DEBUG stdout=try: 1, refid: 00000000, correction: 0.000000000, skew: 0.000
>try: 2, refid: 5EED4014, correction: 0.000167069, skew: 0.271
>
>2018-06-14T14:03:05Z DEBUG stderr=
>2018-06-14T14:03:05Z INFO Time synchronization was successful.
>2018-06-14T14:03:05Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:05Z DEBUG Configuring directory server (dirsrv). Estimated time: 30 seconds
>2018-06-14T14:03:05Z DEBUG   [1/44]: creating directory server instance
>2018-06-14T14:03:05Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:05Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:05Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv'
>2018-06-14T14:03:05Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:03:05Z DEBUG 
>dn: dc=example,dc=com
>objectClass: top
>objectClass: domain
>objectClass: pilotObject
>dc: example
>info: IPA V2.0
>
>2018-06-14T14:03:05Z DEBUG writing inf template
>2018-06-14T14:03:05Z DEBUG 
>[General]
>FullMachineName=   ipa.example.com
>SuiteSpotUserID=   dirsrv
>SuiteSpotGroup=    dirsrv
>ServerRoot=    /usr/lib64/dirsrv
>[slapd]
>ServerPort=   389
>ServerIdentifier=   EXAMPLE-COM
>Suffix=   dc=example,dc=com
>RootDN=   cn=Directory Manager
>InstallLdifFile= /var/lib/dirsrv/boot.ldif
>inst_dir=   /var/lib/dirsrv/scripts-EXAMPLE-COM
>
>2018-06-14T14:03:05Z DEBUG calling setup-ds.pl
>2018-06-14T14:03:05Z DEBUG Starting external process
>2018-06-14T14:03:05Z DEBUG args=['/usr/sbin/setup-ds.pl', '--silent', '--logfile', '-', '-f', '/tmp/tmpap5u_djs']
>2018-06-14T14:03:08Z DEBUG Process finished, return code=0
>2018-06-14T14:03:08Z DEBUG stdout=[18/06/14:16:03:08] - [Setup] Info Your new DS instance 'EXAMPLE-COM' was successfully created.
>Your new DS instance 'EXAMPLE-COM' was successfully created.
>[18/06/14:16:03:08] - [Setup] Success Exiting . . .
>Log file is '-'
>
>Exiting . . .
>Log file is '-'
>
>
>2018-06-14T14:03:08Z DEBUG stderr=
>2018-06-14T14:03:08Z DEBUG completed creating DS instance
>2018-06-14T14:03:08Z DEBUG step duration: dirsrv __create_instance 3.53 sec
>2018-06-14T14:03:08Z DEBUG   [2/44]: enabling ldapi
>2018-06-14T14:03:08Z DEBUG Starting external process
>2018-06-14T14:03:08Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp175sg_9e', '-H', 'ldap://localhost', '-x', '-D', 'cn=Directory Manager', '-y', '/tmp/tmp08498l2q']
>2018-06-14T14:03:09Z DEBUG Process finished, return code=0
>2018-06-14T14:03:09Z DEBUG stdout=replace nsslapd-ldapilisten:
>	on
>modifying entry "cn=config"
>modify complete
>
>
>2018-06-14T14:03:09Z DEBUG stderr=ldap_initialize( ldap://localhost:389/??base )
>
>2018-06-14T14:03:09Z DEBUG step duration: dirsrv __enable_ldapi 0.18 sec
>2018-06-14T14:03:09Z DEBUG   [3/44]: configure autobind for root
>2018-06-14T14:03:09Z DEBUG Starting external process
>2018-06-14T14:03:09Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/root-autobind.ldif', '-H', 'ldap://localhost', '-x', '-D', 'cn=Directory Manager', '-y', '/tmp/tmprbpuyr5y']
>2018-06-14T14:03:09Z DEBUG Process finished, return code=0
>2018-06-14T14:03:09Z DEBUG stdout=add objectClass:
>	extensibleObject
>	top
>add cn:
>	root-autobind
>add uidNumber:
>	0
>add gidNumber:
>	0
>adding new entry "cn=root-autobind,cn=config"
>modify complete
>
>replace nsslapd-ldapiautobind:
>	on
>modifying entry "cn=config"
>modify complete
>
>replace nsslapd-ldapimaptoentries:
>	on
>modifying entry "cn=config"
>modify complete
>
>
>2018-06-14T14:03:09Z DEBUG stderr=ldap_initialize( ldap://localhost:389/??base )
>
>2018-06-14T14:03:09Z DEBUG step duration: dirsrv __root_autobind 0.13 sec
>2018-06-14T14:03:09Z DEBUG   [4/44]: stopping directory server
>2018-06-14T14:03:09Z DEBUG Starting external process
>2018-06-14T14:03:09Z DEBUG args=['/bin/systemctl', 'stop', 'dirsrv@EXAMPLE-COM.service']
>2018-06-14T14:03:11Z DEBUG Process finished, return code=0
>2018-06-14T14:03:11Z DEBUG stdout=
>2018-06-14T14:03:11Z DEBUG stderr=
>2018-06-14T14:03:11Z DEBUG Stop of dirsrv@EXAMPLE-COM.service complete
>2018-06-14T14:03:11Z DEBUG step duration: dirsrv __stop_instance 2.19 sec
>2018-06-14T14:03:11Z DEBUG   [5/44]: updating configuration in dse.ldif
>2018-06-14T14:03:11Z DEBUG Starting external process
>2018-06-14T14:03:11Z DEBUG args=['/usr/sbin/selinuxenabled']
>2018-06-14T14:03:11Z DEBUG Process finished, return code=0
>2018-06-14T14:03:11Z DEBUG stdout=
>2018-06-14T14:03:11Z DEBUG stderr=
>2018-06-14T14:03:11Z DEBUG Starting external process
>2018-06-14T14:03:11Z DEBUG args=['/sbin/restorecon', '/etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif']
>2018-06-14T14:03:11Z DEBUG Process finished, return code=0
>2018-06-14T14:03:11Z DEBUG stdout=
>2018-06-14T14:03:11Z DEBUG stderr=
>2018-06-14T14:03:11Z DEBUG step duration: dirsrv __update_dse_ldif 0.04 sec
>2018-06-14T14:03:11Z DEBUG   [6/44]: starting directory server
>2018-06-14T14:03:11Z DEBUG Starting external process
>2018-06-14T14:03:11Z DEBUG args=['/bin/systemctl', 'start', 'dirsrv@EXAMPLE-COM.service']
>2018-06-14T14:03:12Z DEBUG Process finished, return code=0
>2018-06-14T14:03:12Z DEBUG stdout=
>2018-06-14T14:03:12Z DEBUG stderr=
>2018-06-14T14:03:12Z DEBUG Starting external process
>2018-06-14T14:03:12Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@EXAMPLE-COM.service']
>2018-06-14T14:03:12Z DEBUG Process finished, return code=0
>2018-06-14T14:03:12Z DEBUG stdout=active
>
>2018-06-14T14:03:12Z DEBUG stderr=
>2018-06-14T14:03:12Z DEBUG wait_for_open_ports: localhost [389] timeout 300
>2018-06-14T14:03:12Z DEBUG waiting for port: 389
>2018-06-14T14:03:12Z DEBUG SUCCESS: port: 389
>2018-06-14T14:03:12Z DEBUG Start of dirsrv@EXAMPLE-COM.service complete
>2018-06-14T14:03:12Z DEBUG Created connection context.ldap2_139915100616072
>2018-06-14T14:03:12Z DEBUG step duration: dirsrv __start_instance 1.22 sec
>2018-06-14T14:03:12Z DEBUG   [7/44]: adding default schema
>2018-06-14T14:03:12Z DEBUG step duration: dirsrv __add_default_schemas 0.00 sec
>2018-06-14T14:03:12Z DEBUG   [8/44]: enabling memberof plugin
>2018-06-14T14:03:12Z DEBUG Starting external process
>2018-06-14T14:03:12Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/memberof-conf.ldif', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:12Z DEBUG Process finished, return code=0
>2018-06-14T14:03:12Z DEBUG stdout=replace nsslapd-pluginenabled:
>	on
>add memberofgroupattr:
>	memberUser
>add memberofgroupattr:
>	memberHost
>modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:12Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:12Z DEBUG step duration: dirsrv __add_memberof_module 0.03 sec
>2018-06-14T14:03:12Z DEBUG   [9/44]: enabling winsync plugin
>2018-06-14T14:03:12Z DEBUG Starting external process
>2018-06-14T14:03:12Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/ipa-winsync-conf.ldif', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:12Z DEBUG Process finished, return code=0
>2018-06-14T14:03:12Z DEBUG stdout=add objectclass:
>	top
>	nsSlapdPlugin
>	extensibleObject
>add cn:
>	ipa-winsync
>add nsslapd-pluginpath:
>	libipa_winsync
>add nsslapd-plugininitfunc:
>	ipa_winsync_plugin_init
>add nsslapd-pluginDescription:
>	Allows IPA to work with the DS windows sync feature
>add nsslapd-pluginid:
>	ipa-winsync
>add nsslapd-pluginversion:
>	1.0
>add nsslapd-pluginvendor:
>	Red Hat
>add nsslapd-plugintype:
>	preoperation
>add nsslapd-pluginenabled:
>	on
>add nsslapd-plugin-depends-on-type:
>	database
>add ipaWinSyncRealmFilter:
>	(objectclass=krbRealmContainer)
>add ipaWinSyncRealmAttr:
>	cn
>add ipaWinSyncNewEntryFilter:
>	(cn=ipaConfig)
>add ipaWinSyncNewUserOCAttr:
>	ipauserobjectclasses
>add ipaWinSyncUserFlatten:
>	true
>add ipaWinsyncHomeDirAttr:
>	ipaHomesRootDir
>add ipaWinsyncLoginShellAttr:
>	ipaDefaultLoginShell
>add ipaWinSyncDefaultGroupAttr:
>	ipaDefaultPrimaryGroup
>add ipaWinSyncDefaultGroupFilter:
>	(gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames)
>add ipaWinSyncAcctDisable:
>	both
>add ipaWinSyncForceSync:
>	true
>add ipaWinSyncUserAttr:
>	uidNumber -1
>	gidNumber -1
>adding new entry "cn=ipa-winsync,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:12Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:12Z DEBUG step duration: dirsrv __add_winsync_module 0.03 sec
>2018-06-14T14:03:12Z DEBUG   [10/44]: configuring replication version plugin
>2018-06-14T14:03:12Z DEBUG Starting external process
>2018-06-14T14:03:12Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/version-conf.ldif', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:12Z DEBUG Process finished, return code=0
>2018-06-14T14:03:12Z DEBUG stdout=add objectclass:
>	top
>	nsSlapdPlugin
>	extensibleObject
>add cn:
>	IPA Version Replication
>add nsslapd-pluginpath:
>	libipa_repl_version
>add nsslapd-plugininitfunc:
>	repl_version_plugin_init
>add nsslapd-plugintype:
>	preoperation
>add nsslapd-pluginenabled:
>	off
>add nsslapd-pluginid:
>	ipa_repl_version
>add nsslapd-pluginversion:
>	1.0
>add nsslapd-pluginvendor:
>	Red Hat, Inc.
>add nsslapd-plugindescription:
>	IPA Replication version plugin
>add nsslapd-plugin-depends-on-type:
>	database
>add nsslapd-plugin-depends-on-named:
>	Multimaster Replication Plugin
>adding new entry "cn=IPA Version Replication,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:12Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:12Z DEBUG step duration: dirsrv __config_version_module 0.03 sec
>2018-06-14T14:03:12Z DEBUG   [11/44]: enabling IPA enrollment plugin
>2018-06-14T14:03:12Z DEBUG Starting external process
>2018-06-14T14:03:12Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpa35j7rma', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:12Z DEBUG Process finished, return code=0
>2018-06-14T14:03:12Z DEBUG stdout=add objectclass:
>	top
>	nsSlapdPlugin
>	extensibleObject
>add cn:
>	ipa_enrollment_extop
>add nsslapd-pluginpath:
>	libipa_enrollment_extop
>add nsslapd-plugininitfunc:
>	ipaenrollment_init
>add nsslapd-plugintype:
>	extendedop
>add nsslapd-pluginenabled:
>	on
>add nsslapd-pluginid:
>	ipa_enrollment_extop
>add nsslapd-pluginversion:
>	1.0
>add nsslapd-pluginvendor:
>	RedHat
>add nsslapd-plugindescription:
>	Enroll hosts into the IPA domain
>add nsslapd-plugin-depends-on-type:
>	database
>add nsslapd-realmTree:
>	dc=example,dc=com
>adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:12Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:12Z DEBUG step duration: dirsrv __add_enrollment_module 0.02 sec
>2018-06-14T14:03:12Z DEBUG   [12/44]: configuring uniqueness plugin
>2018-06-14T14:03:12Z DEBUG Starting external process
>2018-06-14T14:03:12Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpw5z68gnb', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:12Z DEBUG Process finished, return code=0
>2018-06-14T14:03:12Z DEBUG stdout=add objectClass:
>	top
>	nsSlapdPlugin
>	extensibleObject
>add cn:
>	krbPrincipalName uniqueness
>add nsslapd-pluginPath:
>	libattr-unique-plugin
>add nsslapd-pluginInitfunc:
>	NSUniqueAttr_Init
>add nsslapd-pluginType:
>	preoperation
>add nsslapd-pluginEnabled:
>	on
>add uniqueness-attribute-name:
>	krbPrincipalName
>add nsslapd-plugin-depends-on-type:
>	database
>add nsslapd-pluginId:
>	NSUniqueAttr
>add nsslapd-pluginVersion:
>	1.1.0
>add nsslapd-pluginVendor:
>	Fedora Project
>add nsslapd-pluginDescription:
>	Enforce unique attribute values
>add uniqueness-subtrees:
>	dc=example,dc=com
>add uniqueness-exclude-subtrees:
>	cn=staged users,cn=accounts,cn=provisioning,dc=example,dc=com
>add uniqueness-across-all-subtrees:
>	on
>adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config"
>modify complete
>
>add objectClass:
>	top
>	nsSlapdPlugin
>	extensibleObject
>add cn:
>	krbCanonicalName uniqueness
>add nsslapd-pluginPath:
>	libattr-unique-plugin
>add nsslapd-pluginInitfunc:
>	NSUniqueAttr_Init
>add nsslapd-pluginType:
>	preoperation
>add nsslapd-pluginEnabled:
>	on
>add uniqueness-attribute-name:
>	krbCanonicalName
>add nsslapd-plugin-depends-on-type:
>	database
>add nsslapd-pluginId:
>	NSUniqueAttr
>add nsslapd-pluginVersion:
>	1.1.0
>add nsslapd-pluginVendor:
>	Fedora Project
>add nsslapd-pluginDescription:
>	Enforce unique attribute values
>add uniqueness-subtrees:
>	dc=example,dc=com
>add uniqueness-exclude-subtrees:
>	cn=staged users,cn=accounts,cn=provisioning,dc=example,dc=com
>add uniqueness-across-all-subtrees:
>	on
>adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config"
>modify complete
>
>add objectClass:
>	top
>	nsSlapdPlugin
>	extensibleObject
>add cn:
>	netgroup uniqueness
>add nsslapd-pluginPath:
>	libattr-unique-plugin
>add nsslapd-pluginInitfunc:
>	NSUniqueAttr_Init
>add nsslapd-pluginType:
>	preoperation
>add nsslapd-pluginEnabled:
>	on
>add uniqueness-attribute-name:
>	cn
>add uniqueness-subtrees:
>	cn=ng,cn=alt,dc=example,dc=com
>add nsslapd-plugin-depends-on-type:
>	database
>add nsslapd-pluginId:
>	NSUniqueAttr
>add nsslapd-pluginVersion:
>	1.1.0
>add nsslapd-pluginVendor:
>	Fedora Project
>add nsslapd-pluginDescription:
>	Enforce unique attribute values
>adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config"
>modify complete
>
>add objectClass:
>	top
>	nsSlapdPlugin
>	extensibleObject
>add cn:
>	ipaUniqueID uniqueness
>add nsslapd-pluginPath:
>	libattr-unique-plugin
>add nsslapd-pluginInitfunc:
>	NSUniqueAttr_Init
>add nsslapd-pluginType:
>	preoperation
>add nsslapd-pluginEnabled:
>	on
>add uniqueness-attribute-name:
>	ipaUniqueID
>add nsslapd-plugin-depends-on-type:
>	database
>add nsslapd-pluginId:
>	NSUniqueAttr
>add nsslapd-pluginVersion:
>	1.1.0
>add nsslapd-pluginVendor:
>	Fedora Project
>add nsslapd-pluginDescription:
>	Enforce unique attribute values
>add uniqueness-subtrees:
>	dc=example,dc=com
>add uniqueness-exclude-subtrees:
>	cn=staged users,cn=accounts,cn=provisioning,dc=example,dc=com
>add uniqueness-across-all-subtrees:
>	on
>adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config"
>modify complete
>
>add objectClass:
>	top
>	nsSlapdPlugin
>	extensibleObject
>add cn:
>	sudorule name uniqueness
>add nsslapd-pluginDescription:
>	Enforce unique attribute values
>add nsslapd-pluginPath:
>	libattr-unique-plugin
>add nsslapd-pluginInitfunc:
>	NSUniqueAttr_Init
>add nsslapd-pluginType:
>	preoperation
>add nsslapd-pluginEnabled:
>	on
>add uniqueness-attribute-name:
>	cn
>add uniqueness-subtrees:
>	cn=sudorules,cn=sudo,dc=example,dc=com
>add nsslapd-plugin-depends-on-type:
>	database
>add nsslapd-pluginId:
>	NSUniqueAttr
>add nsslapd-pluginVersion:
>	1.1.0
>add nsslapd-pluginVendor:
>	Fedora Project
>adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:12Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:12Z DEBUG step duration: dirsrv __set_unique_attrs 0.03 sec
>2018-06-14T14:03:12Z DEBUG   [13/44]: configuring uuid plugin
>2018-06-14T14:03:12Z DEBUG Starting external process
>2018-06-14T14:03:12Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/uuid-conf.ldif', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:12Z DEBUG Process finished, return code=0
>2018-06-14T14:03:12Z DEBUG stdout=add objectclass:
>	top
>	nsSlapdPlugin
>	extensibleObject
>add cn:
>	IPA UUID
>add nsslapd-pluginpath:
>	libipa_uuid
>add nsslapd-plugininitfunc:
>	ipauuid_init
>add nsslapd-plugintype:
>	preoperation
>add nsslapd-pluginenabled:
>	on
>add nsslapd-pluginid:
>	ipauuid_version
>add nsslapd-pluginversion:
>	1.0
>add nsslapd-pluginvendor:
>	Red Hat, Inc.
>add nsslapd-plugindescription:
>	IPA UUID plugin
>add nsslapd-plugin-depends-on-type:
>	database
>adding new entry "cn=IPA UUID,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:12Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:12Z DEBUG Starting external process
>2018-06-14T14:03:12Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmptzhjlquc', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:12Z DEBUG Process finished, return code=0
>2018-06-14T14:03:12Z DEBUG stdout=add objectclass:
>	top
>	extensibleObject
>add cn:
>	IPA Unique IDs
>add ipaUuidAttr:
>	ipaUniqueID
>add ipaUuidMagicRegen:
>	autogenerate
>add ipaUuidFilter:
>	(|(objectclass=ipaObject)(objectclass=ipaAssociation))
>add ipaUuidScope:
>	dc=example,dc=com
>add ipaUuidEnforce:
>	TRUE
>adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
>modify complete
>
>add objectclass:
>	top
>	extensibleObject
>add cn:
>	IPK11 Unique IDs
>add ipaUuidAttr:
>	ipk11UniqueID
>add ipaUuidMagicRegen:
>	autogenerate
>add ipaUuidFilter:
>	(objectclass=ipk11Object)
>add ipaUuidScope:
>	dc=example,dc=com
>add ipaUuidEnforce:
>	FALSE
>adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:12Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:12Z DEBUG step duration: dirsrv __config_uuid_module 0.05 sec
>2018-06-14T14:03:12Z DEBUG   [14/44]: configuring modrdn plugin
>2018-06-14T14:03:12Z DEBUG Starting external process
>2018-06-14T14:03:13Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/modrdn-conf.ldif', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:13Z DEBUG Process finished, return code=0
>2018-06-14T14:03:13Z DEBUG stdout=add objectclass:
>	top
>	nsSlapdPlugin
>	extensibleObject
>add cn:
>	IPA MODRDN
>add nsslapd-pluginpath:
>	libipa_modrdn
>add nsslapd-plugininitfunc:
>	ipamodrdn_init
>add nsslapd-plugintype:
>	betxnpostoperation
>add nsslapd-pluginenabled:
>	on
>add nsslapd-pluginid:
>	ipamodrdn_version
>add nsslapd-pluginversion:
>	1.0
>add nsslapd-pluginvendor:
>	Red Hat, Inc.
>add nsslapd-plugindescription:
>	IPA MODRDN plugin
>add nsslapd-plugin-depends-on-type:
>	database
>add nsslapd-pluginPrecedence:
>	60
>adding new entry "cn=IPA MODRDN,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:13Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:13Z DEBUG Starting external process
>2018-06-14T14:03:13Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpd04yh3zv', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:13Z DEBUG Process finished, return code=0
>2018-06-14T14:03:13Z DEBUG stdout=add objectclass:
>	top
>	extensibleObject
>add cn:
>	Kerberos Principal Name
>add ipaModRDNsourceAttr:
>	uid
>add ipaModRDNtargetAttr:
>	krbPrincipalName
>add ipaModRDNsuffix:
>	@EXAMPLE.COM
>add ipaModRDNfilter:
>	(&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
>add ipaModRDNscope:
>	dc=example,dc=com
>adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config"
>modify complete
>
>add objectclass:
>	top
>	extensibleObject
>add cn:
>	Kerberos Canonical Name
>add ipaModRDNsourceAttr:
>	uid
>add ipaModRDNtargetAttr:
>	krbCanonicalName
>add ipaModRDNsuffix:
>	@EXAMPLE.COM
>add ipaModRDNfilter:
>	(&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
>add ipaModRDNscope:
>	dc=example,dc=com
>adding new entry "cn=Kerberos Canonical Name,cn=IPA MODRDN,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:13Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:13Z DEBUG step duration: dirsrv __config_modrdn_module 0.04 sec
>2018-06-14T14:03:13Z DEBUG   [15/44]: configuring DNS plugin
>2018-06-14T14:03:13Z DEBUG Starting external process
>2018-06-14T14:03:13Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/ipa-dns-conf.ldif', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:13Z DEBUG Process finished, return code=0
>2018-06-14T14:03:13Z DEBUG stdout=add objectclass:
>	top
>	nsslapdPlugin
>	extensibleObject
>add cn:
>	IPA DNS
>add nsslapd-plugindescription:
>	IPA DNS support plugin
>add nsslapd-pluginenabled:
>	on
>add nsslapd-pluginid:
>	ipa_dns
>add nsslapd-plugininitfunc:
>	ipadns_init
>add nsslapd-pluginpath:
>	libipa_dns.so
>add nsslapd-plugintype:
>	preoperation
>add nsslapd-pluginvendor:
>	Red Hat, Inc.
>add nsslapd-pluginversion:
>	1.0
>add nsslapd-plugin-depends-on-type:
>	database
>adding new entry "cn=IPA DNS,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:13Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:13Z DEBUG step duration: dirsrv __config_dns_module 0.02 sec
>2018-06-14T14:03:13Z DEBUG   [16/44]: enabling entryUSN plugin
>2018-06-14T14:03:13Z DEBUG Starting external process
>2018-06-14T14:03:13Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/entryusn.ldif', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:13Z DEBUG Process finished, return code=0
>2018-06-14T14:03:13Z DEBUG stdout=replace nsslapd-entryusn-global:
>	on
>modifying entry "cn=config"
>modify complete
>
>replace nsslapd-entryusn-import-initval:
>	next
>modifying entry "cn=config"
>modify complete
>
>replace nsslapd-pluginenabled:
>	on
>modifying entry "cn=USN,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:13Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:13Z DEBUG step duration: dirsrv __enable_entryusn 0.03 sec
>2018-06-14T14:03:13Z DEBUG   [17/44]: configuring lockout plugin
>2018-06-14T14:03:13Z DEBUG Starting external process
>2018-06-14T14:03:13Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/lockout-conf.ldif', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:13Z DEBUG Process finished, return code=0
>2018-06-14T14:03:13Z DEBUG stdout=add objectclass:
>	top
>	nsSlapdPlugin
>	extensibleObject
>add cn:
>	IPA Lockout
>add nsslapd-pluginpath:
>	libipa_lockout
>add nsslapd-plugininitfunc:
>	ipalockout_init
>add nsslapd-plugintype:
>	object
>add nsslapd-pluginenabled:
>	on
>add nsslapd-pluginid:
>	ipalockout_version
>add nsslapd-pluginversion:
>	1.0
>add nsslapd-pluginvendor:
>	Red Hat, Inc.
>add nsslapd-plugindescription:
>	IPA Lockout plugin
>add nsslapd-plugin-depends-on-type:
>	database
>adding new entry "cn=IPA Lockout,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:13Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:13Z DEBUG step duration: dirsrv __config_lockout_module 0.02 sec
>2018-06-14T14:03:13Z DEBUG   [18/44]: configuring topology plugin
>2018-06-14T14:03:13Z DEBUG Starting external process
>2018-06-14T14:03:13Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpmfatug8q', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:13Z DEBUG Process finished, return code=0
>2018-06-14T14:03:13Z DEBUG stdout=add objectClass:
>	top
>	nsSlapdPlugin
>	extensibleObject
>add cn:
>	IPA Topology Configuration
>add nsslapd-pluginPath:
>	libtopology
>add nsslapd-pluginInitfunc:
>	ipa_topo_init
>add nsslapd-pluginType:
>	object
>add nsslapd-pluginEnabled:
>	on
>add nsslapd-topo-plugin-shared-config-base:
>	cn=ipa,cn=etc,dc=example,dc=com
>add nsslapd-topo-plugin-shared-replica-root:
>	dc=example,dc=com
>	o=ipaca
>add nsslapd-topo-plugin-shared-binddngroup:
>	cn=replication managers,cn=sysaccounts,cn=etc,dc=example,dc=com
>add nsslapd-topo-plugin-startup-delay:
>	20
>add nsslapd-pluginId:
>	none
>add nsslapd-plugin-depends-on-named:
>	ldbm database
>	Multimaster Replication Plugin
>add nsslapd-pluginVersion:
>	1.0
>add nsslapd-pluginVendor:
>	none
>add nsslapd-pluginDescription:
>	none
>adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:13Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:13Z DEBUG step duration: dirsrv __config_topology_module 0.03 sec
>2018-06-14T14:03:13Z DEBUG   [19/44]: creating indices
>2018-06-14T14:03:13Z DEBUG Starting external process
>2018-06-14T14:03:13Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/indices.ldif', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:13Z DEBUG Process finished, return code=0
>2018-06-14T14:03:13Z DEBUG stdout=add objectClass:
>	top
>	nsIndex
>add cn:
>	krbPrincipalName
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	sub
>add nsMatchingRule:
>	caseIgnoreIA5Match
>	caseExactIA5Match
>adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add objectClass:
>	top
>	nsIndex
>add cn:
>	ou
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	sub
>adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add objectClass:
>	top
>	nsIndex
>add cn:
>	carLicense
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	sub
>adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add objectClass:
>	top
>	nsIndex
>add cn:
>	title
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	sub
>adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add objectClass:
>	top
>	nsIndex
>add cn:
>	manager
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	pres
>	sub
>adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add objectClass:
>	top
>	nsIndex
>add cn:
>	secretary
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	pres
>	sub
>adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add objectClass:
>	top
>	nsIndex
>add cn:
>	displayname
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	sub
>adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add nsIndexType:
>	sub
>modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add objectClass:
>	top
>	nsIndex
>add cn:
>	uidnumber
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>add nsMatchingRule:
>	integerOrderingMatch
>adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add objectClass:
>	top
>	nsIndex
>add cn:
>	gidnumber
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>add nsMatchingRule:
>	integerOrderingMatch
>adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>replace nsIndexType:
>	eq
>	pres
>modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>replace nsIndexType:
>	eq
>	pres
>modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add ObjectClass:
>	top
>	nsIndex
>add cn:
>	fqdn
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	pres
>	sub
>adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add ObjectClass:
>	top
>	nsIndex
>add cn:
>	macAddress
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	pres
>adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	memberHost
>add ObjectClass:
>	top
>	nsIndex
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	pres
>	sub
>adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	memberUser
>add ObjectClass:
>	top
>	nsIndex
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	pres
>	sub
>adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	sourcehost
>add ObjectClass:
>	top
>	nsIndex
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	pres
>	sub
>adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	memberservice
>add ObjectClass:
>	top
>	nsIndex
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	pres
>	sub
>adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	managedby
>add ObjectClass:
>	top
>	nsIndex
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	pres
>	sub
>adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	memberallowcmd
>add ObjectClass:
>	top
>	nsIndex
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	pres
>	sub
>adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	memberdenycmd
>add ObjectClass:
>	top
>	nsIndex
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	pres
>	sub
>adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	ipasudorunas
>add ObjectClass:
>	top
>	nsIndex
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	pres
>	sub
>adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	ipasudorunasgroup
>add ObjectClass:
>	top
>	nsIndex
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	pres
>	sub
>adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	automountkey
>add ObjectClass:
>	top
>	nsIndex
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	ipakrbprincipalalias
>add ObjectClass:
>	top
>	nsIndex
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	ipauniqueid
>add ObjectClass:
>	top
>	nsIndex
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	ipaMemberCa
>add ObjectClass:
>	top
>	nsIndex
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	pres
>	sub
>adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	ipaMemberCertProfile
>add ObjectClass:
>	top
>	nsIndex
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	pres
>	sub
>adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	userCertificate
>add ObjectClass:
>	top
>	nsIndex
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	pres
>adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	ipalocation
>add ObjectClass:
>	top
>	nsIndex
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	pres
>adding new entry "cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	krbCanonicalName
>add objectClass:
>	top
>	nsIndex
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	sub
>adding new entry "cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	serverhostname
>add objectClass:
>	top
>	nsIndex
>add nsSystemIndex:
>	false
>add nsIndexType:
>	eq
>	sub
>adding new entry "cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	description
>add objectClass:
>	top
>	nsindex
>add nssystemindex:
>	false
>add nsindextype:
>	eq
>	sub
>adding new entry "cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	l
>add objectClass:
>	top
>	nsindex
>add nssystemindex:
>	false
>add nsindextype:
>	eq
>	sub
>adding new entry "cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	nsOsVersion
>add objectClass:
>	top
>	nsindex
>add nssystemindex:
>	false
>add nsindextype:
>	eq
>	sub
>adding new entry "cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	nsHardwarePlatform
>add objectClass:
>	top
>	nsindex
>add nssystemindex:
>	false
>add nsindextype:
>	eq
>	sub
>adding new entry "cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add cn:
>	nsHostLocation
>add objectClass:
>	top
>	nsindex
>add nssystemindex:
>	false
>add nsindextype:
>	eq
>	sub
>adding new entry "cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:13Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:13Z DEBUG step duration: dirsrv __create_indices 0.13 sec
>2018-06-14T14:03:13Z DEBUG   [20/44]: enabling referential integrity plugin
>2018-06-14T14:03:13Z DEBUG Starting external process
>2018-06-14T14:03:13Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/referint-conf.ldif', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:13Z DEBUG Process finished, return code=0
>2018-06-14T14:03:13Z DEBUG stdout=replace nsslapd-pluginenabled:
>	on
>modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:13Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:13Z DEBUG step duration: dirsrv __add_referint_module 0.03 sec
>2018-06-14T14:03:13Z DEBUG   [21/44]: configuring certmap.conf
>2018-06-14T14:03:13Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
>2018-06-14T14:03:13Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
>2018-06-14T14:03:13Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
>2018-06-14T14:03:13Z DEBUG step duration: dirsrv __certmap_conf 0.00 sec
>2018-06-14T14:03:13Z DEBUG   [22/44]: configure new location for managed entries
>2018-06-14T14:03:13Z DEBUG Starting external process
>2018-06-14T14:03:13Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp96q3zccp', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:13Z DEBUG Process finished, return code=0
>2018-06-14T14:03:13Z DEBUG stdout=add nsslapd-pluginConfigArea:
>	cn=Definitions,cn=Managed Entries,cn=etc,dc=example,dc=com
>modifying entry "cn=Managed Entries,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:13Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:13Z DEBUG step duration: dirsrv __repoint_managed_entries 0.02 sec
>2018-06-14T14:03:13Z DEBUG   [23/44]: configure dirsrv ccache
>2018-06-14T14:03:13Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv'
>2018-06-14T14:03:13Z DEBUG   -> Not backing up - already have a copy of '/etc/sysconfig/dirsrv'
>2018-06-14T14:03:13Z DEBUG Starting external process
>2018-06-14T14:03:13Z DEBUG args=['/usr/sbin/selinuxenabled']
>2018-06-14T14:03:13Z DEBUG Process finished, return code=0
>2018-06-14T14:03:13Z DEBUG stdout=
>2018-06-14T14:03:13Z DEBUG stderr=
>2018-06-14T14:03:13Z DEBUG Starting external process
>2018-06-14T14:03:13Z DEBUG args=['/sbin/restorecon', '/etc/sysconfig/dirsrv']
>2018-06-14T14:03:13Z DEBUG Process finished, return code=0
>2018-06-14T14:03:13Z DEBUG stdout=
>2018-06-14T14:03:13Z DEBUG stderr=
>2018-06-14T14:03:13Z DEBUG step duration: dirsrv configure_dirsrv_ccache 0.02 sec
>2018-06-14T14:03:13Z DEBUG   [24/44]: enabling SASL mapping fallback
>2018-06-14T14:03:13Z DEBUG Starting external process
>2018-06-14T14:03:13Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp1pe7ck37', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:13Z DEBUG Process finished, return code=0
>2018-06-14T14:03:13Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback:
>	on
>modifying entry "cn=config"
>modify complete
>
>
>2018-06-14T14:03:13Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:13Z DEBUG step duration: dirsrv __enable_sasl_mapping_fallback 0.03 sec
>2018-06-14T14:03:13Z DEBUG   [25/44]: restarting directory server
>2018-06-14T14:03:13Z DEBUG Destroyed connection context.ldap2_139915100616072
>2018-06-14T14:03:13Z DEBUG Starting external process
>2018-06-14T14:03:13Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload']
>2018-06-14T14:03:13Z DEBUG Process finished, return code=0
>2018-06-14T14:03:13Z DEBUG stdout=
>2018-06-14T14:03:13Z DEBUG stderr=
>2018-06-14T14:03:13Z DEBUG Starting external process
>2018-06-14T14:03:13Z DEBUG args=['/bin/systemctl', 'restart', 'dirsrv@EXAMPLE-COM.service']
>2018-06-14T14:03:16Z DEBUG Process finished, return code=0
>2018-06-14T14:03:16Z DEBUG stdout=
>2018-06-14T14:03:16Z DEBUG stderr=
>2018-06-14T14:03:16Z DEBUG Starting external process
>2018-06-14T14:03:16Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@EXAMPLE-COM.service']
>2018-06-14T14:03:16Z DEBUG Process finished, return code=0
>2018-06-14T14:03:16Z DEBUG stdout=active
>
>2018-06-14T14:03:16Z DEBUG stderr=
>2018-06-14T14:03:16Z DEBUG wait_for_open_ports: localhost [389] timeout 300
>2018-06-14T14:03:16Z DEBUG waiting for port: 389
>2018-06-14T14:03:16Z DEBUG SUCCESS: port: 389
>2018-06-14T14:03:16Z DEBUG Restart of dirsrv@EXAMPLE-COM.service complete
>2018-06-14T14:03:16Z DEBUG Starting external process
>2018-06-14T14:03:16Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@EXAMPLE-COM.service']
>2018-06-14T14:03:16Z DEBUG Process finished, return code=0
>2018-06-14T14:03:16Z DEBUG stdout=active
>
>2018-06-14T14:03:16Z DEBUG stderr=
>2018-06-14T14:03:16Z DEBUG Created connection context.ldap2_139915100616072
>2018-06-14T14:03:16Z DEBUG step duration: dirsrv __restart_instance 3.08 sec
>2018-06-14T14:03:16Z DEBUG   [26/44]: adding sasl mappings to the directory
>2018-06-14T14:03:16Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket from SchemaCache
>2018-06-14T14:03:16Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f40854edba8>
>2018-06-14T14:03:16Z DEBUG step duration: dirsrv __configure_sasl_mappings 0.25 sec
>2018-06-14T14:03:16Z DEBUG   [27/44]: adding default layout
>2018-06-14T14:03:16Z DEBUG Starting external process
>2018-06-14T14:03:16Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp49cgjhhd', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:17Z DEBUG Process finished, return code=0
>2018-06-14T14:03:17Z DEBUG stdout=add objectClass:
>	top
>	nsContainer
>add cn:
>	accounts
>adding new entry "cn=accounts,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	users
>adding new entry "cn=users,cn=accounts,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	groups
>adding new entry "cn=groups,cn=accounts,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	services
>adding new entry "cn=services,cn=accounts,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	computers
>adding new entry "cn=computers,cn=accounts,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	hostgroups
>adding new entry "cn=hostgroups,cn=accounts,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>add cn:
>	alt
>adding new entry "cn=alt,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>add cn:
>	ng
>adding new entry "cn=ng,cn=alt,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>add cn:
>	automount
>adding new entry "cn=automount,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>add cn:
>	default
>adding new entry "cn=default,cn=automount,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	automountMap
>add automountMapName:
>	auto.master
>adding new entry "automountmapname=auto.master,cn=default,cn=automount,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	automountMap
>add automountMapName:
>	auto.direct
>adding new entry "automountmapname=auto.direct,cn=default,cn=automount,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	automount
>add automountKey:
>	/-
>add automountInformation:
>	auto.direct
>add description:
>	/- auto.direct
>adding new entry "description=/- auto.direct,automountmapname=auto.master,cn=default,cn=automount,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	hbac
>adding new entry "cn=hbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	hbacservices
>adding new entry "cn=hbacservices,cn=hbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	hbacservicegroups
>adding new entry "cn=hbacservicegroups,cn=hbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	sudo
>adding new entry "cn=sudo,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	sudocmds
>adding new entry "cn=sudocmds,cn=sudo,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	sudocmdgroups
>adding new entry "cn=sudocmdgroups,cn=sudo,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	sudorules
>adding new entry "cn=sudorules,cn=sudo,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>add cn:
>	etc
>adding new entry "cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>add cn:
>	locations
>adding new entry "cn=locations,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>add cn:
>	sysaccounts
>adding new entry "cn=sysaccounts,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>add cn:
>	ipa
>adding new entry "cn=ipa,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>add cn:
>	masters
>adding new entry "cn=masters,cn=ipa,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>add cn:
>	replicas
>adding new entry "cn=replicas,cn=ipa,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>add cn:
>	dna
>adding new entry "cn=dna,cn=ipa,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>add cn:
>	posix-ids
>adding new entry "cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>add cn:
>	ca_renewal
>adding new entry "cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>add cn:
>	certificates
>adding new entry "cn=certificates,cn=ipa,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>add cn:
>	custodia
>adding new entry "cn=custodia,cn=ipa,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>add cn:
>	dogtag
>adding new entry "cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>add cn:
>	s4u2proxy
>adding new entry "cn=s4u2proxy,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	ipaKrb5DelegationACL
>	groupOfPrincipals
>	top
>add cn:
>	ipa-http-delegation
>add memberPrincipal:
>	HTTP/ipa.example.com@EXAMPLE.COM
>add ipaAllowedTarget:
>	cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=example,dc=com
>	cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=example,dc=com
>adding new entry "cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	groupOfPrincipals
>	top
>add cn:
>	ipa-ldap-delegation-targets
>add memberPrincipal:
>	ldap/ipa.example.com@EXAMPLE.COM
>adding new entry "cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	groupOfPrincipals
>	top
>add cn:
>	ipa-cifs-delegation-targets
>adding new entry "cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	person
>	posixaccount
>	krbprincipalaux
>	krbticketpolicyaux
>	inetuser
>	ipaobject
>	ipasshuser
>add uid:
>	admin
>add krbPrincipalName:
>	admin@EXAMPLE.COM
>add cn:
>	Administrator
>add sn:
>	Administrator
>add uidNumber:
>	894000000
>add gidNumber:
>	894000000
>add homeDirectory:
>	/home/admin
>add loginShell:
>	/bin/bash
>add gecos:
>	Administrator
>add nsAccountLock:
>	FALSE
>add ipaUniqueID:
>	autogenerate
>adding new entry "uid=admin,cn=users,cn=accounts,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	posixgroup
>	ipausergroup
>	ipaobject
>add cn:
>	admins
>add description:
>	Account administrators group
>add gidNumber:
>	894000000
>add member:
>	uid=admin,cn=users,cn=accounts,dc=example,dc=com
>add nsAccountLock:
>	FALSE
>add ipaUniqueID:
>	autogenerate
>adding new entry "cn=admins,cn=groups,cn=accounts,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	nestedgroup
>	ipausergroup
>	ipaobject
>add description:
>	Default group for all users
>add cn:
>	ipausers
>add ipaUniqueID:
>	autogenerate
>adding new entry "cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	posixgroup
>	ipausergroup
>	ipaobject
>add gidNumber:
>	894000002
>add description:
>	Limited admins who can edit other users
>add cn:
>	editors
>add ipaUniqueID:
>	autogenerate
>adding new entry "cn=editors,cn=groups,cn=accounts,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupOfNames
>	nestedGroup
>	ipaobject
>	ipahostgroup
>add description:
>	IPA server hosts
>add cn:
>	ipaservers
>add ipaUniqueID:
>	autogenerate
>adding new entry "cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=com"
>modify complete
>
>add objectclass:
>	ipahbacservice
>	ipaobject
>add cn:
>	sshd
>add description:
>	sshd
>add ipauniqueid:
>	autogenerate
>adding new entry "cn=sshd,cn=hbacservices,cn=hbac,dc=example,dc=com"
>modify complete
>
>add objectclass:
>	ipahbacservice
>	ipaobject
>add cn:
>	ftp
>add description:
>	ftp
>add ipauniqueid:
>	autogenerate
>adding new entry "cn=ftp,cn=hbacservices,cn=hbac,dc=example,dc=com"
>modify complete
>
>add objectclass:
>	ipahbacservice
>	ipaobject
>add cn:
>	su
>add description:
>	su
>add ipauniqueid:
>	autogenerate
>adding new entry "cn=su,cn=hbacservices,cn=hbac,dc=example,dc=com"
>modify complete
>
>add objectclass:
>	ipahbacservice
>	ipaobject
>add cn:
>	login
>add description:
>	login
>add ipauniqueid:
>	autogenerate
>adding new entry "cn=login,cn=hbacservices,cn=hbac,dc=example,dc=com"
>modify complete
>
>add objectclass:
>	ipahbacservice
>	ipaobject
>add cn:
>	su-l
>add description:
>	su with login shell
>add ipauniqueid:
>	autogenerate
>adding new entry "cn=su-l,cn=hbacservices,cn=hbac,dc=example,dc=com"
>modify complete
>
>add objectclass:
>	ipahbacservice
>	ipaobject
>add cn:
>	sudo
>add description:
>	sudo
>add ipauniqueid:
>	autogenerate
>adding new entry "cn=sudo,cn=hbacservices,cn=hbac,dc=example,dc=com"
>modify complete
>
>add objectclass:
>	ipahbacservice
>	ipaobject
>add cn:
>	sudo-i
>add description:
>	sudo-i
>add ipauniqueid:
>	autogenerate
>adding new entry "cn=sudo-i,cn=hbacservices,cn=hbac,dc=example,dc=com"
>modify complete
>
>add objectclass:
>	ipahbacservice
>	ipaobject
>add cn:
>	gdm
>add description:
>	gdm
>add ipauniqueid:
>	autogenerate
>adding new entry "cn=gdm,cn=hbacservices,cn=hbac,dc=example,dc=com"
>modify complete
>
>add objectclass:
>	ipahbacservice
>	ipaobject
>add cn:
>	gdm-password
>add description:
>	gdm-password
>add ipauniqueid:
>	autogenerate
>adding new entry "cn=gdm-password,cn=hbacservices,cn=hbac,dc=example,dc=com"
>modify complete
>
>add objectclass:
>	ipahbacservice
>	ipaobject
>add cn:
>	kdm
>add description:
>	kdm
>add ipauniqueid:
>	autogenerate
>adding new entry "cn=kdm,cn=hbacservices,cn=hbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	ipaobject
>	ipahbacservicegroup
>	nestedGroup
>	groupOfNames
>	top
>add cn:
>	Sudo
>add ipauniqueid:
>	autogenerate
>add description:
>	Default group of Sudo related services
>add member:
>	cn=sudo,cn=hbacservices,cn=hbac,dc=example,dc=com
>	cn=sudo-i,cn=hbacservices,cn=hbac,dc=example,dc=com
>adding new entry "cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>	ipaGuiConfig
>	ipaConfigObject
>add ipaUserSearchFields:
>	uid,givenname,sn,telephonenumber,ou,title
>add ipaGroupSearchFields:
>	cn,description
>add ipaSearchTimeLimit:
>	2
>add ipaSearchRecordsLimit:
>	100
>add ipaHomesRootDir:
>	/home
>add ipaDefaultLoginShell:
>	/bin/sh
>add ipaDefaultPrimaryGroup:
>	ipausers
>add ipaMaxUsernameLength:
>	32
>add ipaPwdExpAdvNotify:
>	4
>add ipaGroupObjectClasses:
>	top
>	groupofnames
>	nestedgroup
>	ipausergroup
>	ipaobject
>add ipaUserObjectClasses:
>	top
>	person
>	organizationalperson
>	inetorgperson
>	inetuser
>	posixaccount
>	krbprincipalaux
>	krbticketpolicyaux
>	ipaobject
>	ipasshuser
>add ipaDefaultEmailDomain:
>	example.com
>add ipaMigrationEnabled:
>	FALSE
>add ipaConfigString:
>	AllowNThash
>	KDC:Disable Last Success
>add ipaSELinuxUserMapOrder:
>	guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023
>add ipaSELinuxUserMapDefault:
>	unconfined_u:s0-s0:c0.c1023
>adding new entry "cn=ipaConfig,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectclass:
>	top
>	nsContainer
>add cn:
>	cosTemplates
>adding new entry "cn=cosTemplates,cn=accounts,dc=example,dc=com"
>modify complete
>
>add description:
>	Password Policy based on group membership
>add objectClass:
>	top
>	ldapsubentry
>	cosSuperDefinition
>	cosClassicDefinition
>add cosTemplateDn:
>	cn=cosTemplates,cn=accounts,dc=example,dc=com
>add cosAttribute:
>	krbPwdPolicyReference override
>add cosSpecifier:
>	memberOf
>adding new entry "cn=Password Policy,cn=accounts,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	selinux
>adding new entry "cn=selinux,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	usermap
>adding new entry "cn=usermap,cn=selinux,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	ranges
>adding new entry "cn=ranges,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	ipaIDrange
>	ipaDomainIDRange
>add cn:
>	EXAMPLE.COM_id_range
>add ipaBaseID:
>	894000000
>add ipaIDRangeSize:
>	200000
>add ipaRangeType:
>	ipa-local
>adding new entry "cn=EXAMPLE.COM_id_range,cn=ranges,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>add cn:
>	ca
>adding new entry "cn=ca,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>add cn:
>	certprofiles
>adding new entry "cn=certprofiles,cn=ca,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>add cn:
>	caacls
>adding new entry "cn=caacls,cn=ca,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>add cn:
>	cas
>adding new entry "cn=cas,cn=ca,dc=example,dc=com"
>modify complete
>
>
>2018-06-14T14:03:17Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:17Z DEBUG step duration: dirsrv __add_default_layout 0.62 sec
>2018-06-14T14:03:17Z DEBUG   [28/44]: adding delegation layout
>2018-06-14T14:03:17Z DEBUG Starting external process
>2018-06-14T14:03:17Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp7wx4asqu', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:17Z DEBUG Process finished, return code=0
>2018-06-14T14:03:17Z DEBUG stdout=add objectClass:
>	top
>	nsContainer
>add cn:
>	roles
>adding new entry "cn=roles,cn=accounts,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	pbac
>adding new entry "cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	privileges
>adding new entry "cn=privileges,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	permissions
>adding new entry "cn=permissions,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	nestedgroup
>add cn:
>	helpdesk
>add description:
>	Helpdesk
>adding new entry "cn=helpdesk,cn=roles,cn=accounts,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	nestedgroup
>add cn:
>	User Administrators
>add description:
>	User Administrators
>adding new entry "cn=User Administrators,cn=privileges,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	nestedgroup
>add cn:
>	Group Administrators
>add description:
>	Group Administrators
>adding new entry "cn=Group Administrators,cn=privileges,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	nestedgroup
>add cn:
>	Host Administrators
>add description:
>	Host Administrators
>adding new entry "cn=Host Administrators,cn=privileges,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	nestedgroup
>add cn:
>	Host Group Administrators
>add description:
>	Host Group Administrators
>adding new entry "cn=Host Group Administrators,cn=privileges,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	nestedgroup
>add cn:
>	Delegation Administrator
>add description:
>	Role administration
>adding new entry "cn=Delegation Administrator,cn=privileges,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	nestedgroup
>add cn:
>	DNS Administrators
>add description:
>	DNS Administrators
>adding new entry "cn=DNS Administrators,cn=privileges,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	nestedgroup
>add cn:
>	DNS Servers
>add description:
>	DNS Servers
>adding new entry "cn=DNS Servers,cn=privileges,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	nestedgroup
>add cn:
>	Service Administrators
>add description:
>	Service Administrators
>adding new entry "cn=Service Administrators,cn=privileges,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	nestedgroup
>add cn:
>	Automount Administrators
>add description:
>	Automount Administrators
>adding new entry "cn=Automount Administrators,cn=privileges,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	nestedgroup
>add cn:
>	Netgroups Administrators
>add description:
>	Netgroups Administrators
>adding new entry "cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	nestedgroup
>add cn:
>	Certificate Administrators
>add description:
>	Certificate Administrators
>adding new entry "cn=Certificate Administrators,cn=privileges,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	nestedgroup
>add cn:
>	Replication Administrators
>add description:
>	Replication Administrators
>add member:
>	cn=admins,cn=groups,cn=accounts,dc=example,dc=com
>adding new entry "cn=Replication Administrators,cn=privileges,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	nestedgroup
>add cn:
>	Host Enrollment
>add description:
>	Host Enrollment
>adding new entry "cn=Host Enrollment,cn=privileges,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	nestedgroup
>add cn:
>	Stage User Administrators
>add description:
>	Stage User Administrators
>adding new entry "cn=Stage User Administrators,cn=privileges,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	nestedgroup
>add cn:
>	Stage User Provisioning
>add description:
>	Stage User Provisioning
>adding new entry "cn=Stage User Provisioning,cn=privileges,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	ipapermission
>add cn:
>	Add Replication Agreements
>add ipapermissiontype:
>	SYSTEM
>add member:
>	cn=Replication Administrators,cn=privileges,cn=pbac,dc=example,dc=com
>adding new entry "cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	ipapermission
>add cn:
>	Modify Replication Agreements
>add ipapermissiontype:
>	SYSTEM
>add member:
>	cn=Replication Administrators,cn=privileges,cn=pbac,dc=example,dc=com
>adding new entry "cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	ipapermission
>add cn:
>	Read Replication Agreements
>add ipapermissiontype:
>	SYSTEM
>add member:
>	cn=Replication Administrators,cn=privileges,cn=pbac,dc=example,dc=com
>adding new entry "cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	ipapermission
>add cn:
>	Remove Replication Agreements
>add ipapermissiontype:
>	SYSTEM
>add member:
>	cn=Replication Administrators,cn=privileges,cn=pbac,dc=example,dc=com
>adding new entry "cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	ipapermission
>add cn:
>	Modify DNA Range
>add ipapermissiontype:
>	SYSTEM
>add member:
>	cn=Replication Administrators,cn=privileges,cn=pbac,dc=example,dc=com
>adding new entry "cn=Modify DNA Range,cn=permissions,cn=pbac,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	virtual operations
>adding new entry "cn=virtual operations,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	ipapermission
>add cn:
>	Retrieve Certificates from the CA
>add member:
>	cn=Certificate Administrators,cn=privileges,cn=pbac,dc=example,dc=com
>adding new entry "cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=example,dc=com"
>modify complete
>
>add aci:
>	(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=example,dc=com" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=example,dc=com";)
>modifying entry "dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	ipapermission
>add cn:
>	Request Certificate
>add member:
>	cn=Certificate Administrators,cn=privileges,cn=pbac,dc=example,dc=com
>adding new entry "cn=Request Certificate,cn=permissions,cn=pbac,dc=example,dc=com"
>modify complete
>
>add aci:
>	(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=example,dc=com" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=example,dc=com";)
>modifying entry "dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	ipapermission
>add cn:
>	Request Certificates from a different host
>add member:
>	cn=Certificate Administrators,cn=privileges,cn=pbac,dc=example,dc=com
>adding new entry "cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=example,dc=com"
>modify complete
>
>add aci:
>	(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=example,dc=com" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=example,dc=com";)
>modifying entry "dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	ipapermission
>add cn:
>	Get Certificates status from the CA
>add member:
>	cn=Certificate Administrators,cn=privileges,cn=pbac,dc=example,dc=com
>adding new entry "cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=example,dc=com"
>modify complete
>
>add aci:
>	(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=example,dc=com" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=example,dc=com";)
>modifying entry "dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	ipapermission
>add cn:
>	Revoke Certificate
>add member:
>	cn=Certificate Administrators,cn=privileges,cn=pbac,dc=example,dc=com
>adding new entry "cn=Revoke Certificate,cn=permissions,cn=pbac,dc=example,dc=com"
>modify complete
>
>add aci:
>	(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=example,dc=com" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=example,dc=com";)
>modifying entry "dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	groupofnames
>	ipapermission
>add cn:
>	Certificate Remove Hold
>add member:
>	cn=Certificate Administrators,cn=privileges,cn=pbac,dc=example,dc=com
>adding new entry "cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=example,dc=com"
>modify complete
>
>add aci:
>	(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=example,dc=com" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=example,dc=com";)
>modifying entry "dc=example,dc=com"
>modify complete
>
>
>2018-06-14T14:03:17Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:17Z DEBUG step duration: dirsrv __add_delegation_layout 0.29 sec
>2018-06-14T14:03:17Z DEBUG   [29/44]: creating container for managed entries
>2018-06-14T14:03:17Z DEBUG Starting external process
>2018-06-14T14:03:17Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpldt7c_d9', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:17Z DEBUG Process finished, return code=0
>2018-06-14T14:03:17Z DEBUG stdout=add objectClass:
>	nsContainer
>	top
>add cn:
>	Managed Entries
>adding new entry "cn=Managed Entries,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>add cn:
>	Templates
>adding new entry "cn=Templates,cn=Managed Entries,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	nsContainer
>	top
>add cn:
>	Definitions
>adding new entry "cn=Definitions,cn=Managed Entries,cn=etc,dc=example,dc=com"
>modify complete
>
>
>2018-06-14T14:03:17Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:17Z DEBUG step duration: dirsrv __managed_entries 0.03 sec
>2018-06-14T14:03:17Z DEBUG   [30/44]: configuring user private groups
>2018-06-14T14:03:17Z DEBUG Starting external process
>2018-06-14T14:03:17Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmphebr77n8', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:17Z DEBUG Process finished, return code=0
>2018-06-14T14:03:17Z DEBUG stdout=add objectclass:
>	mepTemplateEntry
>add cn:
>	UPG Template
>add mepRDNAttr:
>	cn
>add mepStaticAttr:
>	objectclass: posixgroup
>	objectclass: ipaobject
>	ipaUniqueId: autogenerate
>add mepMappedAttr:
>	cn: $uid
>	gidNumber: $uidNumber
>	description: User private group for $uid
>adding new entry "cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectclass:
>	extensibleObject
>add cn:
>	UPG Definition
>add originScope:
>	cn=users,cn=accounts,dc=example,dc=com
>add originFilter:
>	(&(objectclass=posixAccount)(!(description=__no_upg__)))
>add managedBase:
>	cn=groups,cn=accounts,dc=example,dc=com
>add managedTemplate:
>	cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=example,dc=com
>adding new entry "cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=example,dc=com"
>modify complete
>
>
>2018-06-14T14:03:17Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:17Z DEBUG step duration: dirsrv __user_private_groups 0.02 sec
>2018-06-14T14:03:17Z DEBUG   [31/44]: configuring netgroups from hostgroups
>2018-06-14T14:03:17Z DEBUG Starting external process
>2018-06-14T14:03:17Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpy4kj49iw', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:17Z DEBUG Process finished, return code=0
>2018-06-14T14:03:17Z DEBUG stdout=add objectclass:
>	mepTemplateEntry
>add cn:
>	NGP HGP Template
>add mepRDNAttr:
>	cn
>add mepStaticAttr:
>	ipaUniqueId: autogenerate
>	objectclass: ipanisnetgroup
>	objectclass: ipaobject
>	nisDomainName: example.com
>add mepMappedAttr:
>	cn: $cn
>	memberHost: $dn
>	description: ipaNetgroup $cn
>adding new entry "cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectclass:
>	extensibleObject
>add cn:
>	NGP Definition
>add originScope:
>	cn=hostgroups,cn=accounts,dc=example,dc=com
>add originFilter:
>	objectclass=ipahostgroup
>add managedBase:
>	cn=ng,cn=alt,dc=example,dc=com
>add managedTemplate:
>	cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=example,dc=com
>adding new entry "cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=example,dc=com"
>modify complete
>
>
>2018-06-14T14:03:17Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:17Z DEBUG step duration: dirsrv __host_nis_groups 0.02 sec
>2018-06-14T14:03:17Z DEBUG   [32/44]: creating default Sudo bind user
>2018-06-14T14:03:17Z DEBUG Starting external process
>2018-06-14T14:03:17Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpne5euedk', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:17Z DEBUG Process finished, return code=0
>2018-06-14T14:03:17Z DEBUG stdout=add objectclass:
>	account
>	simplesecurityobject
>add uid:
>	sudo
>add userPassword:
>	XXXXXXXX
>add passwordExpirationTime:
>	20380119031407Z
>add nsIdleTimeout:
>	0
>adding new entry "uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com"
>modify complete
>
>
>2018-06-14T14:03:17Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:17Z DEBUG step duration: dirsrv __add_sudo_binduser 0.05 sec
>2018-06-14T14:03:17Z DEBUG   [33/44]: creating default Auto Member layout
>2018-06-14T14:03:17Z DEBUG Starting external process
>2018-06-14T14:03:17Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp9abcz1m3', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:17Z DEBUG Process finished, return code=0
>2018-06-14T14:03:17Z DEBUG stdout=add nsslapd-pluginConfigArea:
>	cn=automember,cn=etc,dc=example,dc=com
>modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>add cn:
>	automember
>adding new entry "cn=automember,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectclass:
>	autoMemberDefinition
>add cn:
>	Hostgroup
>add autoMemberScope:
>	cn=computers,cn=accounts,dc=example,dc=com
>add autoMemberFilter:
>	objectclass=ipaHost
>add autoMemberGroupingAttr:
>	member:dn
>adding new entry "cn=Hostgroup,cn=automember,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectclass:
>	autoMemberDefinition
>add cn:
>	Group
>add autoMemberScope:
>	cn=users,cn=accounts,dc=example,dc=com
>add autoMemberFilter:
>	objectclass=posixAccount
>add autoMemberGroupingAttr:
>	member:dn
>adding new entry "cn=Group,cn=automember,cn=etc,dc=example,dc=com"
>modify complete
>
>
>2018-06-14T14:03:17Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:17Z DEBUG step duration: dirsrv __add_automember_config 0.03 sec
>2018-06-14T14:03:17Z DEBUG   [34/44]: adding range check plugin
>2018-06-14T14:03:17Z DEBUG Starting external process
>2018-06-14T14:03:17Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpl5ywp35u', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:17Z DEBUG Process finished, return code=0
>2018-06-14T14:03:17Z DEBUG stdout=add objectclass:
>	top
>	nsSlapdPlugin
>	extensibleObject
>add cn:
>	IPA Range-Check
>add nsslapd-pluginpath:
>	libipa_range_check
>add nsslapd-plugininitfunc:
>	ipa_range_check_init
>add nsslapd-plugintype:
>	preoperation
>add nsslapd-pluginenabled:
>	on
>add nsslapd-pluginid:
>	ipa_range_check_version
>add nsslapd-pluginversion:
>	1.0
>add nsslapd-pluginvendor:
>	Red Hat, Inc.
>add nsslapd-plugindescription:
>	IPA Range-Check plugin
>add nsslapd-plugin-depends-on-type:
>	database
>add nsslapd-basedn:
>	dc=example,dc=com
>adding new entry "cn=IPA Range-Check,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:17Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:17Z DEBUG step duration: dirsrv __add_range_check_plugin 0.02 sec
>2018-06-14T14:03:17Z DEBUG   [35/44]: creating default HBAC rule allow_all
>2018-06-14T14:03:17Z DEBUG Starting external process
>2018-06-14T14:03:17Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp3728ju9c', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:17Z DEBUG Process finished, return code=0
>2018-06-14T14:03:17Z DEBUG stdout=add objectclass:
>	ipaassociation
>	ipahbacrule
>add cn:
>	allow_all
>add accessruletype:
>	allow
>add usercategory:
>	all
>add hostcategory:
>	all
>add servicecategory:
>	all
>add ipaenabledflag:
>	TRUE
>add description:
>	Allow all users to access any host from any host
>add ipauniqueid:
>	autogenerate
>adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=example,dc=com"
>modify complete
>
>
>2018-06-14T14:03:17Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:17Z DEBUG step duration: dirsrv add_hbac 0.02 sec
>2018-06-14T14:03:17Z DEBUG   [36/44]: adding entries for topology management
>2018-06-14T14:03:17Z DEBUG Starting external process
>2018-06-14T14:03:17Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmphgvpqnwp', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:17Z DEBUG Process finished, return code=0
>2018-06-14T14:03:17Z DEBUG stdout=add objectclass:
>	top
>	nsContainer
>add cn:
>	topology
>adding new entry "cn=topology,cn=ipa,cn=etc,dc=example,dc=com"
>modify complete
>
>add objectclass:
>	top
>	iparepltopoconf
>add ipaReplTopoConfRoot:
>	dc=example,dc=com
>add nsDS5ReplicatedAttributeList:
>	(objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
>add nsDS5ReplicatedAttributeListTotal:
>	(objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
>add nsds5ReplicaStripAttrs:
>	modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp
>add cn:
>	domain
>adding new entry "cn=domain,cn=topology,cn=ipa,cn=etc,dc=example,dc=com"
>modify complete
>
>
>2018-06-14T14:03:17Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:17Z DEBUG step duration: dirsrv __add_topology_entries 0.02 sec
>2018-06-14T14:03:17Z DEBUG   [37/44]: initializing group membership
>2018-06-14T14:03:17Z DEBUG Starting external process
>2018-06-14T14:03:17Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpxd6xt1ip', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:17Z DEBUG Process finished, return code=0
>2018-06-14T14:03:17Z DEBUG stdout=add objectClass:
>	top
>	extensibleObject
>add cn:
>	IPA install
>add basedn:
>	dc=example,dc=com
>add filter:
>	(objectclass=*)
>add ttl:
>	10
>adding new entry "cn=IPA install 1528984985, cn=memberof task, cn=tasks, cn=config"
>modify complete
>
>
>2018-06-14T14:03:17Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:17Z DEBUG Waiting for memberof task to complete.
>2018-06-14T14:03:18Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.example.com:389 conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f408523e048>
>2018-06-14T14:03:18Z DEBUG step duration: dirsrv init_memberof 0.25 sec
>2018-06-14T14:03:18Z DEBUG   [38/44]: adding master entry
>2018-06-14T14:03:18Z DEBUG Starting external process
>2018-06-14T14:03:18Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpmm1rl56v', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:18Z DEBUG Process finished, return code=0
>2018-06-14T14:03:18Z DEBUG stdout=add objectclass:
>	top
>	nsContainer
>	ipaReplTopoManagedServer
>	ipaConfigObject
>	ipaSupportedDomainLevelConfig
>add cn:
>	ipa.example.com
>add ipaReplTopoManagedSuffix:
>	dc=example,dc=com
>add ipaMinDomainLevel:
>	0
>add ipaMaxDomainLevel:
>	1
>adding new entry "cn=ipa.example.com,cn=masters,cn=ipa,cn=etc,dc=example,dc=com"
>modify complete
>
>
>2018-06-14T14:03:18Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:18Z DEBUG step duration: dirsrv __add_master_entry 0.03 sec
>2018-06-14T14:03:18Z DEBUG   [39/44]: initializing domain level
>2018-06-14T14:03:18Z DEBUG Starting external process
>2018-06-14T14:03:18Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmprj305b5n', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:18Z DEBUG Process finished, return code=0
>2018-06-14T14:03:18Z DEBUG stdout=add objectClass:
>	top
>	nsContainer
>	ipaDomainLevelConfig
>add ipaDomainLevel:
>	1
>adding new entry "cn=Domain Level,cn=ipa,cn=etc,dc=example,dc=com"
>modify complete
>
>
>2018-06-14T14:03:18Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:18Z DEBUG step duration: dirsrv __set_domain_level 0.03 sec
>2018-06-14T14:03:18Z DEBUG   [40/44]: configuring Posix uid/gid generation
>2018-06-14T14:03:18Z DEBUG Starting external process
>2018-06-14T14:03:18Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpok8ip_2x', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:18Z DEBUG Process finished, return code=0
>2018-06-14T14:03:18Z DEBUG stdout=add objectclass:
>	top
>	extensibleObject
>add cn:
>	Posix IDs
>add dnaType:
>	uidNumber
>	gidNumber
>add dnaNextValue:
>	894000000
>add dnaMaxValue:
>	894199999
>add dnaMagicRegen:
>	-1
>add dnaFilter:
>	(|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject))
>add dnaScope:
>	dc=example,dc=com
>add dnaThreshold:
>	500
>add dnaSharedCfgDN:
>	cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com
>add dnaExcludeScope:
>	cn=provisioning,dc=example,dc=com
>adding new entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"
>modify complete
>
>replace nsslapd-pluginEnabled:
>	on
>modifying entry "cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:18Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:18Z DEBUG step duration: dirsrv __config_uidgid_gen 0.02 sec
>2018-06-14T14:03:18Z DEBUG   [41/44]: adding replication acis
>2018-06-14T14:03:18Z DEBUG Starting external process
>2018-06-14T14:03:18Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp5f8vzs2l', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:18Z DEBUG Process finished, return code=0
>2018-06-14T14:03:18Z DEBUG stdout=add aci:
>	(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=example,dc=com";)
>modifying entry "cn=mapping tree,cn=config"
>modify complete
>
>add aci:
>	(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=example,dc=com";)
>modifying entry "cn=mapping tree,cn=config"
>modify complete
>
>add aci:
>	(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=example,dc=com";)
>modifying entry "cn=mapping tree,cn=config"
>modify complete
>
>add aci:
>	(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=example,dc=com";)
>modifying entry "cn=mapping tree,cn=config"
>modify complete
>
>add aci:
>	(targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=example,dc=com";)
>modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"
>modify complete
>
>add aci:
>	(targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=example,dc=com";)
>modifying entry "cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
>modify complete
>
>add aci:
>	(targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=example,dc=com";)
>modifying entry "cn=tasks,cn=config"
>modify complete
>
>
>2018-06-14T14:03:18Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:18Z DEBUG step duration: dirsrv __add_replication_acis 0.04 sec
>2018-06-14T14:03:18Z DEBUG   [42/44]: activating sidgen plugin
>2018-06-14T14:03:18Z DEBUG Starting external process
>2018-06-14T14:03:18Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmporfimdro', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:18Z DEBUG Process finished, return code=0
>2018-06-14T14:03:18Z DEBUG stdout=add objectclass:
>	top
>	nsSlapdPlugin
>	extensibleObject
>add cn:
>	IPA SIDGEN
>add nsslapd-pluginpath:
>	libipa_sidgen
>add nsslapd-plugininitfunc:
>	ipa_sidgen_init
>add nsslapd-plugintype:
>	postoperation
>add nsslapd-pluginenabled:
>	on
>add nsslapd-pluginid:
>	ipa_sidgen_postop
>add nsslapd-pluginversion:
>	1.0
>add nsslapd-pluginvendor:
>	Red Hat, Inc.
>add nsslapd-plugindescription:
>	IPA SIDGEN post operation
>add nsslapd-plugin-depends-on-type:
>	database
>add nsslapd-basedn:
>	dc=example,dc=com
>adding new entry "cn=IPA SIDGEN,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:18Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:18Z DEBUG step duration: dirsrv _add_sidgen_plugin 0.02 sec
>2018-06-14T14:03:18Z DEBUG   [43/44]: activating extdom plugin
>2018-06-14T14:03:18Z DEBUG Starting external process
>2018-06-14T14:03:18Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpp3stxizy', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:18Z DEBUG Process finished, return code=0
>2018-06-14T14:03:18Z DEBUG stdout=add objectclass:
>	top
>	nsSlapdPlugin
>	extensibleObject
>add cn:
>	ipa_extdom_extop
>add nsslapd-pluginpath:
>	libipa_extdom_extop
>add nsslapd-plugininitfunc:
>	ipa_extdom_init
>add nsslapd-plugintype:
>	extendedop
>add nsslapd-pluginenabled:
>	on
>add nsslapd-pluginid:
>	ipa_extdom_extop
>add nsslapd-pluginversion:
>	1.0
>add nsslapd-pluginvendor:
>	RedHat
>add nsslapd-plugindescription:
>	Support resolving IDs in trusted domains to names and back
>add nsslapd-plugin-depends-on-type:
>	database
>add nsslapd-basedn:
>	dc=example,dc=com
>adding new entry "cn=ipa_extdom_extop,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:18Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:18Z DEBUG step duration: dirsrv _add_extdom_plugin 0.02 sec
>2018-06-14T14:03:18Z DEBUG   [44/44]: configuring directory to start on boot
>2018-06-14T14:03:18Z DEBUG Starting external process
>2018-06-14T14:03:18Z DEBUG args=['/bin/systemctl', 'is-enabled', 'dirsrv@EXAMPLE-COM.service']
>2018-06-14T14:03:18Z DEBUG Process finished, return code=0
>2018-06-14T14:03:18Z DEBUG stdout=enabled
>
>2018-06-14T14:03:18Z DEBUG stderr=
>2018-06-14T14:03:18Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:18Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:18Z DEBUG Starting external process
>2018-06-14T14:03:18Z DEBUG args=['/bin/systemctl', 'disable', 'dirsrv@EXAMPLE-COM.service']
>2018-06-14T14:03:18Z DEBUG Process finished, return code=0
>2018-06-14T14:03:18Z DEBUG stdout=
>2018-06-14T14:03:18Z DEBUG stderr=Removed /etc/systemd/system/multi-user.target.wants/dirsrv@EXAMPLE-COM.service.
>Removed /etc/systemd/system/dirsrv.target.wants/dirsrv@EXAMPLE-COM.service.
>
>2018-06-14T14:03:18Z DEBUG step duration: dirsrv __enable 0.19 sec
>2018-06-14T14:03:18Z DEBUG Done configuring directory server (dirsrv).
>2018-06-14T14:03:18Z DEBUG service duration: dirsrv 13.09 sec
>2018-06-14T14:03:18Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:18Z DEBUG Starting external process
>2018-06-14T14:03:18Z DEBUG args=['/usr/bin/keyctl', 'get_persistent', '@s', '0']
>2018-06-14T14:03:18Z DEBUG Process finished, return code=0
>2018-06-14T14:03:18Z DEBUG stdout=562226290
>
>2018-06-14T14:03:18Z DEBUG stderr=
>2018-06-14T14:03:18Z DEBUG Enabling persistent keyring CCACHE
>2018-06-14T14:03:18Z DEBUG Starting external process
>2018-06-14T14:03:18Z DEBUG args=['/bin/systemctl', 'is-active', 'krb5kdc.service']
>2018-06-14T14:03:18Z DEBUG Process finished, return code=3
>2018-06-14T14:03:18Z DEBUG stdout=inactive
>
>2018-06-14T14:03:18Z DEBUG stderr=
>2018-06-14T14:03:18Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:18Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:18Z DEBUG Starting external process
>2018-06-14T14:03:18Z DEBUG args=['/bin/systemctl', 'stop', 'krb5kdc.service']
>2018-06-14T14:03:18Z DEBUG Process finished, return code=0
>2018-06-14T14:03:18Z DEBUG stdout=
>2018-06-14T14:03:18Z DEBUG stderr=
>2018-06-14T14:03:18Z DEBUG Stop of krb5kdc.service complete
>2018-06-14T14:03:18Z DEBUG Configuring Kerberos KDC (krb5kdc)
>2018-06-14T14:03:18Z DEBUG   [1/10]: adding kerberos container to the directory
>2018-06-14T14:03:18Z DEBUG Starting external process
>2018-06-14T14:03:18Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpct3aprzu', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:18Z DEBUG Process finished, return code=0
>2018-06-14T14:03:18Z DEBUG stdout=add objectClass:
>	krbContainer
>	top
>add cn:
>	kerberos
>adding new entry "cn=kerberos,dc=example,dc=com"
>modify complete
>
>add cn:
>	EXAMPLE.COM
>add objectClass:
>	top
>	krbrealmcontainer
>	krbticketpolicyaux
>add krbSubTrees:
>	dc=example,dc=com
>add krbSearchScope:
>	2
>add krbSupportedEncSaltTypes:
>	aes256-cts:normal
>	aes256-cts:special
>	aes128-cts:normal
>	aes128-cts:special
>	des3-hmac-sha1:normal
>	des3-hmac-sha1:special
>	arcfour-hmac:normal
>	arcfour-hmac:special
>	camellia128-cts-cmac:normal
>	camellia128-cts-cmac:special
>	camellia256-cts-cmac:normal
>	camellia256-cts-cmac:special
>add krbMaxTicketLife:
>	86400
>add krbMaxRenewableAge:
>	604800
>add krbDefaultEncSaltTypes:
>	aes256-cts:special
>	aes128-cts:special
>adding new entry "cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com"
>modify complete
>
>add objectClass:
>	top
>	nsContainer
>	krbPwdPolicy
>add krbMinPwdLife:
>	3600
>add krbPwdMinDiffChars:
>	0
>add krbPwdMinLength:
>	8
>add krbPwdHistoryLength:
>	0
>add krbMaxPwdLife:
>	7776000
>add krbPwdMaxFailure:
>	6
>add krbPwdFailureCountInterval:
>	60
>add krbPwdLockoutDuration:
>	600
>adding new entry "cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com"
>modify complete
>
>
>2018-06-14T14:03:18Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:18Z DEBUG step duration: krb5kdc __add_krb_container 0.04 sec
>2018-06-14T14:03:18Z DEBUG   [2/10]: configuring KDC
>2018-06-14T14:03:18Z DEBUG Backing up system configuration file '/var/kerberos/krb5kdc/kdc.conf'
>2018-06-14T14:03:18Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:03:18Z DEBUG Backing up system configuration file '/etc/krb5.conf'
>2018-06-14T14:03:18Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:03:18Z DEBUG Backing up system configuration file '/etc/krb5.conf.d/freeipa'
>2018-06-14T14:03:18Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:03:18Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb5.ini'
>2018-06-14T14:03:18Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:03:18Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb.con'
>2018-06-14T14:03:18Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:03:18Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krbrealm.con'
>2018-06-14T14:03:18Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:03:18Z DEBUG Starting external process
>2018-06-14T14:03:18Z DEBUG args=['/usr/bin/klist', '-V']
>2018-06-14T14:03:18Z DEBUG Process finished, return code=0
>2018-06-14T14:03:18Z DEBUG stdout=Kerberos 5 version 1.16.1
>
>2018-06-14T14:03:18Z DEBUG stderr=
>2018-06-14T14:03:18Z DEBUG Backing up system configuration file '/etc/sysconfig/krb5kdc'
>2018-06-14T14:03:18Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:03:18Z DEBUG Starting external process
>2018-06-14T14:03:18Z DEBUG args=['/usr/sbin/selinuxenabled']
>2018-06-14T14:03:18Z DEBUG Process finished, return code=0
>2018-06-14T14:03:18Z DEBUG stdout=
>2018-06-14T14:03:18Z DEBUG stderr=
>2018-06-14T14:03:18Z DEBUG Starting external process
>2018-06-14T14:03:18Z DEBUG args=['/sbin/restorecon', '/etc/sysconfig/krb5kdc']
>2018-06-14T14:03:18Z DEBUG Process finished, return code=0
>2018-06-14T14:03:18Z DEBUG stdout=
>2018-06-14T14:03:18Z DEBUG stderr=
>2018-06-14T14:03:18Z DEBUG step duration: krb5kdc __configure_instance 0.05 sec
>2018-06-14T14:03:18Z DEBUG   [3/10]: initialize kerberos container
>2018-06-14T14:03:18Z DEBUG Starting external process
>2018-06-14T14:03:18Z DEBUG args=['kdb5_util', 'create', '-s', '-r', 'EXAMPLE.COM', '-x', 'ipa-setup-override-restrictions']
>2018-06-14T14:03:18Z DEBUG Process finished, return code=0
>2018-06-14T14:03:18Z DEBUG stdout=Loading random data
>Initializing database '/var/kerberos/krb5kdc/principal' for realm 'EXAMPLE.COM',
>master key name 'K/M@EXAMPLE.COM'
>You will be prompted for the database Master Password.
>It is important that you NOT FORGET this password.
>Enter KDC database master key: 
>Re-enter KDC database master key to verify: 
>
>2018-06-14T14:03:18Z DEBUG stderr=
>2018-06-14T14:03:18Z DEBUG step duration: krb5kdc __init_ipa_kdb 0.19 sec
>2018-06-14T14:03:18Z DEBUG   [4/10]: adding default ACIs
>2018-06-14T14:03:18Z DEBUG Starting external process
>2018-06-14T14:03:18Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpgjt00ulk', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:18Z DEBUG Process finished, return code=0
>2018-06-14T14:03:18Z DEBUG stdout=add aci:
>	(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)
>modifying entry "dc=example,dc=com"
>modify complete
>
>add aci:
>	(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype  || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)
>	(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)
>	(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)
>modifying entry "dc=example,dc=com"
>modify complete
>
>add aci:
>	(targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=example,dc=com";)
>modifying entry "cn=etc,dc=example,dc=com"
>modify complete
>
>add aci:
>	(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=example,dc=com";)
>modifying entry "cn=ipa,cn=etc,dc=example,dc=com"
>modify complete
>
>add aci:
>	(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=example,dc=com";)
>	(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=example,dc=com";)
>	(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)
>	(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)
>	(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)
>	(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)
>	(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)
>	(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=example,dc=com";)
>	(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)
>modifying entry "cn=accounts,dc=example,dc=com"
>modify complete
>
>add aci:
>	(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=example,dc=com")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=example,dc=com";)
>modifying entry "cn=services,cn=accounts,dc=example,dc=com"
>modify complete
>
>add aci:
>	(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)
>modifying entry "cn=services,cn=accounts,dc=example,dc=com"
>modify complete
>
>add aci:
>	(targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";)
>	(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";)
>modifying entry "cn=computers,cn=accounts,dc=example,dc=com"
>modify complete
>
>add aci:
>	(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)
>	(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)
>modifying entry "cn=computers,cn=accounts,dc=example,dc=com"
>modify complete
>
>add aci:
>	(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=example,dc=com")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=example,dc=com";)
>modifying entry "cn=computers,cn=accounts,dc=example,dc=com"
>modify complete
>
>add aci:
>	(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)
>modifying entry "cn=accounts,dc=example,dc=com"
>modify complete
>
>add aci:
>	(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)
>	(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)
>	(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)
>	(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)
>	(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)
>	(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=example,dc=com")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)
>modifying entry "dc=example,dc=com"
>modify complete
>
>
>2018-06-14T14:03:18Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:18Z DEBUG step duration: krb5kdc __add_default_acis 0.05 sec
>2018-06-14T14:03:18Z DEBUG   [5/10]: creating a keytab for the directory
>2018-06-14T14:03:18Z DEBUG Starting external process
>2018-06-14T14:03:18Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey ldap/ipa.example.com@EXAMPLE.COM', '-x', 'ipa-setup-override-restrictions']
>2018-06-14T14:03:19Z DEBUG Process finished, return code=0
>2018-06-14T14:03:19Z DEBUG stdout=Authenticating as principal root/admin@EXAMPLE.COM with password.
>Principal "ldap/ipa.example.com@EXAMPLE.COM" created.
>
>2018-06-14T14:03:19Z DEBUG stderr=WARNING: no policy specified for ldap/ipa.example.com@EXAMPLE.COM; defaulting to no policy
>
>2018-06-14T14:03:19Z DEBUG Backing up system configuration file '/etc/dirsrv/ds.keytab'
>2018-06-14T14:03:19Z DEBUG   -> Not backing up - '/etc/dirsrv/ds.keytab' doesn't exist
>2018-06-14T14:03:19Z DEBUG Starting external process
>2018-06-14T14:03:19Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'ktadd -k /etc/dirsrv/ds.keytab ldap/ipa.example.com@EXAMPLE.COM', '-x', 'ipa-setup-override-restrictions']
>2018-06-14T14:03:19Z DEBUG Process finished, return code=0
>2018-06-14T14:03:19Z DEBUG stdout=Authenticating as principal root/admin@EXAMPLE.COM with password.
>Entry for principal ldap/ipa.example.com@EXAMPLE.COM with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab.
>Entry for principal ldap/ipa.example.com@EXAMPLE.COM with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab.
>Entry for principal ldap/ipa.example.com@EXAMPLE.COM with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/dirsrv/ds.keytab.
>Entry for principal ldap/ipa.example.com@EXAMPLE.COM with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/dirsrv/ds.keytab.
>Entry for principal ldap/ipa.example.com@EXAMPLE.COM with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab.
>Entry for principal ldap/ipa.example.com@EXAMPLE.COM with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab.
>
>2018-06-14T14:03:19Z DEBUG stderr=
>2018-06-14T14:03:19Z DEBUG step duration: krb5kdc __create_ds_keytab 0.39 sec
>2018-06-14T14:03:19Z DEBUG   [6/10]: creating a keytab for the machine
>2018-06-14T14:03:19Z DEBUG Starting external process
>2018-06-14T14:03:19Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey host/ipa.example.com@EXAMPLE.COM', '-x', 'ipa-setup-override-restrictions']
>2018-06-14T14:03:19Z DEBUG Process finished, return code=0
>2018-06-14T14:03:19Z DEBUG stdout=Authenticating as principal root/admin@EXAMPLE.COM with password.
>Principal "host/ipa.example.com@EXAMPLE.COM" created.
>
>2018-06-14T14:03:19Z DEBUG stderr=WARNING: no policy specified for host/ipa.example.com@EXAMPLE.COM; defaulting to no policy
>
>2018-06-14T14:03:19Z DEBUG Backing up system configuration file '/etc/krb5.keytab'
>2018-06-14T14:03:19Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:03:19Z DEBUG Starting external process
>2018-06-14T14:03:19Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'ktadd -k /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM', '-x', 'ipa-setup-override-restrictions']
>2018-06-14T14:03:19Z DEBUG Process finished, return code=0
>2018-06-14T14:03:19Z DEBUG stdout=Authenticating as principal root/admin@EXAMPLE.COM with password.
>Entry for principal host/ipa.example.com@EXAMPLE.COM with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab.
>Entry for principal host/ipa.example.com@EXAMPLE.COM with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab.
>Entry for principal host/ipa.example.com@EXAMPLE.COM with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/krb5.keytab.
>Entry for principal host/ipa.example.com@EXAMPLE.COM with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/krb5.keytab.
>Entry for principal host/ipa.example.com@EXAMPLE.COM with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/krb5.keytab.
>Entry for principal host/ipa.example.com@EXAMPLE.COM with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/krb5.keytab.
>
>2018-06-14T14:03:19Z DEBUG stderr=
>2018-06-14T14:03:19Z DEBUG importing all plugin modules in ipaserver.plugins...
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.aci
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.automember
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.automount
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.baseldap
>2018-06-14T14:03:19Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.baseuser
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.batch
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.ca
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.caacl
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.cert
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.certmap
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.certprofile
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.config
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.delegation
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.dns
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.dnsserver
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.dogtag
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.domainlevel
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.group
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.hbac
>2018-06-14T14:03:19Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.hbacrule
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.hbactest
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.host
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.hostgroup
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.idrange
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.idviews
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.internal
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.join
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.ldap2
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.location
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.migration
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.misc
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.netgroup
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.otp
>2018-06-14T14:03:19Z DEBUG ipaserver.plugins.otp is not a valid plugin module
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.otpconfig
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.otptoken
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.passwd
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.permission
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.ping
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.pkinit
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.privilege
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.rabase
>2018-06-14T14:03:19Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.realmdomains
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.role
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.schema
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.selfservice
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.server
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.serverrole
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.serverroles
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.service
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.session
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.stageuser
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.sudo
>2018-06-14T14:03:19Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.sudocmd
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.sudorule
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.topology
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.trust
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.user
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.vault
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.virtual
>2018-06-14T14:03:19Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.whoami
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.plugins.xmlserver
>2018-06-14T14:03:19Z DEBUG importing all plugin modules in ipaserver.install.plugins...
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.install.plugins.dns
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.install.plugins.update_services
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
>2018-06-14T14:03:19Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
>2018-06-14T14:03:20Z DEBUG Created connection context.ldap2_139915066556712
>2018-06-14T14:03:20Z DEBUG Destroyed connection context.ldap2_139915066556712
>2018-06-14T14:03:20Z DEBUG Created connection context.ldap2_139915066556712
>2018-06-14T14:03:20Z DEBUG Parsing update file '/usr/share/ipa/updates/20-ipaservers_hostgroup.update'
>2018-06-14T14:03:20Z DEBUG flushing ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket from SchemaCache
>2018-06-14T14:03:20Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f40834c6ac8>
>2018-06-14T14:03:20Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=com
>2018-06-14T14:03:20Z DEBUG ---------------------------------------------
>2018-06-14T14:03:20Z DEBUG Initial value
>2018-06-14T14:03:20Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=com
>2018-06-14T14:03:20Z DEBUG objectClass:
>2018-06-14T14:03:20Z DEBUG 	top
>2018-06-14T14:03:20Z DEBUG 	groupOfNames
>2018-06-14T14:03:20Z DEBUG 	nestedGroup
>2018-06-14T14:03:20Z DEBUG 	ipaobject
>2018-06-14T14:03:20Z DEBUG 	ipahostgroup
>2018-06-14T14:03:20Z DEBUG description:
>2018-06-14T14:03:20Z DEBUG 	IPA server hosts
>2018-06-14T14:03:20Z DEBUG cn:
>2018-06-14T14:03:20Z DEBUG 	ipaservers
>2018-06-14T14:03:20Z DEBUG ipaUniqueID:
>2018-06-14T14:03:20Z DEBUG 	afc83126-6fdb-11e8-aec2-525400d3918e
>2018-06-14T14:03:20Z DEBUG ---------------------------------------------
>2018-06-14T14:03:20Z DEBUG Final value after applying updates
>2018-06-14T14:03:20Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=com
>2018-06-14T14:03:20Z DEBUG objectClass:
>2018-06-14T14:03:20Z DEBUG 	top
>2018-06-14T14:03:20Z DEBUG 	groupOfNames
>2018-06-14T14:03:20Z DEBUG 	nestedGroup
>2018-06-14T14:03:20Z DEBUG 	ipaobject
>2018-06-14T14:03:20Z DEBUG 	ipahostgroup
>2018-06-14T14:03:20Z DEBUG description:
>2018-06-14T14:03:20Z DEBUG 	IPA server hosts
>2018-06-14T14:03:20Z DEBUG cn:
>2018-06-14T14:03:20Z DEBUG 	ipaservers
>2018-06-14T14:03:20Z DEBUG ipaUniqueID:
>2018-06-14T14:03:20Z DEBUG 	afc83126-6fdb-11e8-aec2-525400d3918e
>2018-06-14T14:03:20Z DEBUG []
>2018-06-14T14:03:20Z DEBUG Updated 0
>2018-06-14T14:03:20Z DEBUG Done
>2018-06-14T14:03:20Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=com
>2018-06-14T14:03:20Z DEBUG ---------------------------------------------
>2018-06-14T14:03:20Z DEBUG Initial value
>2018-06-14T14:03:20Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=com
>2018-06-14T14:03:20Z DEBUG objectClass:
>2018-06-14T14:03:20Z DEBUG 	top
>2018-06-14T14:03:20Z DEBUG 	groupOfNames
>2018-06-14T14:03:20Z DEBUG 	nestedGroup
>2018-06-14T14:03:20Z DEBUG 	ipaobject
>2018-06-14T14:03:20Z DEBUG 	ipahostgroup
>2018-06-14T14:03:20Z DEBUG description:
>2018-06-14T14:03:20Z DEBUG 	IPA server hosts
>2018-06-14T14:03:20Z DEBUG cn:
>2018-06-14T14:03:20Z DEBUG 	ipaservers
>2018-06-14T14:03:20Z DEBUG ipaUniqueID:
>2018-06-14T14:03:20Z DEBUG 	afc83126-6fdb-11e8-aec2-525400d3918e
>2018-06-14T14:03:20Z DEBUG add: 'fqdn=ipa.example.com,cn=computers,cn=accounts,dc=example,dc=com' to member, current value []
>2018-06-14T14:03:20Z DEBUG add: updated value ['fqdn=ipa.example.com,cn=computers,cn=accounts,dc=example,dc=com']
>2018-06-14T14:03:20Z DEBUG ---------------------------------------------
>2018-06-14T14:03:20Z DEBUG Final value after applying updates
>2018-06-14T14:03:20Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=com
>2018-06-14T14:03:20Z DEBUG objectClass:
>2018-06-14T14:03:20Z DEBUG 	top
>2018-06-14T14:03:20Z DEBUG 	groupOfNames
>2018-06-14T14:03:20Z DEBUG 	nestedGroup
>2018-06-14T14:03:20Z DEBUG 	ipaobject
>2018-06-14T14:03:20Z DEBUG 	ipahostgroup
>2018-06-14T14:03:20Z DEBUG description:
>2018-06-14T14:03:20Z DEBUG 	IPA server hosts
>2018-06-14T14:03:20Z DEBUG cn:
>2018-06-14T14:03:20Z DEBUG 	ipaservers
>2018-06-14T14:03:20Z DEBUG ipaUniqueID:
>2018-06-14T14:03:20Z DEBUG 	afc83126-6fdb-11e8-aec2-525400d3918e
>2018-06-14T14:03:20Z DEBUG member:
>2018-06-14T14:03:20Z DEBUG 	fqdn=ipa.example.com,cn=computers,cn=accounts,dc=example,dc=com
>2018-06-14T14:03:20Z DEBUG [(2, 'member', ['fqdn=ipa.example.com,cn=computers,cn=accounts,dc=example,dc=com'])]
>2018-06-14T14:03:20Z DEBUG Updated 1
>2018-06-14T14:03:20Z DEBUG Done
>2018-06-14T14:03:20Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-ipaservers_hostgroup.update 0.124 sec
>2018-06-14T14:03:20Z DEBUG Destroyed connection context.ldap2_139915066556712
>2018-06-14T14:03:20Z DEBUG step duration: krb5kdc __create_host_keytab 1.45 sec
>2018-06-14T14:03:20Z DEBUG   [7/10]: adding the password extension to the directory
>2018-06-14T14:03:20Z DEBUG Starting external process
>2018-06-14T14:03:20Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpqx80lc4a', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:20Z DEBUG Process finished, return code=0
>2018-06-14T14:03:20Z DEBUG stdout=add objectclass:
>	top
>	nsSlapdPlugin
>	extensibleObject
>add cn:
>	ipa_pwd_extop
>add nsslapd-pluginpath:
>	libipa_pwd_extop
>add nsslapd-plugininitfunc:
>	ipapwd_init
>add nsslapd-plugintype:
>	extendedop
>add nsslapd-pluginbetxn:
>	on
>add nsslapd-pluginenabled:
>	on
>add nsslapd-pluginid:
>	ipa_pwd_extop
>add nsslapd-pluginversion:
>	1.0
>add nsslapd-pluginvendor:
>	RedHat
>add nsslapd-plugindescription:
>	Support saving passwords in multiple formats for different consumers (krb5, samba, freeradius, etc.)
>add nsslapd-plugin-depends-on-type:
>	database
>add nsslapd-realmTree:
>	dc=example,dc=com
>adding new entry "cn=ipa_pwd_extop,cn=plugins,cn=config"
>modify complete
>
>
>2018-06-14T14:03:20Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:20Z DEBUG step duration: krb5kdc __add_pwd_extop_module 0.02 sec
>2018-06-14T14:03:20Z DEBUG   [8/10]: creating anonymous principal
>2018-06-14T14:03:20Z DEBUG Starting external process
>2018-06-14T14:03:20Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey WELLKNOWN/ANONYMOUS@EXAMPLE.COM', '-x', 'ipa-setup-override-restrictions']
>2018-06-14T14:03:20Z DEBUG Process finished, return code=0
>2018-06-14T14:03:20Z DEBUG stdout=Authenticating as principal root/admin@EXAMPLE.COM with password.
>Principal "WELLKNOWN/ANONYMOUS@EXAMPLE.COM" created.
>
>2018-06-14T14:03:20Z DEBUG stderr=WARNING: no policy specified for WELLKNOWN/ANONYMOUS@EXAMPLE.COM; defaulting to no policy
>
>2018-06-14T14:03:20Z DEBUG Starting external process
>2018-06-14T14:03:20Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpdkajdvo7', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:03:20Z DEBUG Process finished, return code=0
>2018-06-14T14:03:20Z DEBUG stdout=add objectclass:
>	ipaAllowedOperations
>add aci:
>	(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow to retrieve keytab keys of the anonymous user"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)
>add ipaAllowedToPerform;read_keys:
>	cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=com
>modifying entry "krbPrincipalName=WELLKNOWN/ANONYMOUS@EXAMPLE.COM,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com"
>modify complete
>
>
>2018-06-14T14:03:20Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket/??base )
>SASL/EXTERNAL authentication started
>SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>SASL SSF: 0
>
>2018-06-14T14:03:20Z DEBUG step duration: krb5kdc add_anonymous_principal 0.15 sec
>2018-06-14T14:03:20Z DEBUG   [9/10]: starting the KDC
>2018-06-14T14:03:20Z DEBUG Starting external process
>2018-06-14T14:03:20Z DEBUG args=['/bin/systemctl', 'start', 'krb5kdc.service']
>2018-06-14T14:03:20Z DEBUG Process finished, return code=0
>2018-06-14T14:03:20Z DEBUG stdout=
>2018-06-14T14:03:20Z DEBUG stderr=
>2018-06-14T14:03:20Z DEBUG Starting external process
>2018-06-14T14:03:20Z DEBUG args=['/bin/systemctl', 'is-active', 'krb5kdc.service']
>2018-06-14T14:03:20Z DEBUG Process finished, return code=0
>2018-06-14T14:03:20Z DEBUG stdout=active
>
>2018-06-14T14:03:20Z DEBUG stderr=
>2018-06-14T14:03:20Z DEBUG Start of krb5kdc.service complete
>2018-06-14T14:03:20Z DEBUG step duration: krb5kdc __start_instance 0.06 sec
>2018-06-14T14:03:20Z DEBUG   [10/10]: configuring KDC to start on boot
>2018-06-14T14:03:21Z DEBUG Starting external process
>2018-06-14T14:03:21Z DEBUG args=['/bin/systemctl', 'is-enabled', 'krb5kdc.service']
>2018-06-14T14:03:21Z DEBUG Process finished, return code=1
>2018-06-14T14:03:21Z DEBUG stdout=disabled
>
>2018-06-14T14:03:21Z DEBUG stderr=
>2018-06-14T14:03:21Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:21Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:21Z DEBUG Starting external process
>2018-06-14T14:03:21Z DEBUG args=['/bin/systemctl', 'disable', 'krb5kdc.service']
>2018-06-14T14:03:21Z DEBUG Process finished, return code=0
>2018-06-14T14:03:21Z DEBUG stdout=
>2018-06-14T14:03:21Z DEBUG stderr=
>2018-06-14T14:03:21Z DEBUG step duration: krb5kdc __enable 0.21 sec
>2018-06-14T14:03:21Z DEBUG Done configuring Kerberos KDC (krb5kdc).
>2018-06-14T14:03:21Z DEBUG service duration: krb5kdc 2.66 sec
>2018-06-14T14:03:21Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:21Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:03:21Z DEBUG Configuring kadmin
>2018-06-14T14:03:21Z DEBUG   [1/2]: starting kadmin 
>2018-06-14T14:03:21Z DEBUG Starting external process
>2018-06-14T14:03:21Z DEBUG args=['/bin/systemctl', 'is-active', 'kadmin.service']
>2018-06-14T14:03:21Z DEBUG Process finished, return code=3
>2018-06-14T14:03:21Z DEBUG stdout=inactive
>
>2018-06-14T14:03:21Z DEBUG stderr=
>2018-06-14T14:03:21Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:21Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:21Z DEBUG Starting external process
>2018-06-14T14:03:21Z DEBUG args=['/bin/systemctl', 'restart', 'kadmin.service']
>2018-06-14T14:03:21Z DEBUG Process finished, return code=0
>2018-06-14T14:03:21Z DEBUG stdout=
>2018-06-14T14:03:21Z DEBUG stderr=
>2018-06-14T14:03:21Z DEBUG Starting external process
>2018-06-14T14:03:21Z DEBUG args=['/bin/systemctl', 'is-active', 'kadmin.service']
>2018-06-14T14:03:21Z DEBUG Process finished, return code=0
>2018-06-14T14:03:21Z DEBUG stdout=active
>
>2018-06-14T14:03:21Z DEBUG stderr=
>2018-06-14T14:03:21Z DEBUG Restart of kadmin.service complete
>2018-06-14T14:03:21Z DEBUG step duration: kadmin __start 0.16 sec
>2018-06-14T14:03:21Z DEBUG   [2/2]: configuring kadmin to start on boot
>2018-06-14T14:03:21Z DEBUG Starting external process
>2018-06-14T14:03:21Z DEBUG args=['/bin/systemctl', 'is-enabled', 'kadmin.service']
>2018-06-14T14:03:21Z DEBUG Process finished, return code=1
>2018-06-14T14:03:21Z DEBUG stdout=disabled
>
>2018-06-14T14:03:21Z DEBUG stderr=
>2018-06-14T14:03:21Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:21Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:21Z DEBUG Starting external process
>2018-06-14T14:03:21Z DEBUG args=['/bin/systemctl', 'disable', 'kadmin.service']
>2018-06-14T14:03:21Z DEBUG Process finished, return code=0
>2018-06-14T14:03:21Z DEBUG stdout=
>2018-06-14T14:03:21Z DEBUG stderr=
>2018-06-14T14:03:21Z DEBUG step duration: kadmin __enable 0.21 sec
>2018-06-14T14:03:21Z DEBUG Done configuring kadmin.
>2018-06-14T14:03:21Z DEBUG service duration: kadmin 0.39 sec
>2018-06-14T14:03:21Z INFO Custodia client for '<CustodiaModes.MASTER_PEER: 'Custodia master peer'>' with promotion no.
>2018-06-14T14:03:21Z INFO Custodia uses LDAPI.
>2018-06-14T14:03:21Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:21Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:03:21Z DEBUG Configuring ipa-custodia
>2018-06-14T14:03:21Z DEBUG   [1/5]: Making sure custodia container exists
>2018-06-14T14:03:21Z DEBUG importing all plugin modules in ipaserver.plugins...
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.aci
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.automember
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.automount
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.baseldap
>2018-06-14T14:03:21Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.baseuser
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.batch
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.ca
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.caacl
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.cert
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.certmap
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.certprofile
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.config
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.delegation
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.dns
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.dnsserver
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.dogtag
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.domainlevel
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.group
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.hbac
>2018-06-14T14:03:21Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.hbacrule
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.hbactest
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.host
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.hostgroup
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.idrange
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.idviews
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.internal
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.join
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.ldap2
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.location
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.migration
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.misc
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.netgroup
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.otp
>2018-06-14T14:03:21Z DEBUG ipaserver.plugins.otp is not a valid plugin module
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.otpconfig
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.otptoken
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.passwd
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.permission
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.ping
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.pkinit
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.privilege
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.rabase
>2018-06-14T14:03:21Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.realmdomains
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.role
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.schema
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.selfservice
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.server
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.serverrole
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.serverroles
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.service
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.session
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.stageuser
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.sudo
>2018-06-14T14:03:21Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.sudocmd
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.sudorule
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.topology
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.trust
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.user
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.vault
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.virtual
>2018-06-14T14:03:21Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.whoami
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.plugins.xmlserver
>2018-06-14T14:03:21Z DEBUG importing all plugin modules in ipaserver.install.plugins...
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.install.plugins.dns
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.install.plugins.update_services
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
>2018-06-14T14:03:21Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
>2018-06-14T14:03:22Z DEBUG Created connection context.ldap2_139915054916888
>2018-06-14T14:03:22Z DEBUG Destroyed connection context.ldap2_139915054916888
>2018-06-14T14:03:22Z DEBUG Created connection context.ldap2_139915054916888
>2018-06-14T14:03:22Z DEBUG Parsing update file '/usr/share/ipa/updates/73-custodia.update'
>2018-06-14T14:03:22Z DEBUG flushing ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket from SchemaCache
>2018-06-14T14:03:22Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f408393c208>
>2018-06-14T14:03:22Z DEBUG Updating existing entry: cn=custodia,cn=ipa,cn=etc,dc=example,dc=com
>2018-06-14T14:03:22Z DEBUG ---------------------------------------------
>2018-06-14T14:03:22Z DEBUG Initial value
>2018-06-14T14:03:22Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=example,dc=com
>2018-06-14T14:03:22Z DEBUG objectClass:
>2018-06-14T14:03:22Z DEBUG 	nsContainer
>2018-06-14T14:03:22Z DEBUG 	top
>2018-06-14T14:03:22Z DEBUG cn:
>2018-06-14T14:03:22Z DEBUG 	custodia
>2018-06-14T14:03:22Z DEBUG ---------------------------------------------
>2018-06-14T14:03:22Z DEBUG Final value after applying updates
>2018-06-14T14:03:22Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=example,dc=com
>2018-06-14T14:03:22Z DEBUG objectClass:
>2018-06-14T14:03:22Z DEBUG 	nsContainer
>2018-06-14T14:03:22Z DEBUG 	top
>2018-06-14T14:03:22Z DEBUG cn:
>2018-06-14T14:03:22Z DEBUG 	custodia
>2018-06-14T14:03:22Z DEBUG []
>2018-06-14T14:03:22Z DEBUG Updated 0
>2018-06-14T14:03:22Z DEBUG Done
>2018-06-14T14:03:22Z DEBUG Updating existing entry: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=example,dc=com
>2018-06-14T14:03:22Z DEBUG ---------------------------------------------
>2018-06-14T14:03:22Z DEBUG Initial value
>2018-06-14T14:03:22Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=example,dc=com
>2018-06-14T14:03:22Z DEBUG objectClass:
>2018-06-14T14:03:22Z DEBUG 	nsContainer
>2018-06-14T14:03:22Z DEBUG 	top
>2018-06-14T14:03:22Z DEBUG cn:
>2018-06-14T14:03:22Z DEBUG 	dogtag
>2018-06-14T14:03:22Z DEBUG ---------------------------------------------
>2018-06-14T14:03:22Z DEBUG Final value after applying updates
>2018-06-14T14:03:22Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=example,dc=com
>2018-06-14T14:03:22Z DEBUG objectClass:
>2018-06-14T14:03:22Z DEBUG 	nsContainer
>2018-06-14T14:03:22Z DEBUG 	top
>2018-06-14T14:03:22Z DEBUG cn:
>2018-06-14T14:03:22Z DEBUG 	dogtag
>2018-06-14T14:03:22Z DEBUG []
>2018-06-14T14:03:22Z DEBUG Updated 0
>2018-06-14T14:03:22Z DEBUG Done
>2018-06-14T14:03:22Z DEBUG LDAP update duration: /usr/share/ipa/updates/73-custodia.update 0.104 sec
>2018-06-14T14:03:22Z DEBUG Destroyed connection context.ldap2_139915054916888
>2018-06-14T14:03:22Z DEBUG step duration: ipa-custodia __create_container 1.04 sec
>2018-06-14T14:03:22Z DEBUG   [2/5]: Generating ipa-custodia config file
>2018-06-14T14:03:22Z DEBUG step duration: ipa-custodia __config_file 0.03 sec
>2018-06-14T14:03:22Z DEBUG   [3/5]: Generating ipa-custodia keys
>2018-06-14T14:03:22Z DEBUG step duration: ipa-custodia __gen_keys 0.24 sec
>2018-06-14T14:03:22Z DEBUG   [4/5]: starting ipa-custodia 
>2018-06-14T14:03:22Z DEBUG Starting external process
>2018-06-14T14:03:22Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-custodia.service']
>2018-06-14T14:03:22Z DEBUG Process finished, return code=3
>2018-06-14T14:03:22Z DEBUG stdout=inactive
>
>2018-06-14T14:03:22Z DEBUG stderr=
>2018-06-14T14:03:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:22Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:22Z DEBUG Starting external process
>2018-06-14T14:03:22Z DEBUG args=['/bin/systemctl', 'restart', 'ipa-custodia.service']
>2018-06-14T14:03:23Z DEBUG Process finished, return code=0
>2018-06-14T14:03:23Z DEBUG stdout=
>2018-06-14T14:03:23Z DEBUG stderr=
>2018-06-14T14:03:23Z DEBUG Starting external process
>2018-06-14T14:03:23Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-custodia.service']
>2018-06-14T14:03:23Z DEBUG Process finished, return code=0
>2018-06-14T14:03:23Z DEBUG stdout=active
>
>2018-06-14T14:03:23Z DEBUG stderr=
>2018-06-14T14:03:23Z DEBUG Restart of ipa-custodia.service complete
>2018-06-14T14:03:23Z DEBUG step duration: ipa-custodia __start 0.41 sec
>2018-06-14T14:03:23Z DEBUG   [5/5]: configuring ipa-custodia to start on boot
>2018-06-14T14:03:23Z DEBUG Starting external process
>2018-06-14T14:03:23Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ipa-custodia.service']
>2018-06-14T14:03:23Z DEBUG Process finished, return code=1
>2018-06-14T14:03:23Z DEBUG stdout=disabled
>
>2018-06-14T14:03:23Z DEBUG stderr=
>2018-06-14T14:03:23Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:23Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:23Z DEBUG Starting external process
>2018-06-14T14:03:23Z DEBUG args=['/bin/systemctl', 'disable', 'ipa-custodia.service']
>2018-06-14T14:03:23Z DEBUG Process finished, return code=0
>2018-06-14T14:03:23Z DEBUG stdout=
>2018-06-14T14:03:23Z DEBUG stderr=
>2018-06-14T14:03:23Z DEBUG step duration: ipa-custodia __enable 0.21 sec
>2018-06-14T14:03:23Z DEBUG Done configuring ipa-custodia.
>2018-06-14T14:03:23Z DEBUG service duration: ipa-custodia 1.96 sec
>2018-06-14T14:03:23Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
>2018-06-14T14:03:23Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
>2018-06-14T14:03:23Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
>2018-06-14T14:03:23Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
>2018-06-14T14:03:23Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:23Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:03:23Z DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
>2018-06-14T14:03:23Z DEBUG   [1/28]: configuring certificate server instance
>2018-06-14T14:03:23Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:23Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:03:23Z DEBUG Contents of pkispawn configuration file (/tmp/tmpcweh2pv8):
>[CA]
>pki_security_domain_name = IPA
>pki_enable_proxy = True
>pki_restart_configured_instance = False
>pki_backup_keys = True
>pki_backup_password = XXXXXXXX
>pki_profiles_in_ldap = True
>pki_default_ocsp_uri = http://ipa-ca.example.com/ca/ocsp
>pki_status_request_timeout = 15
>pki_client_pkcs12_password = XXXXXXXX
>pki_admin_name = admin
>pki_admin_uid = admin
>pki_admin_email = root@localhost
>pki_admin_password = XXXXXXXX
>pki_admin_nickname = ipa-ca-agent
>pki_admin_subject_dn = cn=ipa-ca-agent,O=EXAMPLE.COM
>pki_client_admin_cert_p12 = /root/ca-agent.p12
>pki_ds_ldap_port = 389
>pki_ds_password = XXXXXXXX
>pki_ds_base_dn = o=ipaca
>pki_ds_database = ipaca
>pki_subsystem_subject_dn = cn=CA Subsystem,O=EXAMPLE.COM
>pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=EXAMPLE.COM
>pki_sslserver_subject_dn = cn=ipa.example.com,O=EXAMPLE.COM
>pki_audit_signing_subject_dn = cn=CA Audit,O=EXAMPLE.COM
>pki_ca_signing_subject_dn = CN=Certificate Authority,O=EXAMPLE.COM
>pki_subsystem_nickname = subsystemCert cert-pki-ca
>pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca
>pki_sslserver_nickname = Server-Cert cert-pki-ca
>pki_audit_signing_nickname = auditSigningCert cert-pki-ca
>pki_ca_signing_nickname = caSigningCert cert-pki-ca
>pki_ca_signing_key_algorithm = SHA256withRSA
>pki_pin = XXXXXXXX
>
>
>2018-06-14T14:03:23Z DEBUG Starting external process
>2018-06-14T14:03:23Z DEBUG args=['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpcweh2pv8']
>2018-06-14T14:04:32Z DEBUG Process finished, return code=0
>2018-06-14T14:04:32Z DEBUG stdout=Log file: /var/log/pki/pki-ca-spawn.20180614160324.log
>Loading deployment configuration from /tmp/tmpcweh2pv8.
>Installing CA into /var/lib/pki/pki-tomcat.
>Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
>
>    ==========================================================================
>                                INSTALLATION SUMMARY
>    ==========================================================================
>
>      Administrator's username:             admin
>      Administrator's PKCS #12 file:
>            /root/ca-agent.p12
>
>      This CA subsystem of the 'pki-tomcat' instance
>      has FIPS mode enabled on this operating system.
>
>      REMINDER:  Don't forget to update the appropriate FIPS
>                 algorithms in server.xml in the 'pki-tomcat' instance.
>
>      To check the status of the subsystem:
>            systemctl status pki-tomcatd@pki-tomcat.service
>
>      To restart the subsystem:
>            systemctl restart pki-tomcatd@pki-tomcat.service
>
>      The URL for the subsystem is:
>            https://ipa.example.com:8443/ca
>
>      PKI instances will be enabled upon system boot
>
>    ==========================================================================
>
>
>2018-06-14T14:04:32Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present.
>The unit files have no installation config (WantedBy, RequiredBy, Also, Alias
>settings in the [Install] section, and DefaultInstance for template units).
>This means they are not meant to be enabled using systemctl.
>Possible reasons for having this kind of units are:
>1) A unit may be statically enabled by being symlinked from another unit's
>   .wants/ or .requires/ directory.
>2) A unit's purpose may be to act as a helper for some other unit which has
>   a requirement dependency on it.
>3) A unit may be started when needed via activation (socket, path, timer,
>   D-Bus, udev, scripted systemctl call, ...).
>4) In case of template units, the unit is meant to be enabled with some
>   instance name specified.
>
>2018-06-14T14:04:32Z DEBUG completed creating ca instance
>2018-06-14T14:04:32Z DEBUG step duration: pki-tomcatd __spawn_instance 69.21 sec
>2018-06-14T14:04:32Z DEBUG   [2/28]: exporting Dogtag certificate store pin
>2018-06-14T14:04:32Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:04:32Z DEBUG step duration: pki-tomcatd create_certstore_passwdfile 0.00 sec
>2018-06-14T14:04:32Z DEBUG   [3/28]: stopping certificate server instance to update CS.cfg
>2018-06-14T14:04:32Z DEBUG Starting external process
>2018-06-14T14:04:32Z DEBUG args=['/bin/systemctl', 'stop', 'pki-tomcatd@pki-tomcat.service']
>2018-06-14T14:04:34Z DEBUG Process finished, return code=0
>2018-06-14T14:04:34Z DEBUG stdout=
>2018-06-14T14:04:34Z DEBUG stderr=
>2018-06-14T14:04:34Z DEBUG Stop of pki-tomcatd@pki-tomcat.service complete
>2018-06-14T14:04:34Z DEBUG step duration: pki-tomcatd stop_instance 1.28 sec
>2018-06-14T14:04:34Z DEBUG   [4/28]: backing up CS.cfg
>2018-06-14T14:04:34Z DEBUG Starting external process
>2018-06-14T14:04:34Z DEBUG args=['/bin/systemctl', 'is-active', 'pki-tomcatd@pki-tomcat.service']
>2018-06-14T14:04:34Z DEBUG Process finished, return code=3
>2018-06-14T14:04:34Z DEBUG stdout=inactive
>
>2018-06-14T14:04:34Z DEBUG stderr=
>2018-06-14T14:04:34Z DEBUG step duration: pki-tomcatd safe_backup_config 0.02 sec
>2018-06-14T14:04:34Z DEBUG   [5/28]: disabling nonces
>2018-06-14T14:04:34Z DEBUG step duration: pki-tomcatd __disable_nonce 0.00 sec
>2018-06-14T14:04:34Z DEBUG   [6/28]: set up CRL publishing
>2018-06-14T14:04:34Z DEBUG Starting external process
>2018-06-14T14:04:34Z DEBUG args=['/usr/sbin/selinuxenabled']
>2018-06-14T14:04:34Z DEBUG Process finished, return code=0
>2018-06-14T14:04:34Z DEBUG stdout=
>2018-06-14T14:04:34Z DEBUG stderr=
>2018-06-14T14:04:34Z DEBUG Starting external process
>2018-06-14T14:04:34Z DEBUG args=['/sbin/restorecon', '/var/lib/ipa/pki-ca/publish']
>2018-06-14T14:04:34Z DEBUG Process finished, return code=0
>2018-06-14T14:04:34Z DEBUG stdout=
>2018-06-14T14:04:34Z DEBUG stderr=
>2018-06-14T14:04:34Z DEBUG step duration: pki-tomcatd __enable_crl_publish 0.06 sec
>2018-06-14T14:04:34Z DEBUG   [7/28]: enable PKIX certificate path discovery and validation
>2018-06-14T14:04:34Z DEBUG step duration: pki-tomcatd enable_pkix 0.00 sec
>2018-06-14T14:04:34Z DEBUG   [8/28]: starting certificate server instance
>2018-06-14T14:04:34Z DEBUG Starting external process
>2018-06-14T14:04:34Z DEBUG args=['/bin/systemctl', 'start', 'pki-tomcatd@pki-tomcat.service']
>2018-06-14T14:04:36Z DEBUG Process finished, return code=0
>2018-06-14T14:04:36Z DEBUG stdout=
>2018-06-14T14:04:36Z DEBUG stderr=
>2018-06-14T14:04:36Z DEBUG Starting external process
>2018-06-14T14:04:36Z DEBUG args=['/bin/systemctl', 'is-active', 'pki-tomcatd@pki-tomcat.service']
>2018-06-14T14:04:36Z DEBUG Process finished, return code=0
>2018-06-14T14:04:36Z DEBUG stdout=active
>
>2018-06-14T14:04:36Z DEBUG stderr=
>2018-06-14T14:04:36Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
>2018-06-14T14:04:36Z DEBUG waiting for port: 8080
>2018-06-14T14:04:36Z DEBUG Failed to connect to port 8080 tcp on ::1
>2018-06-14T14:04:36Z DEBUG Failed to connect to port 8080 tcp on 127.0.0.1
>2018-06-14T14:04:38Z DEBUG SUCCESS: port: 8080
>2018-06-14T14:04:38Z DEBUG waiting for port: 8443
>2018-06-14T14:04:38Z DEBUG SUCCESS: port: 8443
>2018-06-14T14:04:38Z DEBUG Start of pki-tomcatd@pki-tomcat.service complete
>2018-06-14T14:04:38Z DEBUG Waiting until the CA is running
>2018-06-14T14:04:38Z DEBUG request POST http://ipa.example.com:8080/ca/admin/ca/getStatus
>2018-06-14T14:04:38Z DEBUG request body ''
>2018-06-14T14:04:51Z DEBUG response status 200
>2018-06-14T14:04:51Z DEBUG response headers Content-Type: application/xml
>Content-Length: 168
>Date: Thu, 14 Jun 2018 14:04:51 GMT
>
>
>2018-06-14T14:04:51Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.6.1-3.fc28</Version></XMLResponse>'
>2018-06-14T14:04:51Z DEBUG The CA status is: running
>2018-06-14T14:04:51Z DEBUG step duration: pki-tomcatd start_instance 17.00 sec
>2018-06-14T14:04:51Z DEBUG   [9/28]: configure certmonger for renewals
>2018-06-14T14:04:51Z DEBUG Starting external process
>2018-06-14T14:04:51Z DEBUG args=['/bin/systemctl', 'enable', 'certmonger.service']
>2018-06-14T14:04:51Z DEBUG Process finished, return code=0
>2018-06-14T14:04:51Z DEBUG stdout=
>2018-06-14T14:04:51Z DEBUG stderr=Created symlink /etc/systemd/system/multi-user.target.wants/certmonger.service â /usr/lib/systemd/system/certmonger.service.
>
>2018-06-14T14:04:51Z DEBUG Starting external process
>2018-06-14T14:04:51Z DEBUG args=['/bin/systemctl', 'start', 'messagebus.service']
>2018-06-14T14:04:51Z DEBUG Process finished, return code=0
>2018-06-14T14:04:51Z DEBUG stdout=
>2018-06-14T14:04:51Z DEBUG stderr=
>2018-06-14T14:04:51Z DEBUG Starting external process
>2018-06-14T14:04:51Z DEBUG args=['/bin/systemctl', 'is-active', 'messagebus.service']
>2018-06-14T14:04:51Z DEBUG Process finished, return code=0
>2018-06-14T14:04:51Z DEBUG stdout=active
>
>2018-06-14T14:04:51Z DEBUG stderr=
>2018-06-14T14:04:51Z DEBUG Start of messagebus.service complete
>2018-06-14T14:04:51Z DEBUG Starting external process
>2018-06-14T14:04:51Z DEBUG args=['/bin/systemctl', 'start', 'certmonger.service']
>2018-06-14T14:04:51Z DEBUG Process finished, return code=0
>2018-06-14T14:04:51Z DEBUG stdout=
>2018-06-14T14:04:51Z DEBUG stderr=
>2018-06-14T14:04:51Z DEBUG Starting external process
>2018-06-14T14:04:51Z DEBUG args=['/bin/systemctl', 'is-active', 'certmonger.service']
>2018-06-14T14:04:51Z DEBUG Process finished, return code=0
>2018-06-14T14:04:51Z DEBUG stdout=active
>
>2018-06-14T14:04:51Z DEBUG stderr=
>2018-06-14T14:04:51Z DEBUG Start of certmonger.service complete
>2018-06-14T14:04:52Z DEBUG step duration: pki-tomcatd configure_certmonger_renewal 1.02 sec
>2018-06-14T14:04:52Z DEBUG   [10/28]: requesting RA certificate from CA
>2018-06-14T14:04:52Z DEBUG Starting external process
>2018-06-14T14:04:52Z DEBUG args=['/usr/bin/openssl', 'pkcs7', '-inform', 'DER', '-print_certs', '-out', '/var/lib/ipa/tmp1137u9kv']
>2018-06-14T14:04:52Z DEBUG Process finished, return code=0
>2018-06-14T14:04:52Z DEBUG stdout=
>2018-06-14T14:04:52Z DEBUG stderr=
>2018-06-14T14:04:52Z DEBUG Starting external process
>2018-06-14T14:04:52Z DEBUG args=['/usr/bin/openssl', 'pkcs12', '-nokeys', '-clcerts', '-in', '/root/ca-agent.p12', '-out', '/var/lib/ipa/tmpjbemr3qh', '-passin', 'file:/tmp/tmpa8rsyq8i']
>2018-06-14T14:04:53Z DEBUG Process finished, return code=0
>2018-06-14T14:04:53Z DEBUG stdout=
>2018-06-14T14:04:53Z DEBUG stderr=
>2018-06-14T14:04:53Z DEBUG Starting external process
>2018-06-14T14:04:53Z DEBUG args=['/usr/bin/openssl', 'pkcs12', '-nocerts', '-in', '/root/ca-agent.p12', '-out', '/var/lib/ipa/tmpg328jgux', '-passin', 'file:/tmp/tmp9p7i6ry1', '-nodes']
>2018-06-14T14:04:54Z DEBUG Process finished, return code=0
>2018-06-14T14:04:54Z DEBUG stdout=
>2018-06-14T14:04:54Z DEBUG stderr=
>2018-06-14T14:04:54Z DEBUG certmonger request is in state dbus.String('NEWLY_ADDED_READING_CERT', variant_level=1)
>2018-06-14T14:04:59Z DEBUG certmonger request is in state dbus.String('PRE_SAVE_CERT', variant_level=1)
>2018-06-14T14:05:04Z DEBUG certmonger request is in state dbus.String('POST_SAVED_CERT', variant_level=1)
>2018-06-14T14:05:09Z DEBUG certmonger request is in state dbus.String('POST_SAVED_CERT', variant_level=1)
>2018-06-14T14:05:14Z DEBUG certmonger request is in state dbus.String('POST_SAVED_CERT', variant_level=1)
>2018-06-14T14:05:19Z DEBUG certmonger request is in state dbus.String('MONITORING', variant_level=1)
>2018-06-14T14:05:19Z DEBUG Starting external process
>2018-06-14T14:05:19Z DEBUG args=['/usr/sbin/selinuxenabled']
>2018-06-14T14:05:19Z DEBUG Process finished, return code=0
>2018-06-14T14:05:19Z DEBUG stdout=
>2018-06-14T14:05:19Z DEBUG stderr=
>2018-06-14T14:05:19Z DEBUG Starting external process
>2018-06-14T14:05:19Z DEBUG args=['/sbin/restorecon', '/var/lib/ipa/ra-agent.pem']
>2018-06-14T14:05:19Z DEBUG Process finished, return code=0
>2018-06-14T14:05:19Z DEBUG stdout=
>2018-06-14T14:05:19Z DEBUG stderr=
>2018-06-14T14:05:19Z DEBUG Starting external process
>2018-06-14T14:05:19Z DEBUG args=['/usr/sbin/selinuxenabled']
>2018-06-14T14:05:19Z DEBUG Process finished, return code=0
>2018-06-14T14:05:19Z DEBUG stdout=
>2018-06-14T14:05:19Z DEBUG stderr=
>2018-06-14T14:05:19Z DEBUG Starting external process
>2018-06-14T14:05:19Z DEBUG args=['/sbin/restorecon', '/var/lib/ipa/ra-agent.key']
>2018-06-14T14:05:19Z DEBUG Process finished, return code=0
>2018-06-14T14:05:19Z DEBUG stdout=
>2018-06-14T14:05:19Z DEBUG stderr=
>2018-06-14T14:05:19Z DEBUG step duration: pki-tomcatd __request_ra_certificate 27.56 sec
>2018-06-14T14:05:19Z DEBUG   [11/28]: setting audit signing renewal to 2 years
>2018-06-14T14:05:19Z DEBUG caSignedLogCert.cfg profile validity range is 720
>2018-06-14T14:05:19Z DEBUG step duration: pki-tomcatd set_audit_renewal 0.00 sec
>2018-06-14T14:05:19Z DEBUG   [12/28]: restarting certificate server
>2018-06-14T14:05:19Z DEBUG Starting external process
>2018-06-14T14:05:19Z DEBUG args=['/bin/systemctl', 'restart', 'pki-tomcatd@pki-tomcat.service']
>2018-06-14T14:05:26Z DEBUG Process finished, return code=0
>2018-06-14T14:05:26Z DEBUG stdout=
>2018-06-14T14:05:26Z DEBUG stderr=
>2018-06-14T14:05:26Z DEBUG Starting external process
>2018-06-14T14:05:26Z DEBUG args=['/bin/systemctl', 'is-active', 'pki-tomcatd@pki-tomcat.service']
>2018-06-14T14:05:26Z DEBUG Process finished, return code=0
>2018-06-14T14:05:26Z DEBUG stdout=active
>
>2018-06-14T14:05:26Z DEBUG stderr=
>2018-06-14T14:05:26Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
>2018-06-14T14:05:26Z DEBUG waiting for port: 8080
>2018-06-14T14:05:26Z DEBUG Failed to connect to port 8080 tcp on ::1
>2018-06-14T14:05:26Z DEBUG Failed to connect to port 8080 tcp on 127.0.0.1
>2018-06-14T14:05:30Z DEBUG SUCCESS: port: 8080
>2018-06-14T14:05:30Z DEBUG waiting for port: 8443
>2018-06-14T14:05:30Z DEBUG SUCCESS: port: 8443
>2018-06-14T14:05:30Z DEBUG Restart of pki-tomcatd@pki-tomcat.service complete
>2018-06-14T14:05:30Z DEBUG Waiting until the CA is running
>2018-06-14T14:05:30Z DEBUG request POST http://ipa.example.com:8080/ca/admin/ca/getStatus
>2018-06-14T14:05:30Z DEBUG request body ''
>2018-06-14T14:05:55Z DEBUG response status 200
>2018-06-14T14:05:55Z DEBUG response headers Content-Type: application/xml
>Content-Length: 168
>Date: Thu, 14 Jun 2018 14:05:55 GMT
>
>
>2018-06-14T14:05:55Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.6.1-3.fc28</Version></XMLResponse>'
>2018-06-14T14:05:55Z DEBUG The CA status is: running
>2018-06-14T14:05:55Z DEBUG step duration: pki-tomcatd restart_instance 35.57 sec
>2018-06-14T14:05:55Z DEBUG   [13/28]: publishing the CA certificate
>2018-06-14T14:05:55Z DEBUG step duration: pki-tomcatd __export_ca_chain 0.07 sec
>2018-06-14T14:05:55Z DEBUG   [14/28]: adding RA agent as a trusted user
>2018-06-14T14:05:55Z DEBUG Created connection context.ldap2_139915062506272
>2018-06-14T14:05:55Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket from SchemaCache
>2018-06-14T14:05:55Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f4083997908>
>2018-06-14T14:05:55Z DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Certificate Manager Agents,ou=groups,o=ipaca member_attr=uniqueMember
>2018-06-14T14:05:55Z DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Registration Manager Agents,ou=groups,o=ipaca member_attr=uniqueMember
>2018-06-14T14:05:55Z DEBUG Destroyed connection context.ldap2_139915062506272
>2018-06-14T14:05:55Z DEBUG step duration: pki-tomcatd __create_ca_agent 0.44 sec
>2018-06-14T14:05:55Z DEBUG   [15/28]: authorizing RA to modify profiles
>2018-06-14T14:05:55Z DEBUG step duration: pki-tomcatd configure_profiles_acl 0.01 sec
>2018-06-14T14:05:55Z DEBUG   [16/28]: authorizing RA to manage lightweight CAs
>2018-06-14T14:05:55Z DEBUG step duration: pki-tomcatd configure_lightweight_ca_acls 0.01 sec
>2018-06-14T14:05:55Z DEBUG   [17/28]: Ensure lightweight CAs container exists
>2018-06-14T14:05:55Z DEBUG Created connection context.ldap2_139915062507784
>2018-06-14T14:05:55Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket from SchemaCache
>2018-06-14T14:05:55Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f4083a02cc0>
>2018-06-14T14:05:56Z DEBUG Destroyed connection context.ldap2_139915062507784
>2018-06-14T14:05:56Z DEBUG step duration: pki-tomcatd ensure_lightweight_cas_container 0.41 sec
>2018-06-14T14:05:56Z DEBUG   [18/28]: configure certificate renewals
>2018-06-14T14:05:59Z DEBUG step duration: pki-tomcatd configure_renewal 2.79 sec
>2018-06-14T14:05:59Z DEBUG   [19/28]: configure Server-Cert certificate renewal
>2018-06-14T14:06:00Z DEBUG step duration: pki-tomcatd track_servercert 0.96 sec
>2018-06-14T14:06:00Z DEBUG   [20/28]: Configure HTTP to proxy connections
>2018-06-14T14:06:00Z DEBUG step duration: pki-tomcatd http_proxy 0.00 sec
>2018-06-14T14:06:00Z DEBUG   [21/28]: restarting certificate server
>2018-06-14T14:06:00Z DEBUG Starting external process
>2018-06-14T14:06:00Z DEBUG args=['/bin/systemctl', 'restart', 'pki-tomcatd@pki-tomcat.service']
>2018-06-14T14:06:03Z DEBUG Process finished, return code=0
>2018-06-14T14:06:03Z DEBUG stdout=
>2018-06-14T14:06:03Z DEBUG stderr=
>2018-06-14T14:06:03Z DEBUG Starting external process
>2018-06-14T14:06:03Z DEBUG args=['/bin/systemctl', 'is-active', 'pki-tomcatd@pki-tomcat.service']
>2018-06-14T14:06:03Z DEBUG Process finished, return code=0
>2018-06-14T14:06:03Z DEBUG stdout=active
>
>2018-06-14T14:06:03Z DEBUG stderr=
>2018-06-14T14:06:03Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
>2018-06-14T14:06:03Z DEBUG waiting for port: 8080
>2018-06-14T14:06:03Z DEBUG Failed to connect to port 8080 tcp on ::1
>2018-06-14T14:06:03Z DEBUG Failed to connect to port 8080 tcp on 127.0.0.1
>2018-06-14T14:06:05Z DEBUG SUCCESS: port: 8080
>2018-06-14T14:06:05Z DEBUG waiting for port: 8443
>2018-06-14T14:06:05Z DEBUG SUCCESS: port: 8443
>2018-06-14T14:06:05Z DEBUG Restart of pki-tomcatd@pki-tomcat.service complete
>2018-06-14T14:06:05Z DEBUG Waiting until the CA is running
>2018-06-14T14:06:05Z DEBUG request POST http://ipa.example.com:8080/ca/admin/ca/getStatus
>2018-06-14T14:06:05Z DEBUG request body ''
>2018-06-14T14:06:18Z DEBUG response status 200
>2018-06-14T14:06:18Z DEBUG response headers Content-Type: application/xml
>Content-Length: 168
>Date: Thu, 14 Jun 2018 14:06:18 GMT
>
>
>2018-06-14T14:06:18Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.6.1-3.fc28</Version></XMLResponse>'
>2018-06-14T14:06:18Z DEBUG The CA status is: running
>2018-06-14T14:06:18Z DEBUG step duration: pki-tomcatd restart_instance 18.43 sec
>2018-06-14T14:06:18Z DEBUG   [22/28]: updating IPA configuration
>2018-06-14T14:06:18Z DEBUG step duration: pki-tomcatd update_ipa_conf 0.00 sec
>2018-06-14T14:06:18Z DEBUG   [23/28]: enabling CA instance
>2018-06-14T14:06:18Z DEBUG Starting external process
>2018-06-14T14:06:18Z DEBUG args=['/bin/systemctl', 'disable', 'pki-tomcatd.target']
>2018-06-14T14:06:18Z DEBUG Process finished, return code=0
>2018-06-14T14:06:18Z DEBUG stdout=
>2018-06-14T14:06:18Z DEBUG stderr=
>2018-06-14T14:06:18Z DEBUG step duration: pki-tomcatd __enable_instance 0.36 sec
>2018-06-14T14:06:18Z DEBUG   [24/28]: migrating certificate profiles to LDAP
>2018-06-14T14:06:18Z DEBUG Created connection context.ldap2_139915062910760
>2018-06-14T14:06:18Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket from SchemaCache
>2018-06-14T14:06:18Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f40839f9f98>
>2018-06-14T14:06:19Z DEBUG Destroyed connection context.ldap2_139915062910760
>2018-06-14T14:06:19Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:19Z DEBUG request body ''
>2018-06-14T14:06:20Z DEBUG response status 200
>2018-06-14T14:06:20Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=A6A5B5B38A97F1FAFFB9A2E3E2F98FFE; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:20 GMT
>
>
>2018-06-14T14:06:20Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:20Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:20Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates using CMC.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=CMCAuth\nauthz.acl=group="Certificate Manager Agents"\nname=Server Certificate Enrollment using CMC\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=commonNameToSANDefaultImpl\npolicyset.serverCertSet.9.default.name=copy CN to SAN Default\nprofileId=caCMCserverCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:20Z DEBUG response status 409
>2018-06-14T14:06:20Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:20 GMT
>
>
>2018-06-14T14:06:20Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:20Z DEBUG Error migrating 'caCMCserverCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:20Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caCMCserverCert?action=enable
>2018-06-14T14:06:20Z DEBUG request body ''
>2018-06-14T14:06:20Z DEBUG response status 409
>2018-06-14T14:06:20Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:20 GMT
>
>
>2018-06-14T14:06:20Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:20Z DEBUG Failed to enable profile 'caCMCserverCert' (it is probably already enabled)
>2018-06-14T14:06:20Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:20Z DEBUG request body ''
>2018-06-14T14:06:20Z DEBUG response status 204
>2018-06-14T14:06:20Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=813E16FE9481767A527F4EE498256CB2; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:20 GMT
>
>
>2018-06-14T14:06:20Z DEBUG response body b''
>2018-06-14T14:06:20Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:20Z DEBUG request body ''
>2018-06-14T14:06:20Z DEBUG response status 200
>2018-06-14T14:06:20Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=F4374ED2B53ECD533D7BBF6437B39733; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:20 GMT
>
>
>2018-06-14T14:06:20Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:20Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:20Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with ECC keys using CMC.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=CMCAuth\nauthz.acl=group="Certificate Manager Agents"\nname=Server Certificate wth ECC keys Enrollment using CMC\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=EC\npolicyset.serverCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=commonNameToSANDefaultImpl\npolicyset.serverCertSet.9.default.name=copy CN to SAN Default\nprofileId=caCMCECserverCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:20Z DEBUG response status 409
>2018-06-14T14:06:20Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:20 GMT
>
>
>2018-06-14T14:06:20Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:20Z DEBUG Error migrating 'caCMCECserverCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:20Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caCMCECserverCert?action=enable
>2018-06-14T14:06:20Z DEBUG request body ''
>2018-06-14T14:06:20Z DEBUG response status 409
>2018-06-14T14:06:20Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:20 GMT
>
>
>2018-06-14T14:06:20Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:20Z DEBUG Failed to enable profile 'caCMCECserverCert' (it is probably already enabled)
>2018-06-14T14:06:20Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:20Z DEBUG request body ''
>2018-06-14T14:06:21Z DEBUG response status 204
>2018-06-14T14:06:21Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=2B316EE4B0D2D40E17F3B139F9C4015B; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:20 GMT
>
>
>2018-06-14T14:06:21Z DEBUG response body b''
>2018-06-14T14:06:21Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:21Z DEBUG request body ''
>2018-06-14T14:06:21Z DEBUG response status 200
>2018-06-14T14:06:21Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=29AC24A94A396BAE4FFC6D1D935C4372; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:20 GMT
>
>
>2018-06-14T14:06:21Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:21Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:21Z DEBUG request body 'desc=This certificate profile is for enrolling subsystem certificates with ECC keys using CMC.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=CMCAuth\nauthz.acl=group="Certificate Manager Agents"\nname=Subsystem Certificate Enrollment with ECC keys using CMC\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=EC\npolicyset.serverCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caCMCECsubsystemCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:21Z DEBUG response status 409
>2018-06-14T14:06:21Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:21 GMT
>
>
>2018-06-14T14:06:21Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:21Z DEBUG Error migrating 'caCMCECsubsystemCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:21Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caCMCECsubsystemCert?action=enable
>2018-06-14T14:06:21Z DEBUG request body ''
>2018-06-14T14:06:21Z DEBUG response status 409
>2018-06-14T14:06:21Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:21 GMT
>
>
>2018-06-14T14:06:21Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:21Z DEBUG Failed to enable profile 'caCMCECsubsystemCert' (it is probably already enabled)
>2018-06-14T14:06:21Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:21Z DEBUG request body ''
>2018-06-14T14:06:21Z DEBUG response status 204
>2018-06-14T14:06:21Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=AFE34AA5176E42E36FF019B9E14A2C6C; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:21 GMT
>
>
>2018-06-14T14:06:21Z DEBUG response body b''
>2018-06-14T14:06:21Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:21Z DEBUG request body ''
>2018-06-14T14:06:21Z DEBUG response status 200
>2018-06-14T14:06:21Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=C21F465DC80C172C8DBF73DD007A8AF7; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:21 GMT
>
>
>2018-06-14T14:06:21Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:21Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:21Z DEBUG request body 'desc=This certificate profile is for enrolling subsystem certificates using CMC.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=CMCAuth\nauthz.acl=group="Certificate Manager Agents"\nname=Subsystem Certificate Enrollment using CMC\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caCMCsubsystemCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:21Z DEBUG response status 409
>2018-06-14T14:06:21Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:21 GMT
>
>
>2018-06-14T14:06:21Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:21Z DEBUG Error migrating 'caCMCsubsystemCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:21Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caCMCsubsystemCert?action=enable
>2018-06-14T14:06:21Z DEBUG request body ''
>2018-06-14T14:06:21Z DEBUG response status 409
>2018-06-14T14:06:21Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:21 GMT
>
>
>2018-06-14T14:06:21Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:21Z DEBUG Failed to enable profile 'caCMCsubsystemCert' (it is probably already enabled)
>2018-06-14T14:06:21Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:21Z DEBUG request body ''
>2018-06-14T14:06:21Z DEBUG response status 204
>2018-06-14T14:06:21Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=DBC85F82E79FA2B65FE79DB25DD0DAC6; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:21 GMT
>
>
>2018-06-14T14:06:21Z DEBUG response body b''
>2018-06-14T14:06:21Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:21Z DEBUG request body ''
>2018-06-14T14:06:21Z DEBUG response status 200
>2018-06-14T14:06:21Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=A2B132BF43F5169F83A3AFDD988B384D; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:21 GMT
>
>
>2018-06-14T14:06:21Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:21Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:21Z DEBUG request body 'desc=This certificate profile is for enrolling audit signing certificates using CMC.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=CMCAuth\nauthz.acl=group="Certificate Manager Agents"\nname=Audit Signing Certificate Enrollment using CMC\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=auditSigningCertSet\npolicyset.auditSigningCertSet.list=1,2,3,4,5,6,9\npolicyset.auditSigningCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.auditSigningCertSet.1.constraint.name=Subject Name Constraint\npolicyset.auditSigningCertSet.1.constraint.params.pattern=CN=.*\npolicyset.auditSigningCertSet.1.constraint.params.accept=true\npolicyset.auditSigningCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.auditSigningCertSet.1.default.name=Subject Name Default\npolicyset.auditSigningCertSet.1.default.params.name=\npolicyset.auditSigningCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.auditSigningCertSet.2.constraint.name=Validity Constraint\npolicyset.auditSigningCertSet.2.constraint.params.range=720\npolicyset.auditSigningCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.auditSigningCertSet.2.constraint.params.notAfterCheck=false\npolicyset.auditSigningCertSet.2.default.class_id=validityDefaultImpl\npolicyset.auditSigningCertSet.2.default.name=Validity Default\npolicyset.auditSigningCertSet.2.default.params.range=720\npolicyset.auditSigningCertSet.2.default.params.startTime=0\npolicyset.auditSigningCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.auditSigningCertSet.3.constraint.name=Key Constraint\npolicyset.auditSigningCertSet.3.constraint.params.keyType=RSA\npolicyset.auditSigningCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.auditSigningCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.auditSigningCertSet.3.default.name=Key Default\npolicyset.auditSigningCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.auditSigningCertSet.4.constraint.name=No Constraint\npolicyset.auditSigningCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.auditSigningCertSet.4.default.name=Authority Key Identifier Default\npolicyset.auditSigningCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.auditSigningCertSet.5.constraint.name=No Constraint\npolicyset.auditSigningCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.auditSigningCertSet.5.default.name=AIA Extension Default\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.auditSigningCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.auditSigningCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.auditSigningCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.auditSigningCertSet.6.default.name=Key Usage Default\npolicyset.auditSigningCertSet.6.default.params.keyUsageCritical=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.auditSigningCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.auditSigningCertSet.9.constraint.name=No Constraint\npolicyset.auditSigningCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.auditSigningCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.auditSigningCertSet.9.default.name=Signing Alg\npolicyset.auditSigningCertSet.9.default.params.signingAlg=-\nprofileId=caCMCauditSigningCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:21Z DEBUG response status 409
>2018-06-14T14:06:21Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:21 GMT
>
>
>2018-06-14T14:06:21Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:21Z DEBUG Error migrating 'caCMCauditSigningCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:21Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caCMCauditSigningCert?action=enable
>2018-06-14T14:06:21Z DEBUG request body ''
>2018-06-14T14:06:21Z DEBUG response status 409
>2018-06-14T14:06:21Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:21 GMT
>
>
>2018-06-14T14:06:21Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:21Z DEBUG Failed to enable profile 'caCMCauditSigningCert' (it is probably already enabled)
>2018-06-14T14:06:21Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:21Z DEBUG request body ''
>2018-06-14T14:06:21Z DEBUG response status 204
>2018-06-14T14:06:21Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=6A54124EDAF352D281DE84109A4302CD; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:21 GMT
>
>
>2018-06-14T14:06:21Z DEBUG response body b''
>2018-06-14T14:06:21Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:21Z DEBUG request body ''
>2018-06-14T14:06:21Z DEBUG response status 200
>2018-06-14T14:06:21Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=7832E4F73E712DC9EB5939DA13015145; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:21 GMT
>
>
>2018-06-14T14:06:21Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:21Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:21Z DEBUG request body 'desc=This certificate profile is for enrolling Certificate Authority certificates using CMC.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=CMCAuth\nauthz.acl=group="Certificate Manager Agents"\nname=Certificate Manager Signing Certificate Enrollment using CMC\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=Subject Name Constraint\npolicyset.caCertSet.1.constraint.params.pattern=CN=.*\npolicyset.caCertSet.1.constraint.params.accept=true\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=Subject Name Default\npolicyset.caCertSet.1.default.params.name=\npolicyset.caCertSet.2.constraint.class_id=caValidityConstraintImpl\npolicyset.caCertSet.2.constraint.name=CA Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=7305\npolicyset.caCertSet.2.default.class_id=caValidityDefaultImpl\npolicyset.caCertSet.2.default.name=CA Certificate Validity Default\npolicyset.caCertSet.2.default.params.range=7305\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caCMCcaCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:21Z DEBUG response status 409
>2018-06-14T14:06:21Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:21 GMT
>
>
>2018-06-14T14:06:21Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:21Z DEBUG Error migrating 'caCMCcaCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:21Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caCMCcaCert?action=enable
>2018-06-14T14:06:21Z DEBUG request body ''
>2018-06-14T14:06:21Z DEBUG response status 409
>2018-06-14T14:06:21Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:21 GMT
>
>
>2018-06-14T14:06:21Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:21Z DEBUG Failed to enable profile 'caCMCcaCert' (it is probably already enabled)
>2018-06-14T14:06:21Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:21Z DEBUG request body ''
>2018-06-14T14:06:22Z DEBUG response status 204
>2018-06-14T14:06:22Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=429F9E7392A49A2304F6FE316B6612AE; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:21 GMT
>
>
>2018-06-14T14:06:22Z DEBUG response body b''
>2018-06-14T14:06:22Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:22Z DEBUG request body ''
>2018-06-14T14:06:22Z DEBUG response status 200
>2018-06-14T14:06:22Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=E7B21EC66BEB41C28876110C8895D6C8; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:21 GMT
>
>
>2018-06-14T14:06:22Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:22Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:22Z DEBUG request body 'desc=This certificate profile is for enrolling OCSP Responder signing certificates using CMC.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=CMCAuth\nauthz.acl=group="Certificate Manager Agents"\nname=OCSP Responder Signing Certificate Enrollment using CMC\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=ocspCertSet\npolicyset.ocspCertSet.list=1,2,3,4,5,6,8,9\npolicyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.ocspCertSet.1.constraint.name=Subject Name Constraint\npolicyset.ocspCertSet.1.constraint.params.pattern=CN=.*\npolicyset.ocspCertSet.1.constraint.params.accept=true\npolicyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.ocspCertSet.1.default.name=Subject Name Default\npolicyset.ocspCertSet.1.default.params.name=\npolicyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.ocspCertSet.2.constraint.name=Validity Constraint\npolicyset.ocspCertSet.2.constraint.params.range=720\npolicyset.ocspCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.ocspCertSet.2.constraint.params.notAfterCheck=false\npolicyset.ocspCertSet.2.default.class_id=validityDefaultImpl\npolicyset.ocspCertSet.2.default.name=Validity Default\npolicyset.ocspCertSet.2.default.params.range=720\npolicyset.ocspCertSet.2.default.params.startTime=0\npolicyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.ocspCertSet.3.constraint.name=Key Constraint\npolicyset.ocspCertSet.3.constraint.params.keyType=-\npolicyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.ocspCertSet.3.default.name=Key Default\npolicyset.ocspCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.4.constraint.name=No Constraint\npolicyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.ocspCertSet.4.default.name=Authority Key Identifier Default\npolicyset.ocspCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.5.constraint.name=No Constraint\npolicyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.ocspCertSet.5.default.name=AIA Extension Default\npolicyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.ocspCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl\npolicyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.ocspCertSet.6.default.name=Extended Key Usage Default\npolicyset.ocspCertSet.6.default.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl\npolicyset.ocspCertSet.8.constraint.name=No Constraint\npolicyset.ocspCertSet.8.constraint.params.extCritical=false\npolicyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5\npolicyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl\npolicyset.ocspCertSet.8.default.name=OCSP No Check Extension\npolicyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false\npolicyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.ocspCertSet.9.constraint.name=No Constraint\npolicyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.ocspCertSet.9.default.name=Signing Alg\npolicyset.ocspCertSet.9.default.params.signingAlg=-\nprofileId=caCMCocspCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:22Z DEBUG response status 409
>2018-06-14T14:06:22Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:22 GMT
>
>
>2018-06-14T14:06:22Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:22Z DEBUG Error migrating 'caCMCocspCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:22Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caCMCocspCert?action=enable
>2018-06-14T14:06:22Z DEBUG request body ''
>2018-06-14T14:06:22Z DEBUG response status 409
>2018-06-14T14:06:22Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:22 GMT
>
>
>2018-06-14T14:06:22Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:22Z DEBUG Failed to enable profile 'caCMCocspCert' (it is probably already enabled)
>2018-06-14T14:06:22Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:22Z DEBUG request body ''
>2018-06-14T14:06:22Z DEBUG response status 204
>2018-06-14T14:06:22Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=C1E83F06AE99134D7DD46D47A1971AA3; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:22 GMT
>
>
>2018-06-14T14:06:22Z DEBUG response body b''
>2018-06-14T14:06:22Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:22Z DEBUG request body ''
>2018-06-14T14:06:22Z DEBUG response status 200
>2018-06-14T14:06:22Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=E0EF0DA711EC1C028461E95B31EF1488; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:22 GMT
>
>
>2018-06-14T14:06:22Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:22Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:22Z DEBUG request body 'desc=This certificate profile is for enrolling Key Archival Authority transport certificates using CMC.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=CMCAuth\nauthz.acl=group="Certificate Manager Agents"\nname=Key Archival Authority Transport Certificate Enrollment using CMC\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=transportCertSet\npolicyset.transportCertSet.list=1,2,3,4,5,6,7,8\npolicyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.transportCertSet.1.constraint.name=Subject Name Constraint\npolicyset.transportCertSet.1.constraint.params.pattern=CN=.*\npolicyset.transportCertSet.1.constraint.params.accept=true\npolicyset.transportCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.transportCertSet.1.default.name=Subject Name Default\npolicyset.transportCertSet.1.default.params.name=\npolicyset.transportCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.transportCertSet.2.constraint.name=Validity Constraint\npolicyset.transportCertSet.2.constraint.params.range=720\npolicyset.transportCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.transportCertSet.2.constraint.params.notAfterCheck=false\npolicyset.transportCertSet.2.default.class_id=validityDefaultImpl\npolicyset.transportCertSet.2.default.name=Validity Default\npolicyset.transportCertSet.2.default.params.range=720\npolicyset.transportCertSet.2.default.params.startTime=0\npolicyset.transportCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.transportCertSet.3.constraint.name=Key Constraint\npolicyset.transportCertSet.3.constraint.params.keyType=RSA\npolicyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.transportCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.transportCertSet.3.default.name=Key Default\npolicyset.transportCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.4.constraint.name=No Constraint\npolicyset.transportCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.transportCertSet.4.default.name=Authority Key Identifier Default\npolicyset.transportCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.5.constraint.name=No Constraint\npolicyset.transportCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.transportCertSet.5.default.name=AIA Extension Default\npolicyset.transportCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.transportCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.transportCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.transportCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.transportCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.transportCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.transportCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.transportCertSet.6.default.name=Key Usage Default\npolicyset.transportCertSet.6.default.params.keyUsageCritical=true\npolicyset.transportCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.7.constraint.name=No Constraint\npolicyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.transportCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.transportCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.transportCertSet.8.constraint.name=No Constraint\npolicyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.transportCertSet.8.default.name=Signing Alg\npolicyset.transportCertSet.8.default.params.signingAlg=-\nprofileId=caCMCkraTransportCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:22Z DEBUG response status 409
>2018-06-14T14:06:22Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:22 GMT
>
>
>2018-06-14T14:06:22Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:22Z DEBUG Error migrating 'caCMCkraTransportCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:22Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caCMCkraTransportCert?action=enable
>2018-06-14T14:06:22Z DEBUG request body ''
>2018-06-14T14:06:22Z DEBUG response status 409
>2018-06-14T14:06:22Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:22 GMT
>
>
>2018-06-14T14:06:22Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:22Z DEBUG Failed to enable profile 'caCMCkraTransportCert' (it is probably already enabled)
>2018-06-14T14:06:22Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:22Z DEBUG request body ''
>2018-06-14T14:06:22Z DEBUG response status 204
>2018-06-14T14:06:22Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=8650BC1AF3AD1CFA9C550C0D110A4F42; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:22 GMT
>
>
>2018-06-14T14:06:22Z DEBUG response body b''
>2018-06-14T14:06:22Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:22Z DEBUG request body ''
>2018-06-14T14:06:22Z DEBUG response status 200
>2018-06-14T14:06:22Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=2461045852DF6B63B8D6987D11AAD006; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:22 GMT
>
>
>2018-06-14T14:06:22Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:22Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:22Z DEBUG request body 'desc=This certificate profile is for enrolling KRA storage certificates using CMC\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=CMCAuth\nauthz.acl=group="Certificate Manager Agents"\nname=KRA storage Certificate Enrollment using CMC\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=drmStorageCertSet\npolicyset.drmStorageCertSet.list=1,2,3,4,5,6,7,9\npolicyset.drmStorageCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.drmStorageCertSet.1.constraint.name=Subject Name Constraint\npolicyset.drmStorageCertSet.1.constraint.params.pattern=CN=.*\npolicyset.drmStorageCertSet.1.constraint.params.accept=true\npolicyset.drmStorageCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.drmStorageCertSet.1.default.name=Subject Name Default\npolicyset.drmStorageCertSet.1.default.params.name=\npolicyset.drmStorageCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.drmStorageCertSet.2.constraint.name=Validity Constraint\npolicyset.drmStorageCertSet.2.constraint.params.range=720\npolicyset.drmStorageCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.drmStorageCertSet.2.constraint.params.notAfterCheck=false\npolicyset.drmStorageCertSet.2.default.class_id=validityDefaultImpl\npolicyset.drmStorageCertSet.2.default.name=Validity Default\npolicyset.drmStorageCertSet.2.default.params.range=720\npolicyset.drmStorageCertSet.2.default.params.startTime=0\npolicyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.drmStorageCertSet.3.constraint.name=Key Constraint\npolicyset.drmStorageCertSet.3.constraint.params.keyType=RSA\npolicyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.drmStorageCertSet.3.default.name=Key Default\npolicyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.4.constraint.name=No Constraint\npolicyset.drmStorageCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.drmStorageCertSet.4.default.name=Authority Key Identifier Default\npolicyset.drmStorageCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.5.constraint.name=No Constraint\npolicyset.drmStorageCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.drmStorageCertSet.5.default.name=AIA Extension Default\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.drmStorageCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.drmStorageCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.6.default.name=Key Usage Default\npolicyset.drmStorageCertSet.6.default.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.7.constraint.name=No Constraint\npolicyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.drmStorageCertSet.9.constraint.name=No Constraint\npolicyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.drmStorageCertSet.9.default.name=Signing Alg\npolicyset.drmStorageCertSet.9.default.params.signingAlg=-\nprofileId=caCMCkraStorageCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:22Z DEBUG response status 409
>2018-06-14T14:06:22Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:22 GMT
>
>
>2018-06-14T14:06:22Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:22Z DEBUG Error migrating 'caCMCkraStorageCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:22Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caCMCkraStorageCert?action=enable
>2018-06-14T14:06:22Z DEBUG request body ''
>2018-06-14T14:06:22Z DEBUG response status 409
>2018-06-14T14:06:22Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:22 GMT
>
>
>2018-06-14T14:06:22Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:22Z DEBUG Failed to enable profile 'caCMCkraStorageCert' (it is probably already enabled)
>2018-06-14T14:06:22Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:22Z DEBUG request body ''
>2018-06-14T14:06:22Z DEBUG response status 204
>2018-06-14T14:06:22Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=34B9B0571E1991A0FA12F0F5FF771A63; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:22 GMT
>
>
>2018-06-14T14:06:22Z DEBUG response body b''
>2018-06-14T14:06:22Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:22Z DEBUG request body ''
>2018-06-14T14:06:22Z DEBUG response status 200
>2018-06-14T14:06:22Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=995A1964B1D476BAB508E6066A3B0852; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:22 GMT
>
>
>2018-06-14T14:06:22Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:22Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:22Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates.\nvisible=true\nenable=true\nenableBy=admin\nname=Manual User Dual-Use Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caUserCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:22Z DEBUG response status 409
>2018-06-14T14:06:22Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:22 GMT
>
>
>2018-06-14T14:06:22Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:22Z DEBUG Error migrating 'caUserCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:22Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caUserCert?action=enable
>2018-06-14T14:06:22Z DEBUG request body ''
>2018-06-14T14:06:22Z DEBUG response status 409
>2018-06-14T14:06:22Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:22 GMT
>
>
>2018-06-14T14:06:22Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:22Z DEBUG Failed to enable profile 'caUserCert' (it is probably already enabled)
>2018-06-14T14:06:22Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:22Z DEBUG request body ''
>2018-06-14T14:06:22Z DEBUG response status 204
>2018-06-14T14:06:22Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=26C2D5AD456139D16C2C6B67F403CAF2; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:22 GMT
>
>
>2018-06-14T14:06:22Z DEBUG response body b''
>2018-06-14T14:06:22Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:22Z DEBUG request body ''
>2018-06-14T14:06:23Z DEBUG response status 200
>2018-06-14T14:06:23Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=4E3723E9FCE0A31B9BE1050BF3FF836E; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:22 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:23Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:23Z DEBUG request body 'desc=This certificate profile is for enrolling user ECC certificates.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Dual-Use ECC Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=EC\npolicyset.userCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=true\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caECUserCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:23Z DEBUG response status 409
>2018-06-14T14:06:23Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:22 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:23Z DEBUG Error migrating 'caECUserCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:23Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caECUserCert?action=enable
>2018-06-14T14:06:23Z DEBUG request body ''
>2018-06-14T14:06:23Z DEBUG response status 409
>2018-06-14T14:06:23Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:22 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:23Z DEBUG Failed to enable profile 'caECUserCert' (it is probably already enabled)
>2018-06-14T14:06:23Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:23Z DEBUG request body ''
>2018-06-14T14:06:23Z DEBUG response status 204
>2018-06-14T14:06:23Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=9A493A1F22BB51EAED1A55043D7B424D; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:22 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b''
>2018-06-14T14:06:23Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:23Z DEBUG request body ''
>2018-06-14T14:06:23Z DEBUG response status 200
>2018-06-14T14:06:23Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=A3EE6599C04FAB2BBAC857ACBAFACA45; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:23Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:23Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with S/MIME capabilities extension - OID: 1.2.840.113549.1.9.15\nvisible=true\nenable=true\nenableBy=admin\nname=Manual User Dual-Use S/MIME capabilities Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9,11\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\npolicyset.userCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.11.constraint.name=No Constraint\npolicyset.userCertSet.11.default.class_id=genericExtDefaultImpl\npolicyset.userCertSet.11.default.name=Generic Extension\npolicyset.userCertSet.11.default.params.genericExtOID=1.2.840.113549.1.9.15\npolicyset.userCertSet.11.default.params.genericExtData=3067300B06092A864886F70D010105300B06092A864886F70D01010B300B06092A864886F70D01010C300B06092A864886F70D01010D300A06082A864886F70D0307300B0609608648016503040102300B060960864801650304012A300B06092A864886F70D010101\nprofileId=caUserSMIMEcapCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:23Z DEBUG response status 409
>2018-06-14T14:06:23Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:23Z DEBUG Error migrating 'caUserSMIMEcapCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:23Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caUserSMIMEcapCert?action=enable
>2018-06-14T14:06:23Z DEBUG request body ''
>2018-06-14T14:06:23Z DEBUG response status 409
>2018-06-14T14:06:23Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:23Z DEBUG Failed to enable profile 'caUserSMIMEcapCert' (it is probably already enabled)
>2018-06-14T14:06:23Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:23Z DEBUG request body ''
>2018-06-14T14:06:23Z DEBUG response status 204
>2018-06-14T14:06:23Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=5FEECC8B64591DD04C3BDCAF67E981B9; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b''
>2018-06-14T14:06:23Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:23Z DEBUG request body ''
>2018-06-14T14:06:23Z DEBUG response status 200
>2018-06-14T14:06:23Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=FCB95C25A5487F85AB5E74CDD8F81391; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:23Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:23Z DEBUG request body 'desc=This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Signing & Encryption Certificates Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=dualKeyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=RSA\npolicyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\nprofileId=caDualCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:23Z DEBUG response status 409
>2018-06-14T14:06:23Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:23Z DEBUG Error migrating 'caDualCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:23Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caDualCert?action=enable
>2018-06-14T14:06:23Z DEBUG request body ''
>2018-06-14T14:06:23Z DEBUG response status 409
>2018-06-14T14:06:23Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:23Z DEBUG Failed to enable profile 'caDualCert' (it is probably already enabled)
>2018-06-14T14:06:23Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:23Z DEBUG request body ''
>2018-06-14T14:06:23Z DEBUG response status 204
>2018-06-14T14:06:23Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=9EC4BE78D5DA438D56076E03211E8874; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b''
>2018-06-14T14:06:23Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:23Z DEBUG request body ''
>2018-06-14T14:06:23Z DEBUG response status 200
>2018-06-14T14:06:23Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=23E0849538D5E1722474E1EA70CC4895; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:23Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:23Z DEBUG request body 'desc=This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later.\nvisible=true\nenable=true\nenableBy=admin\nname=Directory-authenticated User Signing & Encryption Certificates Enrollment\nauth.instance_id=UserDirEnrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=dualKeyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=RSA\npolicyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\nprofileId=caDirBasedDualCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:23Z DEBUG response status 409
>2018-06-14T14:06:23Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:23Z DEBUG Error migrating 'caDirBasedDualCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:23Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caDirBasedDualCert?action=enable
>2018-06-14T14:06:23Z DEBUG request body ''
>2018-06-14T14:06:23Z DEBUG response status 409
>2018-06-14T14:06:23Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:23Z DEBUG Failed to enable profile 'caDirBasedDualCert' (it is probably already enabled)
>2018-06-14T14:06:23Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:23Z DEBUG request body ''
>2018-06-14T14:06:23Z DEBUG response status 204
>2018-06-14T14:06:23Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=82683E265CAA302F24BD28D508C536C3; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b''
>2018-06-14T14:06:23Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:23Z DEBUG request body ''
>2018-06-14T14:06:23Z DEBUG response status 200
>2018-06-14T14:06:23Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=691A34CE865821C5024A7C71CF577616; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:23Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:23Z DEBUG request body "desc=This certificate profile is for enrolling Administrator's certificates suitable for use by clients such as browsers.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=\nname=Manual Administrator Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=adminCertSet\npolicyset.adminCertSet.list=1,2,3,4,5,6,7,8\npolicyset.adminCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.adminCertSet.1.constraint.name=Subject Name Constraint\npolicyset.adminCertSet.1.constraint.params.pattern=.*\npolicyset.adminCertSet.1.constraint.params.accept=true\npolicyset.adminCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.adminCertSet.1.default.name=Subject Name Default\npolicyset.adminCertSet.1.default.params.name=\npolicyset.adminCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.adminCertSet.2.constraint.name=Validity Constraint\npolicyset.adminCertSet.2.constraint.params.range=365\npolicyset.adminCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.adminCertSet.2.constraint.params.notAfterCheck=false\npolicyset.adminCertSet.2.default.class_id=validityDefaultImpl\npolicyset.adminCertSet.2.default.name=Validity Default\npolicyset.adminCertSet.2.default.params.range=365\npolicyset.adminCertSet.2.default.params.startTime=0\npolicyset.adminCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.adminCertSet.3.constraint.name=Key Constraint\npolicyset.adminCertSet.3.constraint.params.keyType=RSA\npolicyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.adminCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.adminCertSet.3.default.name=Key Default\npolicyset.adminCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.4.constraint.name=No Constraint\npolicyset.adminCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.adminCertSet.4.default.name=Authority Key Identifier Default\npolicyset.adminCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.5.constraint.name=No Constraint\npolicyset.adminCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.adminCertSet.5.default.name=AIA Extension Default\npolicyset.adminCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.adminCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.adminCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.adminCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.adminCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.adminCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.adminCertSet.6.default.name=Key Usage Default\npolicyset.adminCertSet.6.default.params.keyUsageCritical=true\npolicyset.adminCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.7.constraint.name=No Constraint\npolicyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.adminCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.adminCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.adminCertSet.8.constraint.name=No Constraint\npolicyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.adminCertSet.8.default.name=Signing Alg\npolicyset.adminCertSet.8.default.params.signingAlg=-\nprofileId=AdminCert\nclassId=caEnrollImpl\n"
>2018-06-14T14:06:23Z DEBUG response status 409
>2018-06-14T14:06:23Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:23Z DEBUG Error migrating 'AdminCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:23Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/AdminCert?action=enable
>2018-06-14T14:06:23Z DEBUG request body ''
>2018-06-14T14:06:23Z DEBUG response status 409
>2018-06-14T14:06:23Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:23Z DEBUG Failed to enable profile 'AdminCert' (it is probably already enabled)
>2018-06-14T14:06:23Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:23Z DEBUG request body ''
>2018-06-14T14:06:23Z DEBUG response status 204
>2018-06-14T14:06:23Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=C5C903E27460BB636F0FF8F0372D2772; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b''
>2018-06-14T14:06:23Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:23Z DEBUG request body ''
>2018-06-14T14:06:23Z DEBUG response status 200
>2018-06-14T14:06:23Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=0D70E982F717FCB8361CAD40D7B8D8F8; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:23Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:23Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:23Z DEBUG request body "desc=This certificate profile is for enrolling Administrator's certificates with ECC keys suitable for use by clients such as browsers.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=\nname=Manual Administrator Certificate Enrollment with ECC keys\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=adminCertSet\npolicyset.adminCertSet.list=1,2,3,4,5,6,7,8\npolicyset.adminCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.adminCertSet.1.constraint.name=Subject Name Constraint\npolicyset.adminCertSet.1.constraint.params.pattern=.*\npolicyset.adminCertSet.1.constraint.params.accept=true\npolicyset.adminCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.adminCertSet.1.default.name=Subject Name Default\npolicyset.adminCertSet.1.default.params.name=\npolicyset.adminCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.adminCertSet.2.constraint.name=Validity Constraint\npolicyset.adminCertSet.2.constraint.params.range=365\npolicyset.adminCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.adminCertSet.2.constraint.params.notAfterCheck=false\npolicyset.adminCertSet.2.default.class_id=validityDefaultImpl\npolicyset.adminCertSet.2.default.name=Validity Default\npolicyset.adminCertSet.2.default.params.range=365\npolicyset.adminCertSet.2.default.params.startTime=0\npolicyset.adminCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.adminCertSet.3.constraint.name=Key Constraint\npolicyset.adminCertSet.3.constraint.params.keyType=-\npolicyset.adminCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.adminCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.adminCertSet.3.default.name=Key Default\npolicyset.adminCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.4.constraint.name=No Constraint\npolicyset.adminCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.adminCertSet.4.default.name=Authority Key Identifier Default\npolicyset.adminCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.5.constraint.name=No Constraint\npolicyset.adminCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.adminCertSet.5.default.name=AIA Extension Default\npolicyset.adminCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.adminCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.adminCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.adminCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.adminCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.adminCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.adminCertSet.6.default.name=Key Usage Default\npolicyset.adminCertSet.6.default.params.keyUsageCritical=true\npolicyset.adminCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.adminCertSet.6.default.params.keyUsageKeyAgreement=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.7.constraint.name=No Constraint\npolicyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.adminCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.adminCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.adminCertSet.8.constraint.name=No Constraint\npolicyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.adminCertSet.8.default.name=Signing Alg\npolicyset.adminCertSet.8.default.params.signingAlg=-\nprofileId=ECAdminCert\nclassId=caEnrollImpl\n"
>2018-06-14T14:06:24Z DEBUG response status 409
>2018-06-14T14:06:24Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:24Z DEBUG Error migrating 'ECAdminCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:24Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/ECAdminCert?action=enable
>2018-06-14T14:06:24Z DEBUG request body ''
>2018-06-14T14:06:24Z DEBUG response status 409
>2018-06-14T14:06:24Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:24Z DEBUG Failed to enable profile 'ECAdminCert' (it is probably already enabled)
>2018-06-14T14:06:24Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:24Z DEBUG request body ''
>2018-06-14T14:06:24Z DEBUG response status 204
>2018-06-14T14:06:24Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=2C83558DDA321BB819963A32E9E11FDB; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b''
>2018-06-14T14:06:24Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:24Z DEBUG request body ''
>2018-06-14T14:06:24Z DEBUG response status 200
>2018-06-14T14:06:24Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=5BA3B7B8267404E866033BA5184ACDE6; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:24Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:24Z DEBUG request body 'desc=This profile is for enrolling audit log signing certificates\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Log Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caLogSigningSet\npolicyset.caLogSigningSet.list=1,2,3,4,6,8,9\npolicyset.caLogSigningSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caLogSigningSet.1.constraint.name=Subject Name Constraint\npolicyset.caLogSigningSet.1.constraint.params.pattern=CN=.*\npolicyset.caLogSigningSet.1.constraint.params.accept=true\npolicyset.caLogSigningSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caLogSigningSet.1.default.name=Subject Name Default\npolicyset.caLogSigningSet.1.default.params.name=\npolicyset.caLogSigningSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caLogSigningSet.2.constraint.name=Validity Constraint\npolicyset.caLogSigningSet.2.constraint.params.range=720\npolicyset.caLogSigningSet.2.constraint.params.notBeforeCheck=false\npolicyset.caLogSigningSet.2.constraint.params.notAfterCheck=false\npolicyset.caLogSigningSet.2.default.class_id=validityDefaultImpl\npolicyset.caLogSigningSet.2.default.name=Validity Default\npolicyset.caLogSigningSet.2.default.params.range=720\npolicyset.caLogSigningSet.2.default.params.startTime=0\npolicyset.caLogSigningSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caLogSigningSet.3.constraint.name=Key Constraint\npolicyset.caLogSigningSet.3.constraint.params.keyType=RSA\npolicyset.caLogSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.caLogSigningSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caLogSigningSet.3.default.name=Key Default\npolicyset.caLogSigningSet.4.constraint.class_id=noConstraintImpl\npolicyset.caLogSigningSet.4.constraint.name=No Constraint\npolicyset.caLogSigningSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caLogSigningSet.4.default.name=Authority Key Identifier Default\npolicyset.caLogSigningSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caLogSigningSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caLogSigningSet.6.constraint.params.keyUsageCritical=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caLogSigningSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caLogSigningSet.6.default.name=Key Usage Default\npolicyset.caLogSigningSet.6.default.params.keyUsageCritical=true\npolicyset.caLogSigningSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caLogSigningSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caLogSigningSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.caLogSigningSet.6.default.params.keyUsageCrlSign=false\npolicyset.caLogSigningSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caLogSigningSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caLogSigningSet.8.constraint.class_id=noConstraintImpl\npolicyset.caLogSigningSet.8.constraint.name=No Constraint\npolicyset.caLogSigningSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caLogSigningSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caLogSigningSet.8.default.params.critical=false\npolicyset.caLogSigningSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caLogSigningSet.9.constraint.name=No Constraint\npolicyset.caLogSigningSet.9.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caLogSigningSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caLogSigningSet.9.default.name=Signing Alg\npolicyset.caLogSigningSet.9.default.params.signingAlg=-\nprofileId=caSignedLogCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:24Z DEBUG response status 409
>2018-06-14T14:06:24Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:24Z DEBUG Error migrating 'caSignedLogCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:24Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caSignedLogCert?action=enable
>2018-06-14T14:06:24Z DEBUG request body ''
>2018-06-14T14:06:24Z DEBUG response status 409
>2018-06-14T14:06:24Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:23 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:24Z DEBUG Failed to enable profile 'caSignedLogCert' (it is probably already enabled)
>2018-06-14T14:06:24Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:24Z DEBUG request body ''
>2018-06-14T14:06:24Z DEBUG response status 204
>2018-06-14T14:06:24Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=0C36554A76C9D8B60845A837420AEEC1; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b''
>2018-06-14T14:06:24Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:24Z DEBUG request body ''
>2018-06-14T14:06:24Z DEBUG response status 200
>2018-06-14T14:06:24Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=D05114FD6288404768CF99F6A56AECEF; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:24Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:24Z DEBUG request body 'desc=This certificate profile is for enrolling TPS server certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual TPS Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caTPSCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:24Z DEBUG response status 409
>2018-06-14T14:06:24Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:24Z DEBUG Error migrating 'caTPSCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:24Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caTPSCert?action=enable
>2018-06-14T14:06:24Z DEBUG request body ''
>2018-06-14T14:06:24Z DEBUG response status 409
>2018-06-14T14:06:24Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:24Z DEBUG Failed to enable profile 'caTPSCert' (it is probably already enabled)
>2018-06-14T14:06:24Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:24Z DEBUG request body ''
>2018-06-14T14:06:24Z DEBUG response status 204
>2018-06-14T14:06:24Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=7B1561A228DFD64A105B214D88C9D6A1; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b''
>2018-06-14T14:06:24Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:24Z DEBUG request body ''
>2018-06-14T14:06:24Z DEBUG response status 200
>2018-06-14T14:06:24Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=F7598498838F1FDC9FE1C61F174EF8B7; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:24Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:24Z DEBUG request body 'desc=This certificate profile is for enrolling router certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated Router Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRARouterCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:24Z DEBUG response status 409
>2018-06-14T14:06:24Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:24Z DEBUG Error migrating 'caRARouterCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:24Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caRARouterCert?action=enable
>2018-06-14T14:06:24Z DEBUG request body ''
>2018-06-14T14:06:24Z DEBUG response status 409
>2018-06-14T14:06:24Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:24Z DEBUG Failed to enable profile 'caRARouterCert' (it is probably already enabled)
>2018-06-14T14:06:24Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:24Z DEBUG request body ''
>2018-06-14T14:06:24Z DEBUG response status 204
>2018-06-14T14:06:24Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=D45787A6C63DCD7437196B55382C7CFA; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b''
>2018-06-14T14:06:24Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:24Z DEBUG request body ''
>2018-06-14T14:06:24Z DEBUG response status 200
>2018-06-14T14:06:24Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=04FB49084F5B11E5FE1061DB647A7CC4; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:24Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:24Z DEBUG request body 'desc=This certificate profile is for enrolling router certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=flatFileAuth\nname=One Time Pin Router Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRouterCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:24Z DEBUG response status 409
>2018-06-14T14:06:24Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:24Z DEBUG Error migrating 'caRouterCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:24Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caRouterCert?action=enable
>2018-06-14T14:06:24Z DEBUG request body ''
>2018-06-14T14:06:24Z DEBUG response status 409
>2018-06-14T14:06:24Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:24Z DEBUG Failed to enable profile 'caRouterCert' (it is probably already enabled)
>2018-06-14T14:06:24Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:24Z DEBUG request body ''
>2018-06-14T14:06:24Z DEBUG response status 204
>2018-06-14T14:06:24Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=CE3AC46A98983563BD2F052D732A4EFE; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b''
>2018-06-14T14:06:24Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:24Z DEBUG request body ''
>2018-06-14T14:06:24Z DEBUG response status 200
>2018-06-14T14:06:24Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=F3CF50FC43AF50550E517EA755CACDE7; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:24Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:24Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caServerCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:24Z DEBUG response status 409
>2018-06-14T14:06:24Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:24Z DEBUG Error migrating 'caServerCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:24Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caServerCert?action=enable
>2018-06-14T14:06:24Z DEBUG request body ''
>2018-06-14T14:06:24Z DEBUG response status 409
>2018-06-14T14:06:24Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:24Z DEBUG Failed to enable profile 'caServerCert' (it is probably already enabled)
>2018-06-14T14:06:24Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:24Z DEBUG request body ''
>2018-06-14T14:06:24Z DEBUG response status 204
>2018-06-14T14:06:24Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=013F631B3C1967F66ECA6A380D04D331; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b''
>2018-06-14T14:06:24Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:24Z DEBUG request body ''
>2018-06-14T14:06:24Z DEBUG response status 200
>2018-06-14T14:06:24Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=4D7EA70B2BA9C9568975A510A43EFD6A; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:24Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:24Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:24Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with ECC keys.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Server Certificate Enrollment with ECC keys\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caECServerCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:25Z DEBUG response status 409
>2018-06-14T14:06:25Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:25Z DEBUG Error migrating 'caECServerCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:25Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caECServerCert?action=enable
>2018-06-14T14:06:25Z DEBUG request body ''
>2018-06-14T14:06:25Z DEBUG response status 409
>2018-06-14T14:06:25Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:25Z DEBUG Failed to enable profile 'caECServerCert' (it is probably already enabled)
>2018-06-14T14:06:25Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:25Z DEBUG request body ''
>2018-06-14T14:06:25Z DEBUG response status 204
>2018-06-14T14:06:25Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=BDA592CB62B9F46A8F677D6391B1C9D0; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b''
>2018-06-14T14:06:25Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:25Z DEBUG request body ''
>2018-06-14T14:06:25Z DEBUG response status 200
>2018-06-14T14:06:25Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=EA75F92B34D4FDB97660C996E09FE78C; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:25Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:25Z DEBUG request body 'desc=This certificate profile is for enrolling subsystem certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Subsystem Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caSubsystemCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:25Z DEBUG response status 409
>2018-06-14T14:06:25Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:25Z DEBUG Error migrating 'caSubsystemCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:25Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caSubsystemCert?action=enable
>2018-06-14T14:06:25Z DEBUG request body ''
>2018-06-14T14:06:25Z DEBUG response status 409
>2018-06-14T14:06:25Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:25Z DEBUG Failed to enable profile 'caSubsystemCert' (it is probably already enabled)
>2018-06-14T14:06:25Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:25Z DEBUG request body ''
>2018-06-14T14:06:25Z DEBUG response status 204
>2018-06-14T14:06:25Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=F3DA735E023635F1F8B51E17DE731266; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:24 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b''
>2018-06-14T14:06:25Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:25Z DEBUG request body ''
>2018-06-14T14:06:25Z DEBUG response status 200
>2018-06-14T14:06:25Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=DDEC48ED6063E7135F83781A3B8442C3; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:25Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:25Z DEBUG request body 'desc=This certificate profile is for enrolling subsystem certificates with ECC keys.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Subsystem Certificate Enrollment with ECC keys\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caECSubsystemCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:25Z DEBUG response status 409
>2018-06-14T14:06:25Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:25Z DEBUG Error migrating 'caECSubsystemCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:25Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caECSubsystemCert?action=enable
>2018-06-14T14:06:25Z DEBUG request body ''
>2018-06-14T14:06:25Z DEBUG response status 409
>2018-06-14T14:06:25Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:25Z DEBUG Failed to enable profile 'caECSubsystemCert' (it is probably already enabled)
>2018-06-14T14:06:25Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:25Z DEBUG request body ''
>2018-06-14T14:06:25Z DEBUG response status 204
>2018-06-14T14:06:25Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=8E8CB83A29358AEA330234CBD38E5708; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b''
>2018-06-14T14:06:25Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:25Z DEBUG request body ''
>2018-06-14T14:06:25Z DEBUG response status 200
>2018-06-14T14:06:25Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=E8ECCE142F3A1B7B5BC4A5990145B602; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:25Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:25Z DEBUG request body 'desc=This certificate profile is for enrolling other certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Other Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=otherCertSet\npolicyset.otherCertSet.list=1,2,3,4,5,6,7,8\npolicyset.otherCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.otherCertSet.1.constraint.name=Subject Name Constraint\npolicyset.otherCertSet.1.constraint.params.pattern=CN=.*\npolicyset.otherCertSet.1.constraint.params.accept=true\npolicyset.otherCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.otherCertSet.1.default.name=Subject Name Default\npolicyset.otherCertSet.1.default.params.name=\npolicyset.otherCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.otherCertSet.2.constraint.name=Validity Constraint\npolicyset.otherCertSet.2.constraint.params.range=720\npolicyset.otherCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.otherCertSet.2.constraint.params.notAfterCheck=false\npolicyset.otherCertSet.2.default.class_id=validityDefaultImpl\npolicyset.otherCertSet.2.default.name=Validity Default\npolicyset.otherCertSet.2.default.params.range=720\npolicyset.otherCertSet.2.default.params.startTime=0\npolicyset.otherCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.otherCertSet.3.constraint.name=Key Constraint\npolicyset.otherCertSet.3.constraint.params.keyType=-\npolicyset.otherCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.otherCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.otherCertSet.3.default.name=Key Default\npolicyset.otherCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.4.constraint.name=No Constraint\npolicyset.otherCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.otherCertSet.4.default.name=Authority Key Identifier Default\npolicyset.otherCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.5.constraint.name=No Constraint\npolicyset.otherCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.otherCertSet.5.default.name=AIA Extension Default\npolicyset.otherCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.otherCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.otherCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.otherCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.otherCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.otherCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.otherCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.otherCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.otherCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.otherCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.otherCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.otherCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.otherCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.otherCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.otherCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.otherCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.otherCertSet.6.default.name=Key Usage Default\npolicyset.otherCertSet.6.default.params.keyUsageCritical=true\npolicyset.otherCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.otherCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.otherCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.otherCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.otherCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.otherCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.otherCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.otherCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.otherCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.otherCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.7.constraint.name=No Constraint\npolicyset.otherCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.otherCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.otherCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.otherCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.otherCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.otherCertSet.8.constraint.name=No Constraint\npolicyset.otherCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.otherCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.otherCertSet.8.default.name=Signing Alg\npolicyset.otherCertSet.8.default.params.signingAlg=-\nprofileId=caOtherCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:25Z DEBUG response status 409
>2018-06-14T14:06:25Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:25Z DEBUG Error migrating 'caOtherCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:25Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caOtherCert?action=enable
>2018-06-14T14:06:25Z DEBUG request body ''
>2018-06-14T14:06:25Z DEBUG response status 409
>2018-06-14T14:06:25Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:25Z DEBUG Failed to enable profile 'caOtherCert' (it is probably already enabled)
>2018-06-14T14:06:25Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:25Z DEBUG request body ''
>2018-06-14T14:06:25Z DEBUG response status 204
>2018-06-14T14:06:25Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=6C0AA187F225298FBD29501E884C6AC8; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b''
>2018-06-14T14:06:25Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:25Z DEBUG request body ''
>2018-06-14T14:06:25Z DEBUG response status 200
>2018-06-14T14:06:25Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=401557B83FEB26CF63CF884A329F36C6; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:25Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:25Z DEBUG request body 'desc=This certificate profile is for enrolling Certificate Authority certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Certificate Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=Subject Name Constraint\npolicyset.caCertSet.1.constraint.params.pattern=CN=.*\npolicyset.caCertSet.1.constraint.params.accept=true\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=Subject Name Default\npolicyset.caCertSet.1.default.params.name=\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=7305\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=caValidityDefaultImpl\npolicyset.caCertSet.2.default.name=CA Certificate Validity Default\npolicyset.caCertSet.2.default.params.range=7305\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caCACert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:25Z DEBUG response status 409
>2018-06-14T14:06:25Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:25Z DEBUG Error migrating 'caCACert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:25Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caCACert?action=enable
>2018-06-14T14:06:25Z DEBUG request body ''
>2018-06-14T14:06:25Z DEBUG response status 409
>2018-06-14T14:06:25Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:25Z DEBUG Failed to enable profile 'caCACert' (it is probably already enabled)
>2018-06-14T14:06:25Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:25Z DEBUG request body ''
>2018-06-14T14:06:25Z DEBUG response status 204
>2018-06-14T14:06:25Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=402F95AEECA3CE5FAD6D686DF01D57FC; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b''
>2018-06-14T14:06:25Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:25Z DEBUG request body ''
>2018-06-14T14:06:25Z DEBUG response status 200
>2018-06-14T14:06:25Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=65D5A0B6232E3AB1AABFE4F4AA5940F5; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:25Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:25Z DEBUG request body 'desc=This certificate profile is for enrolling Certificate Authority certificates using CMC.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=CMCAuth\nauthz.acl=group="Certificate Manager Agents"\nname=Certificate Manager Signing Certificate Enrollment using CMC\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=Subject Name Constraint\npolicyset.caCertSet.1.constraint.params.pattern=CN=.*\npolicyset.caCertSet.1.constraint.params.accept=true\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=Subject Name Default\npolicyset.caCertSet.1.default.params.name=\npolicyset.caCertSet.2.constraint.class_id=caValidityConstraintImpl\npolicyset.caCertSet.2.constraint.name=CA Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=7305\npolicyset.caCertSet.2.default.class_id=caValidityDefaultImpl\npolicyset.caCertSet.2.default.name=CA Certificate Validity Default\npolicyset.caCertSet.2.default.params.range=7305\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caCMCcaCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:25Z DEBUG response status 409
>2018-06-14T14:06:25Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:25Z DEBUG Error migrating 'caCMCcaCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:25Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caCMCcaCert?action=enable
>2018-06-14T14:06:25Z DEBUG request body ''
>2018-06-14T14:06:25Z DEBUG response status 409
>2018-06-14T14:06:25Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:25Z DEBUG Failed to enable profile 'caCMCcaCert' (it is probably already enabled)
>2018-06-14T14:06:25Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:25Z DEBUG request body ''
>2018-06-14T14:06:25Z DEBUG response status 204
>2018-06-14T14:06:25Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=C1DA2FEE353D111BF83B74102C27F572; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b''
>2018-06-14T14:06:25Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:25Z DEBUG request body ''
>2018-06-14T14:06:25Z DEBUG response status 200
>2018-06-14T14:06:25Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=D699E5D60511E5BC29717286A0A642C2; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:25Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:25Z DEBUG request body 'desc=This certificate profile is for enrolling Cross Signed Certificate Authority certificates.\nvisible=false\nenable=false\nenableBy=admin\nauth.class_id=\nname=Manual Cross Signed Certificate Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=userSubjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=User Subject Name Constraint\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=User Supplied Subject Name Default\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=7305\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=caValidityDefaultImpl\npolicyset.caCertSet.2.default.name=CA Certificate Validity Default\npolicyset.caCertSet.2.default.params.range=7305\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caCrossSignedCACert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:25Z DEBUG response status 409
>2018-06-14T14:06:25Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:25Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:25Z DEBUG Error migrating 'caCrossSignedCACert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:25Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caCrossSignedCACert?action=enable
>2018-06-14T14:06:25Z DEBUG request body ''
>2018-06-14T14:06:26Z DEBUG response status 204
>2018-06-14T14:06:26Z DEBUG response headers Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b''
>2018-06-14T14:06:26Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:26Z DEBUG request body ''
>2018-06-14T14:06:26Z DEBUG response status 204
>2018-06-14T14:06:26Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=B13E863FE71EB6C6475EA5D95240DD66; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b''
>2018-06-14T14:06:26Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:26Z DEBUG request body ''
>2018-06-14T14:06:26Z DEBUG response status 200
>2018-06-14T14:06:26Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=1CFD02A663C511B19642E4D6EA72E9BA; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:26Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:26Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain Certificate Authority certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Manual Security Domain Certificate Authority Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=Subject Name Constraint\npolicyset.caCertSet.1.constraint.params.pattern=CN=.*\npolicyset.caCertSet.1.constraint.params.accept=true\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=Subject Name Default\npolicyset.caCertSet.1.default.params.name=\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=720\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=validityDefaultImpl\npolicyset.caCertSet.2.default.name=Validity Default\npolicyset.caCertSet.2.default.params.range=720\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caInstallCACert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:26Z DEBUG response status 409
>2018-06-14T14:06:26Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:26Z DEBUG Error migrating 'caInstallCACert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:26Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caInstallCACert?action=enable
>2018-06-14T14:06:26Z DEBUG request body ''
>2018-06-14T14:06:26Z DEBUG response status 409
>2018-06-14T14:06:26Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:26Z DEBUG Failed to enable profile 'caInstallCACert' (it is probably already enabled)
>2018-06-14T14:06:26Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:26Z DEBUG request body ''
>2018-06-14T14:06:26Z DEBUG response status 204
>2018-06-14T14:06:26Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=2D92733EF8B874BB8B4EEC3B0A7C6BB4; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b''
>2018-06-14T14:06:26Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:26Z DEBUG request body ''
>2018-06-14T14:06:26Z DEBUG response status 200
>2018-06-14T14:06:26Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=B4F61B57E02656B5B5440321F17E648F; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:26Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:26Z DEBUG request body 'desc=This certificate profile is for enrolling Registration Manager certificates.\nvisible=false\nenable=false\nenableBy=admin\nauth.class_id=\nname=Manual Registration Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=raCertSet\npolicyset.raCertSet.list=1,2,3,4,5,6,7,8\npolicyset.raCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.raCertSet.1.constraint.name=Subject Name Constraint\npolicyset.raCertSet.1.constraint.params.pattern=CN=.*\npolicyset.raCertSet.1.constraint.params.accept=true\npolicyset.raCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.raCertSet.1.default.name=Subject Name Default\npolicyset.raCertSet.1.default.params.name=\npolicyset.raCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.raCertSet.2.constraint.name=Validity Constraint\npolicyset.raCertSet.2.constraint.params.range=720\npolicyset.raCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.raCertSet.2.constraint.params.notAfterCheck=false\npolicyset.raCertSet.2.default.class_id=validityDefaultImpl\npolicyset.raCertSet.2.default.name=Validity Default\npolicyset.raCertSet.2.default.params.range=720\npolicyset.raCertSet.2.default.params.startTime=0\npolicyset.raCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.raCertSet.3.constraint.name=Key Constraint\npolicyset.raCertSet.3.constraint.params.keyType=RSA\npolicyset.raCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.raCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.raCertSet.3.default.name=Key Default\npolicyset.raCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.4.constraint.name=No Constraint\npolicyset.raCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.raCertSet.4.default.name=Authority Key Identifier Default\npolicyset.raCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.5.constraint.name=No Constraint\npolicyset.raCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.raCertSet.5.default.name=AIA Extension Default\npolicyset.raCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.raCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.raCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.raCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.raCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.raCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.raCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.raCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.raCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.raCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.raCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.raCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.raCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.raCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.raCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.raCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.raCertSet.6.default.name=Key Usage Default\npolicyset.raCertSet.6.default.params.keyUsageCritical=true\npolicyset.raCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.raCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.raCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.raCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.raCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.raCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.raCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.raCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.raCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.raCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.7.constraint.name=No Constraint\npolicyset.raCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.raCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.raCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.raCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.raCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.raCertSet.8.constraint.name=No Constraint\npolicyset.raCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.raCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.raCertSet.8.default.name=Signing Alg\npolicyset.raCertSet.8.default.params.signingAlg=-\nprofileId=caRACert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:26Z DEBUG response status 409
>2018-06-14T14:06:26Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:25 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:26Z DEBUG Error migrating 'caRACert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:26Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caRACert?action=enable
>2018-06-14T14:06:26Z DEBUG request body ''
>2018-06-14T14:06:26Z DEBUG response status 204
>2018-06-14T14:06:26Z DEBUG response headers Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b''
>2018-06-14T14:06:26Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:26Z DEBUG request body ''
>2018-06-14T14:06:26Z DEBUG response status 204
>2018-06-14T14:06:26Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=10CE0C6437703D34C11DAFE8EF4E4530; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b''
>2018-06-14T14:06:26Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:26Z DEBUG request body ''
>2018-06-14T14:06:26Z DEBUG response status 200
>2018-06-14T14:06:26Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=D80A0189EC9B780C1C7B92A3CB641A25; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:26Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:26Z DEBUG request body 'desc=This certificate profile is for enrolling OCSP Manager certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual OCSP Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=ocspCertSet\npolicyset.ocspCertSet.list=1,2,3,4,5,6,8,9\npolicyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.ocspCertSet.1.constraint.name=Subject Name Constraint\npolicyset.ocspCertSet.1.constraint.params.pattern=CN=.*\npolicyset.ocspCertSet.1.constraint.params.accept=true\npolicyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.ocspCertSet.1.default.name=Subject Name Default\npolicyset.ocspCertSet.1.default.params.name=\npolicyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.ocspCertSet.2.constraint.name=Validity Constraint\npolicyset.ocspCertSet.2.constraint.params.range=720\npolicyset.ocspCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.ocspCertSet.2.constraint.params.notAfterCheck=false\npolicyset.ocspCertSet.2.default.class_id=validityDefaultImpl\npolicyset.ocspCertSet.2.default.name=Validity Default\npolicyset.ocspCertSet.2.default.params.range=720\npolicyset.ocspCertSet.2.default.params.startTime=0\npolicyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.ocspCertSet.3.constraint.name=Key Constraint\npolicyset.ocspCertSet.3.constraint.params.keyType=-\npolicyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.ocspCertSet.3.default.name=Key Default\npolicyset.ocspCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.4.constraint.name=No Constraint\npolicyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.ocspCertSet.4.default.name=Authority Key Identifier Default\npolicyset.ocspCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.5.constraint.name=No Constraint\npolicyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.ocspCertSet.5.default.name=AIA Extension Default\npolicyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.ocspCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl\npolicyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.ocspCertSet.6.default.name=Extended Key Usage Default\npolicyset.ocspCertSet.6.default.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl\npolicyset.ocspCertSet.8.constraint.name=No Constraint\npolicyset.ocspCertSet.8.constraint.params.extCritical=false\npolicyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5\npolicyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl\npolicyset.ocspCertSet.8.default.name=OCSP No Check Extension\npolicyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false\npolicyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.ocspCertSet.9.constraint.name=No Constraint\npolicyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.ocspCertSet.9.default.name=Signing Alg\npolicyset.ocspCertSet.9.default.params.signingAlg=-\nprofileId=caOCSPCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:26Z DEBUG response status 409
>2018-06-14T14:06:26Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:26Z DEBUG Error migrating 'caOCSPCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:26Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caOCSPCert?action=enable
>2018-06-14T14:06:26Z DEBUG request body ''
>2018-06-14T14:06:26Z DEBUG response status 409
>2018-06-14T14:06:26Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:26Z DEBUG Failed to enable profile 'caOCSPCert' (it is probably already enabled)
>2018-06-14T14:06:26Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:26Z DEBUG request body ''
>2018-06-14T14:06:26Z DEBUG response status 204
>2018-06-14T14:06:26Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=4B0247672B12C9C0BC61CE69532A767B; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b''
>2018-06-14T14:06:26Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:26Z DEBUG request body ''
>2018-06-14T14:06:26Z DEBUG response status 200
>2018-06-14T14:06:26Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=ABD50C49AFB1D44491F1575F4EFBD4AF; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:26Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:26Z DEBUG request body 'desc=This certificate profile is for enrolling Data Recovery Manager storage certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class.id=\nname=Manual Data Recovery Manager Storage Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=drmStorageCertSet\npolicyset.drmStorageCertSet.list=1,2,3,4,5,6,7,9\npolicyset.drmStorageCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.drmStorageCertSet.1.constraint.name=Subject Name Constraint\npolicyset.drmStorageCertSet.1.constraint.params.pattern=CN=.*\npolicyset.drmStorageCertSet.1.constraint.params.accept=true\npolicyset.drmStorageCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.drmStorageCertSet.1.default.name=Subject Name Default\npolicyset.drmStorageCertSet.1.default.params.name=\npolicyset.drmStorageCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.drmStorageCertSet.2.constraint.name=Validity Constraint\npolicyset.drmStorageCertSet.2.constraint.params.range=720\npolicyset.drmStorageCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.drmStorageCertSet.2.constraint.params.notAfterCheck=false\npolicyset.drmStorageCertSet.2.default.class_id=validityDefaultImpl\npolicyset.drmStorageCertSet.2.default.name=Validity Default\npolicyset.drmStorageCertSet.2.default.params.range=720\npolicyset.drmStorageCertSet.2.default.params.startTime=0\npolicyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.drmStorageCertSet.3.constraint.name=Key Constraint\npolicyset.drmStorageCertSet.3.constraint.params.keyType=RSA\npolicyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.drmStorageCertSet.3.default.name=Key Default\npolicyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.4.constraint.name=No Constraint\npolicyset.drmStorageCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.drmStorageCertSet.4.default.name=Authority Key Identifier Default\npolicyset.drmStorageCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.5.constraint.name=No Constraint\npolicyset.drmStorageCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.drmStorageCertSet.5.default.name=AIA Extension Default\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.drmStorageCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.drmStorageCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.6.default.name=Key Usage Default\npolicyset.drmStorageCertSet.6.default.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.7.constraint.name=No Constraint\npolicyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.drmStorageCertSet.9.constraint.name=No Constraint\npolicyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.drmStorageCertSet.9.default.name=Signing Alg\npolicyset.drmStorageCertSet.9.default.params.signingAlg=-\nprofileId=caStorageCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:26Z DEBUG response status 409
>2018-06-14T14:06:26Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:26Z DEBUG Error migrating 'caStorageCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:26Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caStorageCert?action=enable
>2018-06-14T14:06:26Z DEBUG request body ''
>2018-06-14T14:06:26Z DEBUG response status 409
>2018-06-14T14:06:26Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:26Z DEBUG Failed to enable profile 'caStorageCert' (it is probably already enabled)
>2018-06-14T14:06:26Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:26Z DEBUG request body ''
>2018-06-14T14:06:26Z DEBUG response status 204
>2018-06-14T14:06:26Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=1BFA624BE9F7D249E598E31629E9054A; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b''
>2018-06-14T14:06:26Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:26Z DEBUG request body ''
>2018-06-14T14:06:26Z DEBUG response status 200
>2018-06-14T14:06:26Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=4051816FBAD0C51819B7F2B07C364702; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:26Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:26Z DEBUG request body 'desc=This certificate profile is for enrolling Data Recovery Manager transport certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Data Recovery Manager Transport Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=transportCertSet\npolicyset.transportCertSet.list=1,2,3,4,5,6,7,8\npolicyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.transportCertSet.1.constraint.name=Subject Name Constraint\npolicyset.transportCertSet.1.constraint.params.pattern=CN=.*\npolicyset.transportCertSet.1.constraint.params.accept=true\npolicyset.transportCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.transportCertSet.1.default.name=Subject Name Default\npolicyset.transportCertSet.1.default.params.name=\npolicyset.transportCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.transportCertSet.2.constraint.name=Validity Constraint\npolicyset.transportCertSet.2.constraint.params.range=720\npolicyset.transportCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.transportCertSet.2.constraint.params.notAfterCheck=false\npolicyset.transportCertSet.2.default.class_id=validityDefaultImpl\npolicyset.transportCertSet.2.default.name=Validity Default\npolicyset.transportCertSet.2.default.params.range=720\npolicyset.transportCertSet.2.default.params.startTime=0\npolicyset.transportCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.transportCertSet.3.constraint.name=Key Constraint\npolicyset.transportCertSet.3.constraint.params.keyType=RSA\npolicyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.transportCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.transportCertSet.3.default.name=Key Default\npolicyset.transportCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.4.constraint.name=No Constraint\npolicyset.transportCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.transportCertSet.4.default.name=Authority Key Identifier Default\npolicyset.transportCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.5.constraint.name=No Constraint\npolicyset.transportCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.transportCertSet.5.default.name=AIA Extension Default\npolicyset.transportCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.transportCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.transportCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.transportCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.transportCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.transportCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.transportCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.transportCertSet.6.default.name=Key Usage Default\npolicyset.transportCertSet.6.default.params.keyUsageCritical=true\npolicyset.transportCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.7.constraint.name=No Constraint\npolicyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.transportCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.transportCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.transportCertSet.8.constraint.name=No Constraint\npolicyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.transportCertSet.8.default.name=Signing Alg\npolicyset.transportCertSet.8.default.params.signingAlg=-\nprofileId=caTransportCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:26Z DEBUG response status 409
>2018-06-14T14:06:26Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:26Z DEBUG Error migrating 'caTransportCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:26Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caTransportCert?action=enable
>2018-06-14T14:06:26Z DEBUG request body ''
>2018-06-14T14:06:26Z DEBUG response status 409
>2018-06-14T14:06:26Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:26Z DEBUG Failed to enable profile 'caTransportCert' (it is probably already enabled)
>2018-06-14T14:06:26Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:26Z DEBUG request body ''
>2018-06-14T14:06:26Z DEBUG response status 204
>2018-06-14T14:06:26Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=8DBCDE9B529E328B5983B5C9F1B0AED7; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b''
>2018-06-14T14:06:26Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:26Z DEBUG request body ''
>2018-06-14T14:06:26Z DEBUG response status 200
>2018-06-14T14:06:26Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=E6B3D4B178E9D66632AD53E6ACF21E22; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:26Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:26Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-pin-based authentication.\nvisible=true\nenable=false\nenableBy=admin\nname=Directory-Pin-Authenticated User Dual-Use Certificate Enrollment\nauth.instance_id=PinDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDirPinUserCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:26Z DEBUG response status 409
>2018-06-14T14:06:26Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:26Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:26Z DEBUG Error migrating 'caDirPinUserCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:26Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caDirPinUserCert?action=enable
>2018-06-14T14:06:26Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 204
>2018-06-14T14:06:27Z DEBUG response headers Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b''
>2018-06-14T14:06:27Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 204
>2018-06-14T14:06:27Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=75D675CF0EC6B4FF565CE4CA0AB16DAA; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b''
>2018-06-14T14:06:27Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 200
>2018-06-14T14:06:27Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=EAE91ADFA9D685D2FF4313B6AA4D8E20; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:27Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:27Z DEBUG request body 'desc=This certificate profile is for enrolling user ECC certificates with directory-pin-based authentication.\nvisible=true\nenable=false\nenableBy=admin\nname=Directory-Pin-Authenticated User Dual-Use ECC Certificate Enrollment\nauth.instance_id=PinDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=true\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caECDirPinUserCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:27Z DEBUG response status 409
>2018-06-14T14:06:27Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:27Z DEBUG Error migrating 'caECDirPinUserCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:27Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caECDirPinUserCert?action=enable
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 204
>2018-06-14T14:06:27Z DEBUG response headers Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b''
>2018-06-14T14:06:27Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 204
>2018-06-14T14:06:27Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=62046F02DDE82071383CC84AF73EE241; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b''
>2018-06-14T14:06:27Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 200
>2018-06-14T14:06:27Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=DA640D4065E9505C679FA2E892DD4F2B; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:27Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:27Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-based authentication.\nvisible=true\nenable=true\nenableBy=admin\nname=Directory-Authenticated User Dual-Use Certificate Enrollment\nauth.instance_id=UserDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=EC\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDirUserCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:27Z DEBUG response status 409
>2018-06-14T14:06:27Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:27Z DEBUG Error migrating 'caDirUserCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:27Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caDirUserCert?action=enable
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 409
>2018-06-14T14:06:27Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:26 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:27Z DEBUG Failed to enable profile 'caDirUserCert' (it is probably already enabled)
>2018-06-14T14:06:27Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 204
>2018-06-14T14:06:27Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=CC47FBB42EA573EC53903066752ACA3A; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b''
>2018-06-14T14:06:27Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 200
>2018-06-14T14:06:27Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=969C6C27AD14A09E41611C446DED5212; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:27Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:27Z DEBUG request body 'desc=This certificate profile is for enrolling user ECC certificates with directory-based authentication.\nvisible=true\nenable=true\nenableBy=admin\nname=Directory-Authenticated User ECC Certificate Enrollment\nauth.instance_id=UserDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=true\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caECDirUserCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:27Z DEBUG response status 409
>2018-06-14T14:06:27Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:27Z DEBUG Error migrating 'caECDirUserCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:27Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caECDirUserCert?action=enable
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 409
>2018-06-14T14:06:27Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:27Z DEBUG Failed to enable profile 'caECDirUserCert' (it is probably already enabled)
>2018-06-14T14:06:27Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 204
>2018-06-14T14:06:27Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=47B49C53C093CAE02AA48158E65B8719; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b''
>2018-06-14T14:06:27Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 200
>2018-06-14T14:06:27Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=B3DE3A6D16198B17EF9B32EC018E2674; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:27Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:27Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with agent authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=AgentCertAuth\nname=Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caAgentServerCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:27Z DEBUG response status 409
>2018-06-14T14:06:27Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:27Z DEBUG Error migrating 'caAgentServerCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:27Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caAgentServerCert?action=enable
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 409
>2018-06-14T14:06:27Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:27Z DEBUG Failed to enable profile 'caAgentServerCert' (it is probably already enabled)
>2018-06-14T14:06:27Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 204
>2018-06-14T14:06:27Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=E02831054962AB8D563EEDC885C9A325; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b''
>2018-06-14T14:06:27Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 200
>2018-06-14T14:06:27Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=89C6831476476B0B9E51BD3207A6D555; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:27Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:27Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with ECC keys using agent authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=AgentCertAuth\nname=Agent-Authenticated Server Certificate Enrollment with ECC keys\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caECAgentServerCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:27Z DEBUG response status 409
>2018-06-14T14:06:27Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:27Z DEBUG Error migrating 'caECAgentServerCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:27Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caECAgentServerCert?action=enable
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 409
>2018-06-14T14:06:27Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:27Z DEBUG Failed to enable profile 'caECAgentServerCert' (it is probably already enabled)
>2018-06-14T14:06:27Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 204
>2018-06-14T14:06:27Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=CCD86C654A0ED86CAEAF4D919AFF92A8; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b''
>2018-06-14T14:06:27Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 200
>2018-06-14T14:06:27Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=172E6D4B5508A874B822AE5C5F1DAFA3; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:27Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:27Z DEBUG request body 'desc=This certificate profile is for getting file signing certificate with agent authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=AgentCertAuth\nname=Agent-Authenticated File Signing\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=fileSigningInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=pkcs7OutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=(Name)$request.requestor_name$(Text)$request.file_signing_text$(Size)$request.file_signing_size$(DigestType)$request.file_signing_digest_type$(Digest)$request.file_signing_digest$\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.3\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caAgentFileSigning\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:27Z DEBUG response status 409
>2018-06-14T14:06:27Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:27Z DEBUG Error migrating 'caAgentFileSigning': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:27Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caAgentFileSigning?action=enable
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 409
>2018-06-14T14:06:27Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:27Z DEBUG Failed to enable profile 'caAgentFileSigning' (it is probably already enabled)
>2018-06-14T14:06:27Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 204
>2018-06-14T14:06:27Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=2EFDFD8133CCD5530CE68B68A7526D47; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b''
>2018-06-14T14:06:27Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:27Z DEBUG response status 200
>2018-06-14T14:06:27Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=94B8AC75A38EE19FFD7B6D2462A7BC92; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:27Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:27Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=CMCAuth\nauthz.acl=group="Certificate Manager Agents"\nname=Signed CMC-Authenticated User Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=cmcCertReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyType=RSA\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caCMCUserCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:27Z DEBUG response status 409
>2018-06-14T14:06:27Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:27Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:27Z DEBUG Error migrating 'caCMCUserCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:27Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caCMCUserCert?action=enable
>2018-06-14T14:06:27Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 409
>2018-06-14T14:06:28Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:28Z DEBUG Failed to enable profile 'caCMCUserCert' (it is probably already enabled)
>2018-06-14T14:06:28Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 204
>2018-06-14T14:06:28Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=89B1764ABE0CEF64C135CEAD3BA17B83; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b''
>2018-06-14T14:06:28Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 200
>2018-06-14T14:06:28Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=D11F85DCF36E57AD2E01EA9A5F250E7E; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:28Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:28Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with ECC keys by using the CMC certificate request with CMC Signature authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=CMCAuth\nauthz.acl=group="Certificate Manager Agents"\nname=Signed CMC-Authenticated User Certificate wth ECC keys Enrollment\ninput.list=i1,i2\ninput.i1.class_id=cmcCertReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyType=EC\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=nistp256,nistp521\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caCMCECUserCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:28Z DEBUG response status 409
>2018-06-14T14:06:28Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:28Z DEBUG Error migrating 'caCMCECUserCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:28Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caCMCECUserCert?action=enable
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 409
>2018-06-14T14:06:28Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:28Z DEBUG Failed to enable profile 'caCMCECUserCert' (it is probably already enabled)
>2018-06-14T14:06:28Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 204
>2018-06-14T14:06:28Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=190A4FD03D9CE2189734C277B5F3B35A; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b''
>2018-06-14T14:06:28Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 200
>2018-06-14T14:06:28Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=9675644964931A51408DAAF31C181247; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:28Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:28Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the agent-signed CMC certificate request with CMC Signature authentication.\nenable=true\nenableBy=admin\nname=Agent-Signed CMC-Authenticated User Certificate Enrollment\nvisible=false\nauth.instance_id=CMCAuth\ninput.list=i1,i2\ninput.i1.class_id=cmcCertReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.cmcUserCertSet.3.constraint.params.keyType=RSA\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caFullCMCUserCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:28Z DEBUG response status 409
>2018-06-14T14:06:28Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:28Z DEBUG Error migrating 'caFullCMCUserCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:28Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caFullCMCUserCert?action=enable
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 409
>2018-06-14T14:06:28Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:28Z DEBUG Failed to enable profile 'caFullCMCUserCert' (it is probably already enabled)
>2018-06-14T14:06:28Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 204
>2018-06-14T14:06:28Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=E68E3C62ED50A4274B1723BB4EEC0276; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:27 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b''
>2018-06-14T14:06:28Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 200
>2018-06-14T14:06:28Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=F8E561D23676800828C82EE2E94922EC; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:28Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:28Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the agent-signed CMC certificate request with CMC Signature authentication.\nenable=true\nenableBy=admin\nname=Agent-Signed CMC-Authenticated User Certificate Enrollment\nvisible=false\nauth.instance_id=CMCAuth\ninput.list=i1,i2\ninput.i1.class_id=cmcCertReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=nistp256,nistp521\npolicyset.cmcUserCertSet.3.constraint.params.keyType=EC\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caECFullCMCUserCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:28Z DEBUG response status 409
>2018-06-14T14:06:28Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:28Z DEBUG Error migrating 'caECFullCMCUserCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:28Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caECFullCMCUserCert?action=enable
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 409
>2018-06-14T14:06:28Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:28Z DEBUG Failed to enable profile 'caECFullCMCUserCert' (it is probably already enabled)
>2018-06-14T14:06:28Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 204
>2018-06-14T14:06:28Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=B745A63C4EB5A798193215B2C61EF7E0; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b''
>2018-06-14T14:06:28Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 200
>2018-06-14T14:06:28Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=0B08B2C673D15B7EC9B266424B2CC2D3; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:28Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:28Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with non-agent user CMC authentication.\nenable=true\nenableBy=admin\nname=User-Signed CMC-Authenticated User Certificate Enrollment\nvisible=false\nauth.instance_id=CMCUserSignedAuth\ninput.list=i1,i2\ninput.i1.class_id=cmcCertReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,9,10,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=cmcUserSignedSubjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=CMC User Signed Subject Name Constraint\npolicyset.cmcUserCertSet.1.default.class_id=cmcUserSignedSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=User Signed Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.9.constraint.class_id=uniqueKeyConstraintImpl\npolicyset.cmcUserCertSet.9.constraint.name=Unique Key Constraint\npolicyset.cmcUserCertSet.9.constraint.params.allowSameKeyRenewal=true\npolicyset.cmcUserCertSet.9.default.class_id=noDefaultImpl\npolicyset.cmcUserCertSet.9.default.name=No Default\npolicyset.cmcUserCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.cmcUserCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.cmcUserCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.cmcUserCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.cmcUserCertSet.10.default.class_id=noDefaultImpl\npolicyset.cmcUserCertSet.10.default.name=No Default\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.cmcUserCertSet.3.constraint.params.keyType=RSA\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caFullCMCUserSignedCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:28Z DEBUG response status 409
>2018-06-14T14:06:28Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:28Z DEBUG Error migrating 'caFullCMCUserSignedCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:28Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caFullCMCUserSignedCert?action=enable
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 409
>2018-06-14T14:06:28Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:28Z DEBUG Failed to enable profile 'caFullCMCUserSignedCert' (it is probably already enabled)
>2018-06-14T14:06:28Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 204
>2018-06-14T14:06:28Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=2123CBF545D45B9715A818340E38916F; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b''
>2018-06-14T14:06:28Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 200
>2018-06-14T14:06:28Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=076444F59421DF106E949941A40DD99E; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:28Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:28Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with EC keys by using the CMC certificate request with non-agent user CMC authentication.\nenable=true\nenableBy=admin\nname=User-Signed CMC-Authenticated User Certificate Enrollment\nvisible=false\nauth.instance_id=CMCUserSignedAuth\ninput.list=i1,i2\ninput.i1.class_id=cmcCertReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,9,10,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=cmcUserSignedSubjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=CMC User Signed Subject Name Constraint\npolicyset.cmcUserCertSet.1.default.class_id=cmcUserSignedSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=User Signed Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.9.constraint.class_id=uniqueKeyConstraintImpl\npolicyset.cmcUserCertSet.9.constraint.name=Unique Key Constraint\npolicyset.cmcUserCertSet.9.constraint.params.allowSameKeyRenewal=true\npolicyset.cmcUserCertSet.9.default.class_id=noDefaultImpl\npolicyset.cmcUserCertSet.9.default.name=No Default\npolicyset.cmcUserCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.cmcUserCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.cmcUserCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.cmcUserCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.cmcUserCertSet.10.default.class_id=noDefaultImpl\npolicyset.cmcUserCertSet.10.default.name=No Default\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=nistp256,nistp521\npolicyset.cmcUserCertSet.3.constraint.params.keyType=EC\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caECFullCMCUserSignedCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:28Z DEBUG response status 409
>2018-06-14T14:06:28Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:28Z DEBUG Error migrating 'caECFullCMCUserSignedCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:28Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caECFullCMCUserSignedCert?action=enable
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 409
>2018-06-14T14:06:28Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:28Z DEBUG Failed to enable profile 'caECFullCMCUserSignedCert' (it is probably already enabled)
>2018-06-14T14:06:28Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 204
>2018-06-14T14:06:28Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=A8E8791CD12F4C51221A17139048600F; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b''
>2018-06-14T14:06:28Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 200
>2018-06-14T14:06:28Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=6A2341A6C6435D3E9E29E86E4F4111C2; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:28Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:28Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the self-signed CMC certificate request\nenable=true\nenableBy=admin\nname=Self-Signed CMC User Certificate Enrollment\nvisible=false\nauth.instance_id=CMCUserSignedAuth\ninput.list=i1,i2\ninput.i1.class_id=cmcCertReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.cmcUserCertSet.3.constraint.params.keyType=RSA\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caFullCMCSelfSignedCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:28Z DEBUG response status 409
>2018-06-14T14:06:28Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:28Z DEBUG Error migrating 'caFullCMCSelfSignedCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:28Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caFullCMCSelfSignedCert?action=enable
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 409
>2018-06-14T14:06:28Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:28Z DEBUG Failed to enable profile 'caFullCMCSelfSignedCert' (it is probably already enabled)
>2018-06-14T14:06:28Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 204
>2018-06-14T14:06:28Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=F1559DEE84F86D6AF21840669DC91994; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b''
>2018-06-14T14:06:28Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:28Z DEBUG response status 200
>2018-06-14T14:06:28Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=05D454321DDAC11B9F64323CD98F5F6D; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:28Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:28Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with ECC keys by using the self-signed CMC certificate request\nenable=true\nenableBy=admin\nname=Self-Signed CMC User Certificate Enrollment\nvisible=false\nauth.instance_id=CMCUserSignedAuth\ninput.list=i1,i2\ninput.i1.class_id=cmcCertReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=nistp256,nistp521\npolicyset.cmcUserCertSet.3.constraint.params.keyType=EC\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caECFullCMCSelfSignedCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:28Z DEBUG response status 409
>2018-06-14T14:06:28Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:28Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:28Z DEBUG Error migrating 'caECFullCMCSelfSignedCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:28Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caECFullCMCSelfSignedCert?action=enable
>2018-06-14T14:06:28Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 409
>2018-06-14T14:06:29Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:29Z DEBUG Failed to enable profile 'caECFullCMCSelfSignedCert' (it is probably already enabled)
>2018-06-14T14:06:29Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 204
>2018-06-14T14:06:29Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=4566255B66613445B9BC24987777576A; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b''
>2018-06-14T14:06:29Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 200
>2018-06-14T14:06:29Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=53CE27C626C64F114DA96858FA1E62B2; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:29Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:29Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\nenable=true\nenableBy=admin\nname=Simple CMC Enrollment Request for User Certificate\nvisible=false\nauth.instance_id=\ninput.list=i1\ninput.i1.class_id=certReqInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.cmcUserCertSet.3.constraint.params.keyType=RSA\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caSimpleCMCUserCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:29Z DEBUG response status 409
>2018-06-14T14:06:29Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:29Z DEBUG Error migrating 'caSimpleCMCUserCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:29Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caSimpleCMCUserCert?action=enable
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 409
>2018-06-14T14:06:29Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:29Z DEBUG Failed to enable profile 'caSimpleCMCUserCert' (it is probably already enabled)
>2018-06-14T14:06:29Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 204
>2018-06-14T14:06:29Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=009DF241E1F865FA8C0089ED1974ED2F; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b''
>2018-06-14T14:06:29Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 200
>2018-06-14T14:06:29Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=BFC671E5899F8D676E8D44AD2034AF68; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:29Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:29Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\nenable=true\nenableBy=admin\nname=Simple CMC Enrollment Request for User Certificate\nvisible=false\nauth.instance_id=\ninput.list=i1\ninput.i1.class_id=certReqInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=nistp256,nistp521\npolicyset.cmcUserCertSet.3.constraint.params.keyType=EC\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caECSimpleCMCUserCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:29Z DEBUG response status 409
>2018-06-14T14:06:29Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:29Z DEBUG Error migrating 'caECSimpleCMCUserCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:29Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caECSimpleCMCUserCert?action=enable
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 409
>2018-06-14T14:06:29Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:29Z DEBUG Failed to enable profile 'caECSimpleCMCUserCert' (it is probably already enabled)
>2018-06-14T14:06:29Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 204
>2018-06-14T14:06:29Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=6B03C703606BD6B98BA5254FCC6BA10C; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b''
>2018-06-14T14:06:29Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 200
>2018-06-14T14:06:29Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=5AB58525B44109F7FF37D3330C7DFF39; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:29Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:29Z DEBUG request body 'desc=This profile is for enrolling token device keys\nenable=true\nenableBy=admin\nlastModified=1068835451090\nname=Token Device Key Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsHKeyCertReqInputImpl\ninput.i1.name=nsHKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p3,p4,p5,p1,p7,p8,p9,p12,p6\npolicyset.set1.list=p2,p4,p5,p1,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenDeviceKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenDeviceKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=Token Key Device - $request.tokencuid$\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p3.constraint.class_id=noConstraintImpl\npolicyset.set1.p3.constraint.name=No Constraint\npolicyset.set1.p3.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.params.crlDistPointsCritical=false\npolicyset.set1.p3.default.params.crlDistPointsNum=1\npolicyset.set1.p3.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p3.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p3.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p3.default.params.crlDistPointsPointName_0=\npolicyset.set1.p3.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p3.default.params.crlDistPointsReasons_0=\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_1=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\nprofileId=caTokenDeviceKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
>2018-06-14T14:06:29Z DEBUG response status 409
>2018-06-14T14:06:29Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:28 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:29Z DEBUG Error migrating 'caTokenDeviceKeyEnrollment': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:29Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caTokenDeviceKeyEnrollment?action=enable
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 409
>2018-06-14T14:06:29Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:29Z DEBUG Failed to enable profile 'caTokenDeviceKeyEnrollment' (it is probably already enabled)
>2018-06-14T14:06:29Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 204
>2018-06-14T14:06:29Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=26DCDFF05AF088AF922F073254959C32; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b''
>2018-06-14T14:06:29Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 200
>2018-06-14T14:06:29Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=3D51028AD27AAB8500B2165A4D4120F0; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:29Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:29Z DEBUG request body 'desc=This profile is for enrolling Token Encryption key\nenable=true\nenableBy=admin\nname=Token User Encryption Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=false\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserEncryptionKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
>2018-06-14T14:06:29Z DEBUG response status 409
>2018-06-14T14:06:29Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:29Z DEBUG Error migrating 'caTokenUserEncryptionKeyEnrollment': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:29Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caTokenUserEncryptionKeyEnrollment?action=enable
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 409
>2018-06-14T14:06:29Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:29Z DEBUG Failed to enable profile 'caTokenUserEncryptionKeyEnrollment' (it is probably already enabled)
>2018-06-14T14:06:29Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 204
>2018-06-14T14:06:29Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=3071C6A8A6A9ABC5EFC980B547884563; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b''
>2018-06-14T14:06:29Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 200
>2018-06-14T14:06:29Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=6DE2A5A0115C886A5E28E82A6539DAB7; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:29Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:29Z DEBUG request body 'desc=This profile is for enrolling Token Signing key\nenable=true\nenableBy=admin\nname=Token User Signing Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserSigningKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
>2018-06-14T14:06:29Z DEBUG response status 409
>2018-06-14T14:06:29Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:29Z DEBUG Error migrating 'caTokenUserSigningKeyEnrollment': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:29Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caTokenUserSigningKeyEnrollment?action=enable
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 409
>2018-06-14T14:06:29Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:29Z DEBUG Failed to enable profile 'caTokenUserSigningKeyEnrollment' (it is probably already enabled)
>2018-06-14T14:06:29Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 204
>2018-06-14T14:06:29Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=C3CC92C603ED26465CC28CFCB5DA8DC0; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b''
>2018-06-14T14:06:29Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 200
>2018-06-14T14:06:29Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=E111AC5E049E2B9FBCAB270FA5FB6871; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:29Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:29Z DEBUG request body 'desc=This profile is for enrolling token device keys\nenable=true\nenableBy=admin\nlastModified=1068835451090\nname=Temporary Device Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsHKeyCertReqInputImpl\ninput.i1.name=nsHKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p3,p4,p5,p1,p7,p8,p9,p12,p6\npolicyset.set1.list=p2,p4,p5,p1,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenDeviceKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenDeviceKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=Token Key Device - $request.tokencuid$\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p3.constraint.class_id=noConstraintImpl\npolicyset.set1.p3.constraint.name=No Constraint\npolicyset.set1.p3.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.params.crlDistPointsCritical=false\npolicyset.set1.p3.default.params.crlDistPointsNum=1\npolicyset.set1.p3.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p3.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p3.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p3.default.params.crlDistPointsPointName_0=\npolicyset.set1.p3.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p3.default.params.crlDistPointsReasons_0=\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_1=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\nprofileId=caTempTokenDeviceKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
>2018-06-14T14:06:29Z DEBUG response status 409
>2018-06-14T14:06:29Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:29Z DEBUG Error migrating 'caTempTokenDeviceKeyEnrollment': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:29Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caTempTokenDeviceKeyEnrollment?action=enable
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 409
>2018-06-14T14:06:29Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:29Z DEBUG Failed to enable profile 'caTempTokenDeviceKeyEnrollment' (it is probably already enabled)
>2018-06-14T14:06:29Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 204
>2018-06-14T14:06:29Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=612AF4A532287EF93AD7E39C63083412; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b''
>2018-06-14T14:06:29Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:29Z DEBUG response status 200
>2018-06-14T14:06:29Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=E32278F461EA66282C5E8D519801467A; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:29Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:29Z DEBUG request body 'desc=This profile is for enrolling Token Encryption key\nenable=true\nenableBy=admin\nname=Temporary Token User Encryption Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\n#uncomment below to support SMIME\n#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=false\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTempTokenUserEncryptionKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
>2018-06-14T14:06:29Z DEBUG response status 409
>2018-06-14T14:06:29Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:29Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:29Z DEBUG Error migrating 'caTempTokenUserEncryptionKeyEnrollment': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:29Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caTempTokenUserEncryptionKeyEnrollment?action=enable
>2018-06-14T14:06:29Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 409
>2018-06-14T14:06:30Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:30Z DEBUG Failed to enable profile 'caTempTokenUserEncryptionKeyEnrollment' (it is probably already enabled)
>2018-06-14T14:06:30Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 204
>2018-06-14T14:06:30Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=4D76A06BB3A149F11347337892EA37A4; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b''
>2018-06-14T14:06:30Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 200
>2018-06-14T14:06:30Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=2FFC2EC72C87ECB1D2CFFBE9D41CC93A; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:30Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:30Z DEBUG request body 'desc=This profile is for enrolling Token Signing key\nenable=true\nenableBy=admin\nname=Temporary Token User Signing Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\n#uncomment below to support SMIME\n#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTempTokenUserSigningKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
>2018-06-14T14:06:30Z DEBUG response status 409
>2018-06-14T14:06:30Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:30Z DEBUG Error migrating 'caTempTokenUserSigningKeyEnrollment': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:30Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caTempTokenUserSigningKeyEnrollment?action=enable
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 409
>2018-06-14T14:06:30Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:30Z DEBUG Failed to enable profile 'caTempTokenUserSigningKeyEnrollment' (it is probably already enabled)
>2018-06-14T14:06:30Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 204
>2018-06-14T14:06:30Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=14E0BF6E696123292FEFDD9C55DAB7A0; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b''
>2018-06-14T14:06:30Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 200
>2018-06-14T14:06:30Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=D76EE8916912E5E90AEE0CD939946E0A; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:30Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:30Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain administrator\'s certificates with LDAP authentication against the internal LDAP database.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Administrator Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=adminCertSet\npolicyset.adminCertSet.list=1,2,3,4,5,6,7,8\npolicyset.adminCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.adminCertSet.1.constraint.name=Subject Name Constraint\npolicyset.adminCertSet.1.constraint.params.pattern=.*\npolicyset.adminCertSet.1.constraint.params.accept=true\npolicyset.adminCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.adminCertSet.1.default.name=Subject Name Default\npolicyset.adminCertSet.1.default.params.name=\npolicyset.adminCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.adminCertSet.2.constraint.name=Validity Constraint\npolicyset.adminCertSet.2.constraint.params.range=365\npolicyset.adminCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.adminCertSet.2.constraint.params.notAfterCheck=false\npolicyset.adminCertSet.2.default.class_id=validityDefaultImpl\npolicyset.adminCertSet.2.default.name=Validity Default\npolicyset.adminCertSet.2.default.params.range=365\npolicyset.adminCertSet.2.default.params.startTime=0\npolicyset.adminCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.adminCertSet.3.constraint.name=Key Constraint\npolicyset.adminCertSet.3.constraint.params.keyType=RSA\npolicyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.adminCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.adminCertSet.3.default.name=Key Default\npolicyset.adminCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.4.constraint.name=No Constraint\npolicyset.adminCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.adminCertSet.4.default.name=Authority Key Identifier Default\npolicyset.adminCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.5.constraint.name=No Constraint\npolicyset.adminCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.adminCertSet.5.default.name=AIA Extension Default\npolicyset.adminCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.adminCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.adminCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.adminCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.adminCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.adminCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.adminCertSet.6.default.name=Key Usage Default\npolicyset.adminCertSet.6.default.params.keyUsageCritical=true\npolicyset.adminCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.7.constraint.name=No Constraint\npolicyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.adminCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.adminCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.adminCertSet.8.constraint.name=No Constraint\npolicyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.adminCertSet.8.default.name=Signing Alg\npolicyset.adminCertSet.8.default.params.signingAlg=-\nprofileId=caAdminCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:30Z DEBUG response status 409
>2018-06-14T14:06:30Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:30Z DEBUG Error migrating 'caAdminCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:30Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caAdminCert?action=enable
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 409
>2018-06-14T14:06:30Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:30Z DEBUG Failed to enable profile 'caAdminCert' (it is probably already enabled)
>2018-06-14T14:06:30Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 204
>2018-06-14T14:06:30Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=15A2E8CAF037EAB65BC0B0B9745D276D; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b''
>2018-06-14T14:06:30Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 200
>2018-06-14T14:06:30Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=DD7BC997095AE03793FDCF43C1FB5620; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:30Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:30Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain administrator\'s certificates with LDAP authentication against the internal LDAP database.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Administrator Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=adminCertSet\npolicyset.adminCertSet.list=1,2,3,4,5,6,7,8\npolicyset.adminCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.adminCertSet.1.constraint.name=Subject Name Constraint\npolicyset.adminCertSet.1.constraint.params.pattern=.*\npolicyset.adminCertSet.1.constraint.params.accept=true\npolicyset.adminCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.adminCertSet.1.default.name=Subject Name Default\npolicyset.adminCertSet.1.default.params.name=\npolicyset.adminCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.adminCertSet.2.constraint.name=Validity Constraint\npolicyset.adminCertSet.2.constraint.params.range=365\npolicyset.adminCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.adminCertSet.2.constraint.params.notAfterCheck=false\npolicyset.adminCertSet.2.default.class_id=validityDefaultImpl\npolicyset.adminCertSet.2.default.name=Validity Default\npolicyset.adminCertSet.2.default.params.range=365\npolicyset.adminCertSet.2.default.params.startTime=0\npolicyset.adminCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.adminCertSet.3.constraint.name=Key Constraint\npolicyset.adminCertSet.3.constraint.params.keyType=RSA\npolicyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.adminCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.adminCertSet.3.default.name=Key Default\npolicyset.adminCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.4.constraint.name=No Constraint\npolicyset.adminCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.adminCertSet.4.default.name=Authority Key Identifier Default\npolicyset.adminCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.5.constraint.name=No Constraint\npolicyset.adminCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.adminCertSet.5.default.name=AIA Extension Default\npolicyset.adminCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.adminCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.adminCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.adminCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.adminCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.adminCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.adminCertSet.6.default.name=Key Usage Default\npolicyset.adminCertSet.6.default.params.keyUsageCritical=true\npolicyset.adminCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.7.constraint.name=No Constraint\npolicyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.adminCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.adminCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.adminCertSet.8.constraint.name=No Constraint\npolicyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.adminCertSet.8.default.name=Signing Alg\npolicyset.adminCertSet.8.default.params.signingAlg=-\nprofileId=caECAdminCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:30Z DEBUG response status 409
>2018-06-14T14:06:30Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:29 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:30Z DEBUG Error migrating 'caECAdminCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:30Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caECAdminCert?action=enable
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 409
>2018-06-14T14:06:30Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:30Z DEBUG Failed to enable profile 'caECAdminCert' (it is probably already enabled)
>2018-06-14T14:06:30Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 204
>2018-06-14T14:06:30Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=4C2EB4E9BB82CD47E32726EDE29D5893; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b''
>2018-06-14T14:06:30Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 200
>2018-06-14T14:06:30Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=5F227A5F8D5C9338748E111E90CF71BD; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:30Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:30Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain server certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectAltNameExtInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\n# allows SAN to be specified from client side\n# need to:\n# 1. add i3 to input.list above\n# 2. add 9 to policyset.serverCertSet.list above\n# 3. change below to reflect the number of general names, and\n#    turn each corresponding subjAltExtPattern_<num> to true\n#      policyset.serverCertSet.9.default.params.subjAltNameNumGNs\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.serverCertSet.9.default.name=Subject Alternative Name Extension Default\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_0=true\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_0=$request.req_san_pattern_0$\npolicyset.serverCertSet.9.default.params.subjAltExtType_0=DNSName\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_1=false\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_1=$request.req_san_pattern_1$\npolicyset.serverCertSet.9.default.params.subjAltExtType_1=DNSName\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_2=false\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_2=$request.req_san_pattern_2$\npolicyset.serverCertSet.9.default.params.subjAltExtType_2=DNSName\npolicyset.serverCertSet.9.default.params.subjAltNameExtCritical=false\npolicyset.serverCertSet.9.default.params.subjAltNameNumGNs=1\nprofileId=caInternalAuthServerCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:30Z DEBUG response status 409
>2018-06-14T14:06:30Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:30Z DEBUG Error migrating 'caInternalAuthServerCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:30Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caInternalAuthServerCert?action=enable
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 409
>2018-06-14T14:06:30Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:30Z DEBUG Failed to enable profile 'caInternalAuthServerCert' (it is probably already enabled)
>2018-06-14T14:06:30Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 204
>2018-06-14T14:06:30Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=11702A1D0BEA7836D0D06E58319AA93A; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b''
>2018-06-14T14:06:30Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 200
>2018-06-14T14:06:30Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=19F664234704839279F9212A231EC4A5; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:30Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:30Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain ECC server certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectAltNameExtInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\n# allows SAN to be specified from client side\n# need to:\n# 1. add i3 to input.list above\n# 2. add 9 to policyset.serverCertSet.list above\n# 3. change below to reflect the number of general names, and\n#    turn each corresponding subjAltExtPattern_<num> to true\n#      policyset.serverCertSet.9.default.params.subjAltNameNumGNs\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.serverCertSet.9.default.name=Subject Alternative Name Extension Default\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_0=true\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_0=$request.req_san_pattern_0$\npolicyset.serverCertSet.9.default.params.subjAltExtType_0=DNSName\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_1=false\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_1=$request.req_san_pattern_1$\npolicyset.serverCertSet.9.default.params.subjAltExtType_1=DNSName\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_2=false\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_2=$request.req_san_pattern_2$\npolicyset.serverCertSet.9.default.params.subjAltExtType_2=DNSName\npolicyset.serverCertSet.9.default.params.subjAltNameExtCritical=false\npolicyset.serverCertSet.9.default.params.subjAltNameNumGNs=1\nprofileId=caECInternalAuthServerCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:30Z DEBUG response status 409
>2018-06-14T14:06:30Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:30Z DEBUG Error migrating 'caECInternalAuthServerCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:30Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caECInternalAuthServerCert?action=enable
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 409
>2018-06-14T14:06:30Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:30Z DEBUG Failed to enable profile 'caECInternalAuthServerCert' (it is probably already enabled)
>2018-06-14T14:06:30Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 204
>2018-06-14T14:06:30Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=2A0EB7D8CB977C610F060BF4DA51EC11; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b''
>2018-06-14T14:06:30Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 200
>2018-06-14T14:06:30Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=986E65DE8B4B0FAE24E4CC4F76D4736D; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:30Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:30Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain Data Recovery Manager transport certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Data Recovery Manager Transport Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=transportCertSet\npolicyset.transportCertSet.list=1,2,3,4,5,6,7,8\npolicyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.transportCertSet.1.constraint.name=Subject Name Constraint\npolicyset.transportCertSet.1.constraint.params.pattern=CN=.*\npolicyset.transportCertSet.1.constraint.params.accept=true\npolicyset.transportCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.transportCertSet.1.default.name=Subject Name Default\npolicyset.transportCertSet.1.default.params.name=\npolicyset.transportCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.transportCertSet.2.constraint.name=Validity Constraint\npolicyset.transportCertSet.2.constraint.params.range=720\npolicyset.transportCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.transportCertSet.2.constraint.params.notAfterCheck=false\npolicyset.transportCertSet.2.default.class_id=validityDefaultImpl\npolicyset.transportCertSet.2.default.name=Validity Default\npolicyset.transportCertSet.2.default.params.range=720\npolicyset.transportCertSet.2.default.params.startTime=0\npolicyset.transportCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.transportCertSet.3.constraint.name=Key Constraint\npolicyset.transportCertSet.3.constraint.params.keyType=-\npolicyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.transportCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.transportCertSet.3.default.name=Key Default\npolicyset.transportCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.4.constraint.name=No Constraint\npolicyset.transportCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.transportCertSet.4.default.name=Authority Key Identifier Default\npolicyset.transportCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.5.constraint.name=No Constraint\npolicyset.transportCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.transportCertSet.5.default.name=AIA Extension Default\npolicyset.transportCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.transportCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.transportCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.transportCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.transportCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.transportCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.transportCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.transportCertSet.6.default.name=Key Usage Default\npolicyset.transportCertSet.6.default.params.keyUsageCritical=true\npolicyset.transportCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.7.constraint.name=No Constraint\npolicyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.transportCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.transportCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.transportCertSet.8.constraint.name=No Constraint\npolicyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.transportCertSet.8.default.name=Signing Alg\npolicyset.transportCertSet.8.default.params.signingAlg=-\nprofileId=caInternalAuthTransportCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:30Z DEBUG response status 409
>2018-06-14T14:06:30Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:30Z DEBUG Error migrating 'caInternalAuthTransportCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:30Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caInternalAuthTransportCert?action=enable
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 409
>2018-06-14T14:06:30Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:30Z DEBUG Failed to enable profile 'caInternalAuthTransportCert' (it is probably already enabled)
>2018-06-14T14:06:30Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 204
>2018-06-14T14:06:30Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=5292E2DF4F513B8E7FC3F4C9053C6158; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b''
>2018-06-14T14:06:30Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 200
>2018-06-14T14:06:30Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=3C867D63B1E78B206A03D00426C326F9; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:30Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:30Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain DRM storage certificates\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain DRM storage Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=drmStorageCertSet\npolicyset.drmStorageCertSet.list=1,2,3,4,5,6,7,9\npolicyset.drmStorageCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.drmStorageCertSet.1.constraint.name=Subject Name Constraint\npolicyset.drmStorageCertSet.1.constraint.params.pattern=CN=.*\npolicyset.drmStorageCertSet.1.constraint.params.accept=true\npolicyset.drmStorageCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.drmStorageCertSet.1.default.name=Subject Name Default\npolicyset.drmStorageCertSet.1.default.params.name=\npolicyset.drmStorageCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.drmStorageCertSet.2.constraint.name=Validity Constraint\npolicyset.drmStorageCertSet.2.constraint.params.range=720\npolicyset.drmStorageCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.drmStorageCertSet.2.constraint.params.notAfterCheck=false\npolicyset.drmStorageCertSet.2.default.class_id=validityDefaultImpl\npolicyset.drmStorageCertSet.2.default.name=Validity Default\npolicyset.drmStorageCertSet.2.default.params.range=720\npolicyset.drmStorageCertSet.2.default.params.startTime=0\npolicyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.drmStorageCertSet.3.constraint.name=Key Constraint\npolicyset.drmStorageCertSet.3.constraint.params.keyType=-\npolicyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.drmStorageCertSet.3.default.name=Key Default\npolicyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.4.constraint.name=No Constraint\npolicyset.drmStorageCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.drmStorageCertSet.4.default.name=Authority Key Identifier Default\npolicyset.drmStorageCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.5.constraint.name=No Constraint\npolicyset.drmStorageCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.drmStorageCertSet.5.default.name=AIA Extension Default\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.drmStorageCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.drmStorageCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.6.default.name=Key Usage Default\npolicyset.drmStorageCertSet.6.default.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.7.constraint.name=No Constraint\npolicyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.drmStorageCertSet.9.constraint.name=No Constraint\npolicyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.drmStorageCertSet.9.default.name=Signing Alg\npolicyset.drmStorageCertSet.9.default.params.signingAlg=-\nprofileId=caInternalAuthDRMstorageCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:30Z DEBUG response status 409
>2018-06-14T14:06:30Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:30Z DEBUG Error migrating 'caInternalAuthDRMstorageCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:30Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caInternalAuthDRMstorageCert?action=enable
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 409
>2018-06-14T14:06:30Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:30Z DEBUG Failed to enable profile 'caInternalAuthDRMstorageCert' (it is probably already enabled)
>2018-06-14T14:06:30Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:30Z DEBUG response status 204
>2018-06-14T14:06:30Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=FBD71AF637330BB839E11C8BE0FB2C78; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:30Z DEBUG response body b''
>2018-06-14T14:06:30Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:30Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 200
>2018-06-14T14:06:31Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=10449DC324E6C995A113FEE8777E7818; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:31Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:31Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain subsystem certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Subsystem Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nupdater.list=u1\nupdater.u1.class_id=subsystemGroupUpdaterImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caInternalAuthSubsystemCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:31Z DEBUG response status 409
>2018-06-14T14:06:31Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:31Z DEBUG Error migrating 'caInternalAuthSubsystemCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:31Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caInternalAuthSubsystemCert?action=enable
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 409
>2018-06-14T14:06:31Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:31Z DEBUG Failed to enable profile 'caInternalAuthSubsystemCert' (it is probably already enabled)
>2018-06-14T14:06:31Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 204
>2018-06-14T14:06:31Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=228ED2AB898DF4CD7EE3B9F651E9E48B; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b''
>2018-06-14T14:06:31Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 200
>2018-06-14T14:06:31Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=74A88C7225CFDFB23C060FDFA0773A94; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:31Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:31Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain subsystem certificates with ECC keys.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Subsystem Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nupdater.list=u1\nupdater.u1.class_id=subsystemGroupUpdaterImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caECInternalAuthSubsystemCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:31Z DEBUG response status 409
>2018-06-14T14:06:31Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:31Z DEBUG Error migrating 'caECInternalAuthSubsystemCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:31Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caECInternalAuthSubsystemCert?action=enable
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 409
>2018-06-14T14:06:31Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:31Z DEBUG Failed to enable profile 'caECInternalAuthSubsystemCert' (it is probably already enabled)
>2018-06-14T14:06:31Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 204
>2018-06-14T14:06:31Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=87537C997C309056FD9A4D0751ED73B1; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b''
>2018-06-14T14:06:31Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 200
>2018-06-14T14:06:31Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=DAC54FD3B96201868B376A5E303E0311; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:31Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:31Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain OCSP Manager certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain OCSP Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=ocspCertSet\npolicyset.ocspCertSet.list=1,2,3,4,5,6,8,9\npolicyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.ocspCertSet.1.constraint.name=Subject Name Constraint\npolicyset.ocspCertSet.1.constraint.params.pattern=CN=.*\npolicyset.ocspCertSet.1.constraint.params.accept=true\npolicyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.ocspCertSet.1.default.name=Subject Name Default\npolicyset.ocspCertSet.1.default.params.name=\npolicyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.ocspCertSet.2.constraint.name=Validity Constraint\npolicyset.ocspCertSet.2.constraint.params.range=720\npolicyset.ocspCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.ocspCertSet.2.constraint.params.notAfterCheck=false\npolicyset.ocspCertSet.2.default.class_id=validityDefaultImpl\npolicyset.ocspCertSet.2.default.name=Validity Default\npolicyset.ocspCertSet.2.default.params.range=720\npolicyset.ocspCertSet.2.default.params.startTime=0\npolicyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.ocspCertSet.3.constraint.name=Key Constraint\npolicyset.ocspCertSet.3.constraint.params.keyType=-\npolicyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.ocspCertSet.3.default.name=Key Default\npolicyset.ocspCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.4.constraint.name=No Constraint\npolicyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.ocspCertSet.4.default.name=Authority Key Identifier Default\npolicyset.ocspCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.5.constraint.name=No Constraint\npolicyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.ocspCertSet.5.default.name=AIA Extension Default\npolicyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.ocspCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl\npolicyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.ocspCertSet.6.default.name=Extended Key Usage Default\npolicyset.ocspCertSet.6.default.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl\npolicyset.ocspCertSet.8.constraint.name=No Constraint\npolicyset.ocspCertSet.8.constraint.params.extCritical=false\npolicyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5\npolicyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl\npolicyset.ocspCertSet.8.default.name=OCSP No Check Extension\npolicyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false\npolicyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.ocspCertSet.9.constraint.name=No Constraint\npolicyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.ocspCertSet.9.default.name=Signing Alg\npolicyset.ocspCertSet.9.default.params.signingAlg=-\nprofileId=caInternalAuthOCSPCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:31Z DEBUG response status 409
>2018-06-14T14:06:31Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:31Z DEBUG Error migrating 'caInternalAuthOCSPCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:31Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caInternalAuthOCSPCert?action=enable
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 409
>2018-06-14T14:06:31Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:31Z DEBUG Failed to enable profile 'caInternalAuthOCSPCert' (it is probably already enabled)
>2018-06-14T14:06:31Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 204
>2018-06-14T14:06:31Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=859C57F5C7672CA06A59A957A66B1423; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b''
>2018-06-14T14:06:31Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 200
>2018-06-14T14:06:31Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=814DD180096A77464B43BC3209778C33; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:31Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:31Z DEBUG request body 'desc=This certificate profile is for enrolling audit signing certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Audit Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=auditSigningCertSet\npolicyset.auditSigningCertSet.list=1,2,3,4,5,6,9\npolicyset.auditSigningCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.auditSigningCertSet.1.constraint.name=Subject Name Constraint\npolicyset.auditSigningCertSet.1.constraint.params.pattern=CN=.*\npolicyset.auditSigningCertSet.1.constraint.params.accept=true\npolicyset.auditSigningCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.auditSigningCertSet.1.default.name=Subject Name Default\npolicyset.auditSigningCertSet.1.default.params.name=\npolicyset.auditSigningCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.auditSigningCertSet.2.constraint.name=Validity Constraint\npolicyset.auditSigningCertSet.2.constraint.params.range=720\npolicyset.auditSigningCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.auditSigningCertSet.2.constraint.params.notAfterCheck=false\npolicyset.auditSigningCertSet.2.default.class_id=validityDefaultImpl\npolicyset.auditSigningCertSet.2.default.name=Validity Default\npolicyset.auditSigningCertSet.2.default.params.range=720\npolicyset.auditSigningCertSet.2.default.params.startTime=0\npolicyset.auditSigningCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.auditSigningCertSet.3.constraint.name=Key Constraint\npolicyset.auditSigningCertSet.3.constraint.params.keyType=-\npolicyset.auditSigningCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.auditSigningCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.auditSigningCertSet.3.default.name=Key Default\npolicyset.auditSigningCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.auditSigningCertSet.4.constraint.name=No Constraint\npolicyset.auditSigningCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.auditSigningCertSet.4.default.name=Authority Key Identifier Default\npolicyset.auditSigningCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.auditSigningCertSet.5.constraint.name=No Constraint\npolicyset.auditSigningCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.auditSigningCertSet.5.default.name=AIA Extension Default\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.auditSigningCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.auditSigningCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.auditSigningCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.auditSigningCertSet.6.default.name=Key Usage Default\npolicyset.auditSigningCertSet.6.default.params.keyUsageCritical=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.auditSigningCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.auditSigningCertSet.9.constraint.name=No Constraint\npolicyset.auditSigningCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.auditSigningCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.auditSigningCertSet.9.default.name=Signing Alg\npolicyset.auditSigningCertSet.9.default.params.signingAlg=-\nprofileId=caInternalAuthAuditSigningCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:31Z DEBUG response status 409
>2018-06-14T14:06:31Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:30 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:31Z DEBUG Error migrating 'caInternalAuthAuditSigningCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:31Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caInternalAuthAuditSigningCert?action=enable
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 409
>2018-06-14T14:06:31Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:31Z DEBUG Failed to enable profile 'caInternalAuthAuditSigningCert' (it is probably already enabled)
>2018-06-14T14:06:31Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 204
>2018-06-14T14:06:31Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=B8830C13AF855ED17AC0777EB107E4B7; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b''
>2018-06-14T14:06:31Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 200
>2018-06-14T14:06:31Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=DAA3DC78F7D2560586A9A532712B5902; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:31Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:31Z DEBUG request body "desc=This profile is for enrolling Domain Controller Certificate\nenable=true\nenableBy=admin\nname=Domain Controller\nvisible=true\nauth.instance_id=AgentCertAuth\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=genericInputImpl\ninput.i3.params.gi_display_name0=ccm\ninput.i3.params.gi_param_enable0=true\ninput.i3.params.gi_param_name0=ccm\ninput.i3.params.gi_display_name1=GUID\ninput.i3.params.gi_param_enable1=true\ninput.i3.params.gi_param_name1=GUID\ninput.i3.params.gi_num=2\noutput.list=o1,o2\noutput.o1.class_id=certOutputImpl\noutput.o2.class_id=pkcs7OutputImpl\npolicyset.list=set1\npolicyset.set1.list=p2,p4,p5,subj,p6,p8,p9,p12,eku,gen,crldp\npolicyset.set1.subj.constraint.class_id=noConstraintImpl\npolicyset.set1.subj.constraint.name=No Constraint\npolicyset.set1.subj.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.subj.default.name=nsTokenUserKeySubjectNameDefault\n#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User\n#policyset.set1.subj.default.params.dnpattern=CN=GEMSTAR,OU=Domain Controllers,DC=test,dc=local\npolicyset.set1.subj.default.params.dnpattern=CN=$request.ccm$\npolicyset.set1.subj.default.params.ldap.enable=false\npolicyset.set1.subj.default.params.ldap.searchName=uid\npolicyset.set1.subj.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.subj.default.params.ldap.basedn=\npolicyset.set1.subj.default.params.ldap.maxConns=4\npolicyset.set1.subj.default.params.ldap.minConns=1\npolicyset.set1.subj.default.params.ldap.ldapconn.Version=2\npolicyset.set1.subj.default.params.ldap.ldapconn.host=\npolicyset.set1.subj.default.params.ldap.ldapconn.port=\npolicyset.set1.subj.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=true\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.ccm$\npolicyset.set1.p6.default.params.subjAltExtType_0=DNSName\npolicyset.set1.p6.default.params.subjAltExtPattern_1=(Any)1.3.6.1.4.1.311.25.1,0410$request.GUID$\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=2\npolicyset.set1.5.constraint.class_id=noConstraintImpl\npolicyset.set1.5.constraint.name=No Constraint\npolicyset.set1.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.5.default.name=AIA Extension Default\npolicyset.set1.5.default.params.authInfoAccessADEnable_0=true\npolicyset.set1.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.5.default.params.authInfoAccessADLocation_0=http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit\npolicyset.set1.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.2\npolicyset.set1.5.default.params.authInfoAccessCritical=false\npolicyset.set1.5.default.params.authInfoAccessNumADs=1\npolicyset.set1.eku.constraint.class_id=noConstraintImpl\npolicyset.set1.eku.constraint.name=No Constraint\npolicyset.set1.eku.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.set1.eku.default.name=Extended Key Usage Extension Default\npolicyset.set1.eku.default.params.exKeyUsageCritical=false\npolicyset.set1.eku.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.crldp.constraint.class_id=noConstraintImpl\npolicyset.set1.crldp.constraint.name=No Constraint\npolicyset.set1.crldp.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.crldp.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.crldp.default.params.crlDistPointsCritical=false\npolicyset.set1.crldp.default.params.crlDistPointsNum=1\npolicyset.set1.crldp.default.params.crlDistPointsEnable_0=true\npolicyset.set1.crldp.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.crldp.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.crldp.default.params.crlDistPointsPointName_0=http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit\npolicyset.set1.crldp.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.crldp.default.params.crlDistPointsReasons_0=\npolicyset.set1.gen.constraint.class_id=noConstraintImpl\npolicyset.set1.gen.constraint.name=No Constraint\npolicyset.set1.gen.default.class_id=genericExtDefaultImpl\npolicyset.set1.gen.default.name=Generic Extension\n#This is the Microsoft 'Certificate Template Name' Extensions. The Value is 'DomainController'\npolicyset.set1.gen.default.params.genericExtOID=1.3.6.1.4.1.311.20.2\npolicyset.set1.gen.default.params.genericExtData=1e200044006f006d00610069006e0043006f006e00740072006f006c006c00650072\nprofileId=DomainController\nclassId=caEnrollImpl\n"
>2018-06-14T14:06:31Z DEBUG response status 409
>2018-06-14T14:06:31Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:31Z DEBUG Error migrating 'DomainController': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:31Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/DomainController?action=enable
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 409
>2018-06-14T14:06:31Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:31Z DEBUG Failed to enable profile 'DomainController' (it is probably already enabled)
>2018-06-14T14:06:31Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 204
>2018-06-14T14:06:31Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=E72DFE44163507F569335A1D48050557; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b''
>2018-06-14T14:06:31Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 200
>2018-06-14T14:06:31Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=EB723411E921A10CD645941D21CAE20A; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:31Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:31Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated User Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=.*UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDualRAuserCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:31Z DEBUG response status 409
>2018-06-14T14:06:31Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:31Z DEBUG Error migrating 'caDualRAuserCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:31Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caDualRAuserCert?action=enable
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 409
>2018-06-14T14:06:31Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:31Z DEBUG Failed to enable profile 'caDualRAuserCert' (it is probably already enabled)
>2018-06-14T14:06:31Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 204
>2018-06-14T14:06:31Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=68B934319D7C27E9D2BDF31FAECDCEFD; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b''
>2018-06-14T14:06:31Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 200
>2018-06-14T14:06:31Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=A9DD8BD91D69DB2168D54857D34D4F27; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:31Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:31Z DEBUG request body 'desc=This certificate profile is for enrolling RA agent user certificates with RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated Agent User Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caRAagentCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:31Z DEBUG response status 409
>2018-06-14T14:06:31Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:31Z DEBUG Error migrating 'caRAagentCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:31Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caRAagentCert?action=enable
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 409
>2018-06-14T14:06:31Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:31Z DEBUG Failed to enable profile 'caRAagentCert' (it is probably already enabled)
>2018-06-14T14:06:31Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 204
>2018-06-14T14:06:31Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=C917D401D22E0642F6F56D6FC922BF0F; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b''
>2018-06-14T14:06:31Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 200
>2018-06-14T14:06:31Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=40A65542A092E3580770C8D330C39F4C; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:31Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:31Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRAserverCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:31Z DEBUG response status 409
>2018-06-14T14:06:31Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:31Z DEBUG Error migrating 'caRAserverCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:31Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caRAserverCert?action=enable
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 409
>2018-06-14T14:06:31Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:31Z DEBUG Failed to enable profile 'caRAserverCert' (it is probably already enabled)
>2018-06-14T14:06:31Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 204
>2018-06-14T14:06:31Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=A667DEC4A57433E50ADAC468AA2809C3; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b''
>2018-06-14T14:06:31Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:31Z DEBUG request body ''
>2018-06-14T14:06:31Z DEBUG response status 200
>2018-06-14T14:06:31Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=3D5186FBBB4467AB27BBD7998AD69F99; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:31Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:31Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:31Z DEBUG request body 'desc=This certificate profile is for enrolling device certificates to contain UUID in the Subject Alternative Name extension\nvisible=true\nenable=false\nenableBy=admin\nname=Manual device Dual-Use Certificate Enrollment to contain UUID in SAN\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltExtType_1=OtherName\npolicyset.userCertSet.8.default.params.subjAltExtPattern_1=(IA5String)1.2.3.4,$server.source$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_1=true\npolicyset.userCertSet.8.default.params.subjAltExtSource_1=UUID4\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=2\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caUUIDdeviceCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:32Z DEBUG response status 409
>2018-06-14T14:06:32Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:32Z DEBUG Error migrating 'caUUIDdeviceCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:32Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caUUIDdeviceCert?action=enable
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 204
>2018-06-14T14:06:32Z DEBUG response headers Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b''
>2018-06-14T14:06:32Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 204
>2018-06-14T14:06:32Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=43F338E702542E9009DE0B7CE88EC8F9; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b''
>2018-06-14T14:06:32Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 200
>2018-06-14T14:06:32Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=E1AE875FD31C504ECD1CBB5B624CAB30; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:32Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:32Z DEBUG request body 'desc=This certificate profile is for renewing SSL client certificates.\nvisible=true\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=SSLclientCertAuth\nname=Renewal: Self-renew user SSL client certificates\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caSSLClientSelfRenewal\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:32Z DEBUG response status 409
>2018-06-14T14:06:32Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:32Z DEBUG Error migrating 'caSSLClientSelfRenewal': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:32Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caSSLClientSelfRenewal?action=enable
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 409
>2018-06-14T14:06:32Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:32Z DEBUG Failed to enable profile 'caSSLClientSelfRenewal' (it is probably already enabled)
>2018-06-14T14:06:32Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 204
>2018-06-14T14:06:32Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=96344B05F0AB891617C42620F5AF4878; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b''
>2018-06-14T14:06:32Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 200
>2018-06-14T14:06:32Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=A7A80215036D325BFD92937D12CB20D1; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:32Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:32Z DEBUG request body 'desc=This certificate profile is for renewing a certificate by serial number by using directory based authentication.\nvisible=true\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=UserDirEnrollment\nauthz.acl=user_origreq="auth_token.uid"\nname=Renewal: Directory-Authenticated User Certificate Self-Renew profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caDirUserRenewal\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:32Z DEBUG response status 409
>2018-06-14T14:06:32Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:32Z DEBUG Error migrating 'caDirUserRenewal': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:32Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caDirUserRenewal?action=enable
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 409
>2018-06-14T14:06:32Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:32Z DEBUG Failed to enable profile 'caDirUserRenewal' (it is probably already enabled)
>2018-06-14T14:06:32Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 204
>2018-06-14T14:06:32Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=80D0334DB69620B06CFB47F766E22167; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b''
>2018-06-14T14:06:32Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 200
>2018-06-14T14:06:32Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=33194449EB99B7DAD1DFBA618FC963DC; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:32Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:32Z DEBUG request body 'desc=This certificate profile is for renewing certificates to be approved manually by agents.\nvisible=true\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=\nname=Renewal: Renew certificate to be manually approved by agents\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caManualRenewal\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:32Z DEBUG response status 409
>2018-06-14T14:06:32Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:32Z DEBUG Error migrating 'caManualRenewal': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:32Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caManualRenewal?action=enable
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 409
>2018-06-14T14:06:32Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:32Z DEBUG Failed to enable profile 'caManualRenewal' (it is probably already enabled)
>2018-06-14T14:06:32Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 204
>2018-06-14T14:06:32Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=05C305C10DED50926817676A1FC0A1BD; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b''
>2018-06-14T14:06:32Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 200
>2018-06-14T14:06:32Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=F5AAD9D36B78FF44F7B658FBCBF0B885; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:31 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:32Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:32Z DEBUG request body 'desc=This profile is for enrolling MS Login Certificate\nenable=true\nenableBy=admin\nname=Token User MS Login Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12,p13,p14,p15\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=CN=uid=$request.uid$,E=$request.mail$, ou=$request.upn$, o=example\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=true\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail,givenName,sn,upn\npolicyset.set1.p1.default.params.ldap.basedn=ou=People,dc=example,dc=com\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=localhost.localdomain\npolicyset.set1.p1.default.params.ldap.ldapconn.port=389\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=(UTF8String)1.3.6.1.4.1.311.20.2.3,$request.upn$\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=2\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\n policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=true\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=http://localhost.localdomain:9443/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=true\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=http://localhost.localdomain:9443/ca/ocsp\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\npolicyset.set1.p15.constraint.class_id=noConstraintImpl\npolicyset.set1.p15.constraint.name=No Constraint\npolicyset.set1.p15.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.set1.p15.default.name=Extended Key Usage Extension Default\npolicyset.set1.p15.default.params.exKeyUsageCritical=false\npolicyset.set1.p15.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.4.1.311.20.2.2\n\nprofileId=caTokenMSLoginEnrollment\nclassId=caUserCertEnrollImpl\n'
>2018-06-14T14:06:32Z DEBUG response status 409
>2018-06-14T14:06:32Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:32Z DEBUG Error migrating 'caTokenMSLoginEnrollment': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:32Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caTokenMSLoginEnrollment?action=enable
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 409
>2018-06-14T14:06:32Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:32Z DEBUG Failed to enable profile 'caTokenMSLoginEnrollment' (it is probably already enabled)
>2018-06-14T14:06:32Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 204
>2018-06-14T14:06:32Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=9E6C742823C8168B9AE69FC7DB59B09C; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b''
>2018-06-14T14:06:32Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 200
>2018-06-14T14:06:32Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=4E3CB87B8F42E94384D50C879EDAC504; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:32Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:32Z DEBUG request body 'desc=This certificate profile is for renewing a token certificate\nvisible=false\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=AgentCertAuth\nname=smart card token signing cert renewal profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caTokenUserSigningKeyRenewal\nclassId=caUserCertEnrollImpl\n'
>2018-06-14T14:06:32Z DEBUG response status 409
>2018-06-14T14:06:32Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:32Z DEBUG Error migrating 'caTokenUserSigningKeyRenewal': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:32Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caTokenUserSigningKeyRenewal?action=enable
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 409
>2018-06-14T14:06:32Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:32Z DEBUG Failed to enable profile 'caTokenUserSigningKeyRenewal' (it is probably already enabled)
>2018-06-14T14:06:32Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 204
>2018-06-14T14:06:32Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=E5652C6DBD122E8BCA71E74D4C22D1AC; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b''
>2018-06-14T14:06:32Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 200
>2018-06-14T14:06:32Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=8437D0F3A79E71001DF5DEDE2C8095E5; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:32Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:32Z DEBUG request body 'desc=This certificate profile is for renewing a token encryption certificate\nvisible=false\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=AgentCertAuth\nname=smart card token encryption cert renewal profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caTokenUserEncryptionKeyRenewal\nclassId=caUserCertEnrollImpl\n'
>2018-06-14T14:06:32Z DEBUG response status 409
>2018-06-14T14:06:32Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:32Z DEBUG Error migrating 'caTokenUserEncryptionKeyRenewal': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:32Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caTokenUserEncryptionKeyRenewal?action=enable
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 409
>2018-06-14T14:06:32Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:32Z DEBUG Failed to enable profile 'caTokenUserEncryptionKeyRenewal' (it is probably already enabled)
>2018-06-14T14:06:32Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 204
>2018-06-14T14:06:32Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=BBF34DA5C8CA72BCD50D7705E7358ECB; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b''
>2018-06-14T14:06:32Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 200
>2018-06-14T14:06:32Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=7C62C0EBA8BA35D186141403A1612565; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:32Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:32Z DEBUG request body 'desc=This certificate profile is for renewing a token authentication certificate\nvisible=false\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=AgentCertAuth\nname=smart card token authentication cert renewal profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caTokenUserAuthKeyRenewal\nclassId=caUserCertEnrollImpl\n'
>2018-06-14T14:06:32Z DEBUG response status 409
>2018-06-14T14:06:32Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:32Z DEBUG Error migrating 'caTokenUserAuthKeyRenewal': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:32Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caTokenUserAuthKeyRenewal?action=enable
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 409
>2018-06-14T14:06:32Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:32Z DEBUG Failed to enable profile 'caTokenUserAuthKeyRenewal' (it is probably already enabled)
>2018-06-14T14:06:32Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 204
>2018-06-14T14:06:32Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=740EED2E27074930085EB3453835C46E; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b''
>2018-06-14T14:06:32Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 200
>2018-06-14T14:06:32Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=94D7DD840741DFEC3DD4068A4861DF61; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:32Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:32Z DEBUG request body 'desc=This is an IPA profile for enrolling Jar Signing certificates.\nenable=true\nenableBy=admin\nname=Manual Jar Signing Certificate Enrollment\nvisible=false\nauth.class_id=\nauth.instance_id=raCertAuth\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caJarSigningSet\npolicyset.caJarSigningSet.list=1,2,3,4,5,6\npolicyset.caJarSigningSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caJarSigningSet.1.constraint.name=Subject Name Constraint\npolicyset.caJarSigningSet.1.constraint.params.accept=true\npolicyset.caJarSigningSet.1.constraint.params.pattern=.*\npolicyset.caJarSigningSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caJarSigningSet.1.default.name=Subject Name Default\npolicyset.caJarSigningSet.1.default.params.name=\npolicyset.caJarSigningSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caJarSigningSet.2.constraint.name=Validity Constraint\npolicyset.caJarSigningSet.2.constraint.params.notAfterCheck=false\npolicyset.caJarSigningSet.2.constraint.params.notBeforeCheck=false\npolicyset.caJarSigningSet.2.constraint.params.range=2922\npolicyset.caJarSigningSet.2.default.class_id=validityDefaultImpl\npolicyset.caJarSigningSet.2.default.name=Validity Default\npolicyset.caJarSigningSet.2.default.params.range=1461\npolicyset.caJarSigningSet.2.default.params.startTime=0\npolicyset.caJarSigningSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caJarSigningSet.3.constraint.name=Key Constraint\npolicyset.caJarSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.caJarSigningSet.3.constraint.params.keyType=RSA\npolicyset.caJarSigningSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caJarSigningSet.3.default.name=Key Default\npolicyset.caJarSigningSet.4.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caJarSigningSet.4.constraint.name=Key Usage Extension Constraint\npolicyset.caJarSigningSet.4.constraint.params.keyUsageCritical=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageCrlSign=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDataEncipherment=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDecipherOnly=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDigitalSignature=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageEncipherOnly=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyAgreement=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyCertSign=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyEncipherment=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageNonRepudiation=-\npolicyset.caJarSigningSet.4.default.class_id=keyUsageExtDefaultImpl\npolicyset.caJarSigningSet.4.default.name=Key Usage Default\npolicyset.caJarSigningSet.4.default.params.keyUsageCritical=true\npolicyset.caJarSigningSet.4.default.params.keyUsageCrlSign=false\npolicyset.caJarSigningSet.4.default.params.keyUsageDataEncipherment=false\npolicyset.caJarSigningSet.4.default.params.keyUsageDecipherOnly=false\npolicyset.caJarSigningSet.4.default.params.keyUsageDigitalSignature=true\npolicyset.caJarSigningSet.4.default.params.keyUsageEncipherOnly=false\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyAgreement=false\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyCertSign=true\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyEncipherment=false\npolicyset.caJarSigningSet.4.default.params.keyUsageNonRepudiation=false\npolicyset.caJarSigningSet.5.constraint.class_id=nsCertTypeExtConstraintImpl\npolicyset.caJarSigningSet.5.constraint.name=Netscape Certificate Type Extension Constraint\npolicyset.caJarSigningSet.5.constraint.params.nsCertCritical=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertEmail=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertEmailCA=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertObjectSigning=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertObjectSigningCA=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLCA=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLClient=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLServer=-\npolicyset.caJarSigningSet.5.default.class_id=nsCertTypeExtDefaultImpl\npolicyset.caJarSigningSet.5.default.name=Netscape Certificate Type Extension Default\npolicyset.caJarSigningSet.5.default.params.nsCertCritical=false\npolicyset.caJarSigningSet.5.default.params.nsCertEmail=false\npolicyset.caJarSigningSet.5.default.params.nsCertEmailCA=false\npolicyset.caJarSigningSet.5.default.params.nsCertObjectSigning=true\npolicyset.caJarSigningSet.5.default.params.nsCertObjectSigningCA=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLCA=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLClient=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLServer=false\npolicyset.caJarSigningSet.6.constraint.class_id=signingAlgConstraintImpl\npolicyset.caJarSigningSet.6.constraint.name=No Constraint\npolicyset.caJarSigningSet.6.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caJarSigningSet.6.default.class_id=signingAlgDefaultImpl\npolicyset.caJarSigningSet.6.default.name=Signing Alg\npolicyset.caJarSigningSet.6.default.params.signingAlg=-\nprofileId=caJarSigningCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:32Z DEBUG response status 409
>2018-06-14T14:06:32Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:32Z DEBUG Error migrating 'caJarSigningCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:32Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caJarSigningCert?action=enable
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 409
>2018-06-14T14:06:32Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:32Z DEBUG Failed to enable profile 'caJarSigningCert' (it is probably already enabled)
>2018-06-14T14:06:32Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 204
>2018-06-14T14:06:32Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=A750F4699364D3F0BC6680BA300D826D; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b''
>2018-06-14T14:06:32Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:32Z DEBUG request body ''
>2018-06-14T14:06:32Z DEBUG response status 200
>2018-06-14T14:06:32Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=CC16C3C0DF36C11920E1B7C0F1DA58CE; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:32Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:32Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:32Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, OU=pki-ipa, O=IPA \npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=https://ipa.example.com/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\nprofileId=caIPAserviceCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:33Z DEBUG response status 409
>2018-06-14T14:06:33Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:33Z DEBUG Error migrating 'caIPAserviceCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:33Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caIPAserviceCert?action=enable
>2018-06-14T14:06:33Z DEBUG request body ''
>2018-06-14T14:06:33Z DEBUG response status 409
>2018-06-14T14:06:33Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:33Z DEBUG Failed to enable profile 'caIPAserviceCert' (it is probably already enabled)
>2018-06-14T14:06:33Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:33Z DEBUG request body ''
>2018-06-14T14:06:33Z DEBUG response status 204
>2018-06-14T14:06:33Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=A445C9321E704F4AF67C63810EA51C61; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b''
>2018-06-14T14:06:33Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:33Z DEBUG request body ''
>2018-06-14T14:06:33Z DEBUG response status 200
>2018-06-14T14:06:33Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=0476F56801D66B0D503233CE4728BD91; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:33Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:33Z DEBUG request body 'desc=This certificate profile is for enrolling user encryption certificates with option to archive keys.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Encryption Certificates Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=CN=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\n\nprofileId=caEncUserCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:33Z DEBUG response status 409
>2018-06-14T14:06:33Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:33Z DEBUG Error migrating 'caEncUserCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:33Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caEncUserCert?action=enable
>2018-06-14T14:06:33Z DEBUG request body ''
>2018-06-14T14:06:33Z DEBUG response status 409
>2018-06-14T14:06:33Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:33Z DEBUG Failed to enable profile 'caEncUserCert' (it is probably already enabled)
>2018-06-14T14:06:33Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:33Z DEBUG request body ''
>2018-06-14T14:06:33Z DEBUG response status 204
>2018-06-14T14:06:33Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=4550AAB050041BA7C729E625F5431ED6; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b''
>2018-06-14T14:06:33Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:33Z DEBUG request body ''
>2018-06-14T14:06:33Z DEBUG response status 200
>2018-06-14T14:06:33Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=82CE219BA528A27B8D62B05E0ED4386B; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:33Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:33Z DEBUG request body 'desc=This certificate profile is for enrolling user signing certificates.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Signing Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=signingCertSet\npolicyset.signingCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=CN=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=RSA\npolicyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.5.constraint.name=No Constraint\npolicyset.signingCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.signingCertSet.5.default.name=AIA Extension Default\npolicyset.signingCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.signingCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.signingCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.signingCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.signingCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.signingCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.signingCertSet.6.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.6.constraint.name=No Constraint\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\n\nprofileId=caSigningUserCert\nclassId=caEnrollImpl\n'
>2018-06-14T14:06:33Z DEBUG response status 409
>2018-06-14T14:06:33Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:33Z DEBUG Error migrating 'caSigningUserCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:33Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caSigningUserCert?action=enable
>2018-06-14T14:06:33Z DEBUG request body ''
>2018-06-14T14:06:33Z DEBUG response status 409
>2018-06-14T14:06:33Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:33Z DEBUG Failed to enable profile 'caSigningUserCert' (it is probably already enabled)
>2018-06-14T14:06:33Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:33Z DEBUG request body ''
>2018-06-14T14:06:33Z DEBUG response status 204
>2018-06-14T14:06:33Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=3CE7CF0D48D251A5E60BE54135DC55DD; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b''
>2018-06-14T14:06:33Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:33Z DEBUG request body ''
>2018-06-14T14:06:33Z DEBUG response status 200
>2018-06-14T14:06:33Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=12BBC7993060E1186014E70A1F1039FD; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:33Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:33Z DEBUG request body 'desc=This profile is for enrolling Token User Delegate Authentication key\nenable=true\nenableBy=admin\nname=Token User Delegate Authentication Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1,i2,i3\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\ninput.i2.class_id=subjectDNInputImpl\ninput.i2.name=subjectDNInputImpl\ninput.i3.class_id=subjectAltNameExtInputImpl\ninput.i3.name=subjectAltNameExtInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o1.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=subjectNameConstraintImpl\npolicyset.set1.p1.constraint.name=Subject Name Constraint\npolicyset.set1.p1.constraint.params.pattern=.*\npolicyset.set1.p1.constraint.params.accept=true\npolicyset.set1.p1.default.class_id=userSubjectNameDefaultImpl\npolicyset.set1.p1.default.name=Subject Name Default\npolicyset.set1.p1.default.params.name=\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=(UTF8String)1.3.6.1.4.1.311.20.2.3,$request.req_san_pattern_0$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserDelegateAuthKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
>2018-06-14T14:06:33Z DEBUG response status 409
>2018-06-14T14:06:33Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:33Z DEBUG Error migrating 'caTokenUserDelegateAuthKeyEnrollment': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:33Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caTokenUserDelegateAuthKeyEnrollment?action=enable
>2018-06-14T14:06:33Z DEBUG request body ''
>2018-06-14T14:06:33Z DEBUG response status 409
>2018-06-14T14:06:33Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:33Z DEBUG Failed to enable profile 'caTokenUserDelegateAuthKeyEnrollment' (it is probably already enabled)
>2018-06-14T14:06:33Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:33Z DEBUG request body ''
>2018-06-14T14:06:33Z DEBUG response status 204
>2018-06-14T14:06:33Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=D99073589B4362C54BAF5DB9546CA26B; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:32 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b''
>2018-06-14T14:06:33Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:33Z DEBUG request body ''
>2018-06-14T14:06:33Z DEBUG response status 200
>2018-06-14T14:06:33Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=C481BDAD9D7D62402CAC86E6FAAAF3FE; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:33 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:33Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:33Z DEBUG request body 'desc=This profile is for enrolling Token User Delegate Signing key\nenable=true\nenableBy=admin\nname=Token User Delegate Signing Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1,i2,i3\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\ninput.i2.class_id=subjectDNInputImpl\ninput.i2.name=subjectDNInputImpl\ninput.i3.class_id=subjectAltNameExtInputImpl\ninput.i3.name=subjectAltNameExtInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o1.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=subjectNameConstraintImpl\npolicyset.set1.p1.constraint.name=Subject Name Constraint\npolicyset.set1.p1.constraint.params.pattern=.*\npolicyset.set1.p1.constraint.params.accept=true\npolicyset.set1.p1.default.class_id=userSubjectNameDefaultImpl\npolicyset.set1.p1.default.name=Subject Name Default\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.req_san_pattern_0$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserDelegateSigningKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
>2018-06-14T14:06:33Z DEBUG response status 409
>2018-06-14T14:06:33Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:33 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:33Z DEBUG Error migrating 'caTokenUserDelegateSigningKeyEnrollment': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:33Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caTokenUserDelegateSigningKeyEnrollment?action=enable
>2018-06-14T14:06:33Z DEBUG request body ''
>2018-06-14T14:06:33Z DEBUG response status 409
>2018-06-14T14:06:33Z DEBUG response headers Content-Type: application/xml
>Content-Length: 233
>Date: Thu, 14 Jun 2018 14:06:33 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PKIException><Attributes/><ClassName>com.netscape.certsrv.base.ConflictingOperationException</ClassName><Code>409</Code><Message>Profile already enabled</Message></PKIException>'
>2018-06-14T14:06:33Z DEBUG Failed to enable profile 'caTokenUserDelegateSigningKeyEnrollment' (it is probably already enabled)
>2018-06-14T14:06:33Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:33Z DEBUG request body ''
>2018-06-14T14:06:33Z DEBUG response status 204
>2018-06-14T14:06:33Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=3C7C221F8FC7C466614355AAC580C366; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:33 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b''
>2018-06-14T14:06:33Z DEBUG step duration: pki-tomcatd migrate_profiles_to_ldap 14.67 sec
>2018-06-14T14:06:33Z DEBUG   [25/28]: importing IPA certificate profiles
>2018-06-14T14:06:33Z DEBUG Created connection context.ldap2_139915055557992
>2018-06-14T14:06:33Z DEBUG Created connection context.ldap2_139915088355568
>2018-06-14T14:06:33Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket from SchemaCache
>2018-06-14T14:06:33Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f4083309d68>
>2018-06-14T14:06:33Z DEBUG Destroyed connection context.ldap2_139915088355568
>2018-06-14T14:06:33Z DEBUG Created connection context.ldap2_139915055635872
>2018-06-14T14:06:33Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket from SchemaCache
>2018-06-14T14:06:33Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f4083309b00>
>2018-06-14T14:06:33Z DEBUG Destroyed connection context.ldap2_139915055635872
>2018-06-14T14:06:33Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket from SchemaCache
>2018-06-14T14:06:33Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f4083309828>
>2018-06-14T14:06:33Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:06:33Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:06:33Z DEBUG Trying to find certificate subject base in sysupgrade
>2018-06-14T14:06:33Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
>2018-06-14T14:06:33Z DEBUG Found certificate subject base in sysupgrade: O=EXAMPLE.COM
>2018-06-14T14:06:33Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:33Z DEBUG request body ''
>2018-06-14T14:06:33Z DEBUG response status 200
>2018-06-14T14:06:33Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=B3AFEA2567340C82B6EEDC6FFE649973; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:33 GMT
>
>
>2018-06-14T14:06:33Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:33Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:33Z DEBUG request body 'profileId=KDCs_PKINIT_Certs\nclassId=caEnrollImpl\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=EXAMPLE.COM\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.example.com/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.2.3.5\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.example.com/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\n'
>2018-06-14T14:06:34Z DEBUG response status 201
>2018-06-14T14:06:34Z DEBUG response headers Location: https://ipa.example.com:8443/ca/rest/profiles/raw
>Content-Type: application/json
>Content-Length: 6974
>Date: Thu, 14 Jun 2018 14:06:33 GMT
>
>
>2018-06-14T14:06:34Z DEBUG response body b'#Thu Jun 14 16:06:33 CEST 2018\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.2.3.5\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.example.com/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=2048,3072,4096\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=EXAMPLE.COM\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.example.com/ca/ocsp\n'
>2018-06-14T14:06:34Z INFO Profile 'KDCs_PKINIT_Certs' successfully migrated to LDAP
>2018-06-14T14:06:34Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/KDCs_PKINIT_Certs?action=enable
>2018-06-14T14:06:34Z DEBUG request body ''
>2018-06-14T14:06:34Z DEBUG response status 204
>2018-06-14T14:06:34Z DEBUG response headers Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:33 GMT
>
>
>2018-06-14T14:06:34Z DEBUG response body b''
>2018-06-14T14:06:34Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:34Z DEBUG request body ''
>2018-06-14T14:06:34Z DEBUG response status 204
>2018-06-14T14:06:34Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=F75DD16B4C45F40CD181C167EF5C7EFD; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:33 GMT
>
>
>2018-06-14T14:06:34Z DEBUG response body b''
>2018-06-14T14:06:34Z INFO Imported profile 'KDCs_PKINIT_Certs'
>2018-06-14T14:06:34Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:06:34Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:06:34Z DEBUG Trying to find certificate subject base in sysupgrade
>2018-06-14T14:06:34Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
>2018-06-14T14:06:34Z DEBUG Found certificate subject base in sysupgrade: O=EXAMPLE.COM
>2018-06-14T14:06:34Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:34Z DEBUG request body ''
>2018-06-14T14:06:34Z DEBUG response status 200
>2018-06-14T14:06:34Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=6209BB697C079CC6AA79118A1A201B34; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:33 GMT
>
>
>2018-06-14T14:06:34Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:34Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:34Z DEBUG request body 'profileId=caIPAserviceCert\nclassId=caEnrollImpl\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=EXAMPLE.COM\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.example.com/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.example.com/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.12.default.class_id=commonNameToSANDefaultImpl\npolicyset.serverCertSet.12.default.name=Copy Common Name to Subject Alternative Name\n'
>2018-06-14T14:06:34Z DEBUG response status 409
>2018-06-14T14:06:34Z DEBUG response headers Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:33 GMT
>
>
>2018-06-14T14:06:34Z DEBUG response body b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
>2018-06-14T14:06:34Z DEBUG Error migrating 'caIPAserviceCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Profile already exists
>2018-06-14T14:06:34Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caIPAserviceCert?action=disable
>2018-06-14T14:06:34Z DEBUG request body ''
>2018-06-14T14:06:34Z DEBUG response status 204
>2018-06-14T14:06:34Z DEBUG response headers Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:33 GMT
>
>
>2018-06-14T14:06:34Z DEBUG response body b''
>2018-06-14T14:06:34Z DEBUG request PUT https://ipa.example.com:8443/ca/rest/profiles/caIPAserviceCert/raw
>2018-06-14T14:06:34Z DEBUG request body 'profileId=caIPAserviceCert\nclassId=caEnrollImpl\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=EXAMPLE.COM\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.example.com/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.example.com/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.12.default.class_id=commonNameToSANDefaultImpl\npolicyset.serverCertSet.12.default.name=Copy Common Name to Subject Alternative Name\n'
>2018-06-14T14:06:34Z DEBUG response status 200
>2018-06-14T14:06:34Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Content-Type: application/json
>Content-Length: 7288
>Date: Thu, 14 Jun 2018 14:06:33 GMT
>
>
>2018-06-14T14:06:34Z DEBUG response body b'#Thu Jun 14 16:06:34 CEST 2018\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.example.com/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=EXAMPLE.COM\npolicyset.serverCertSet.12.default.class_id=commonNameToSANDefaultImpl\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.12.default.name=Copy Common Name to Subject Alternative Name\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.example.com/ca/ocsp\n'
>2018-06-14T14:06:34Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/caIPAserviceCert?action=enable
>2018-06-14T14:06:34Z DEBUG request body ''
>2018-06-14T14:06:34Z DEBUG response status 204
>2018-06-14T14:06:34Z DEBUG response headers Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:33 GMT
>
>
>2018-06-14T14:06:34Z DEBUG response body b''
>2018-06-14T14:06:34Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:34Z DEBUG request body ''
>2018-06-14T14:06:34Z DEBUG response status 204
>2018-06-14T14:06:34Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=CCAE014E2B64D9548D8433715637768A; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:33 GMT
>
>
>2018-06-14T14:06:34Z DEBUG response body b''
>2018-06-14T14:06:34Z INFO Imported profile 'caIPAserviceCert'
>2018-06-14T14:06:34Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:06:34Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:06:34Z DEBUG Trying to find certificate subject base in sysupgrade
>2018-06-14T14:06:34Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
>2018-06-14T14:06:34Z DEBUG Found certificate subject base in sysupgrade: O=EXAMPLE.COM
>2018-06-14T14:06:34Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:34Z DEBUG request body ''
>2018-06-14T14:06:34Z DEBUG response status 200
>2018-06-14T14:06:34Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=8E5187A00B33C9BCC3147DA6CD640F59; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:33 GMT
>
>
>2018-06-14T14:06:34Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:34Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/raw
>2018-06-14T14:06:34Z DEBUG request body 'profileId=IECUserRoles\nclassId=caEnrollImpl\ndesc=Enroll user certificates with IECUserRoles extension via IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=EXAMPLE.COM\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.example.com/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.example.com/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.12.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.12.default.name=IECUserRoles Extension Default\npolicyset.serverCertSet.12.default.params.userExtOID=1.2.840.10070.8.1\n'
>2018-06-14T14:06:34Z DEBUG response status 201
>2018-06-14T14:06:34Z DEBUG response headers Location: https://ipa.example.com:8443/ca/rest/profiles/raw
>Content-Type: application/json
>Content-Length: 7328
>Date: Thu, 14 Jun 2018 14:06:34 GMT
>
>
>2018-06-14T14:06:34Z DEBUG response body b'#Thu Jun 14 16:06:34 CEST 2018\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\ndesc=Enroll user certificates with IECUserRoles extension via IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.example.com/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=EXAMPLE.COM\npolicyset.serverCertSet.12.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.12.default.params.userExtOID=1.2.840.10070.8.1\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.12.default.name=IECUserRoles Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.example.com/ca/ocsp\n'
>2018-06-14T14:06:34Z INFO Profile 'IECUserRoles' successfully migrated to LDAP
>2018-06-14T14:06:34Z DEBUG request POST https://ipa.example.com:8443/ca/rest/profiles/IECUserRoles?action=enable
>2018-06-14T14:06:34Z DEBUG request body ''
>2018-06-14T14:06:34Z DEBUG response status 204
>2018-06-14T14:06:34Z DEBUG response headers Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:34 GMT
>
>
>2018-06-14T14:06:34Z DEBUG response body b''
>2018-06-14T14:06:34Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:34Z DEBUG request body ''
>2018-06-14T14:06:34Z DEBUG response status 204
>2018-06-14T14:06:34Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=B57F4756CE4784CE1C1BD63DE9915169; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:34 GMT
>
>
>2018-06-14T14:06:34Z DEBUG response body b''
>2018-06-14T14:06:34Z INFO Imported profile 'IECUserRoles'
>2018-06-14T14:06:34Z DEBUG Destroyed connection context.ldap2_139915055557992
>2018-06-14T14:06:34Z DEBUG step duration: pki-tomcatd import_included_profiles 1.08 sec
>2018-06-14T14:06:34Z DEBUG   [26/28]: adding default CA ACL
>2018-06-14T14:06:34Z DEBUG Created connection context.ldap2_139915063950472
>2018-06-14T14:06:34Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket from SchemaCache
>2018-06-14T14:06:34Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f4083bf0fd0>
>2018-06-14T14:06:34Z DEBUG Destroyed connection context.ldap2_139915063950472
>2018-06-14T14:06:34Z DEBUG Created connection context.ldap2_139915055566688
>2018-06-14T14:06:34Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket from SchemaCache
>2018-06-14T14:06:34Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f4083a1fb38>
>2018-06-14T14:06:34Z DEBUG Destroyed connection context.ldap2_139915055566688
>2018-06-14T14:06:34Z DEBUG raw: caacl_find(None, version='2.229')
>2018-06-14T14:06:34Z DEBUG caacl_find(None, all=False, raw=False, version='2.229', no_members=True, pkey_only=False)
>2018-06-14T14:06:34Z DEBUG raw: caacl_add('hosts_services_caIPAserviceCert', hostcategory='all', servicecategory='all', version='2.229')
>2018-06-14T14:06:34Z DEBUG caacl_add('hosts_services_caIPAserviceCert', hostcategory='all', servicecategory='all', all=False, raw=False, version='2.229', no_members=False)
>2018-06-14T14:06:34Z DEBUG raw: caacl_add_profile('hosts_services_caIPAserviceCert', version='2.229', certprofile=('caIPAserviceCert',))
>2018-06-14T14:06:34Z DEBUG caacl_add_profile('hosts_services_caIPAserviceCert', all=False, raw=False, version='2.229', no_members=False, certprofile=('caIPAserviceCert',))
>2018-06-14T14:06:34Z DEBUG add_entry_to_group: dn=cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=example,dc=com group_dn=ipaUniqueID=259240a4-6fdc-11e8-82aa-525400d3918e,cn=caacls,cn=ca,dc=example,dc=com member_attr=ipamembercertprofile
>2018-06-14T14:06:34Z DEBUG step duration: pki-tomcatd ensure_default_caacl 0.27 sec
>2018-06-14T14:06:34Z DEBUG   [27/28]: adding 'ipa' CA entry
>2018-06-14T14:06:34Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/login
>2018-06-14T14:06:34Z DEBUG request body ''
>2018-06-14T14:06:34Z DEBUG response status 200
>2018-06-14T14:06:34Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=6A12C94F3BBCBF25908805D175FCFFF7; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Content-Length: 218
>Date: Thu, 14 Jun 2018 14:06:34 GMT
>
>
>2018-06-14T14:06:34Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
>2018-06-14T14:06:34Z DEBUG request GET https://ipa.example.com:8443/ca/rest/authorities/host-authority
>2018-06-14T14:06:34Z DEBUG request body ''
>2018-06-14T14:06:35Z DEBUG response status 200
>2018-06-14T14:06:35Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Content-Type: application/json
>Transfer-Encoding: chunked
>Date: Thu, 14 Jun 2018 14:06:34 GMT
>
>
>2018-06-14T14:06:35Z DEBUG response body b'{"isHostAuthority":true,"id":"53fdadd0-b96c-4e2d-8319-2a4087664cb0","parentID":null,"issuerDN":"CN=Certificate Authority,O=EXAMPLE.COM","serial":1,"dn":"CN=Certificate Authority,O=EXAMPLE.COM","enabled":true,"description":"Host authority","ready":true,"link":null}'
>2018-06-14T14:06:35Z DEBUG request GET https://ipa.example.com:8443/ca/rest/account/logout
>2018-06-14T14:06:35Z DEBUG request body ''
>2018-06-14T14:06:35Z DEBUG response status 204
>2018-06-14T14:06:35Z DEBUG response headers Cache-Control: private
>Expires: Thu, 01 Jan 1970 01:00:00 CET
>Set-Cookie: JSESSIONID=275DC4238E3007FF86A79B438D6ECCB6; Path=/ca; Secure; HttpOnly
>Content-Type: application/xml
>Date: Thu, 14 Jun 2018 14:06:34 GMT
>
>
>2018-06-14T14:06:35Z DEBUG response body b''
>2018-06-14T14:06:35Z DEBUG Created connection context.ldap2_139915064968864
>2018-06-14T14:06:35Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket from SchemaCache
>2018-06-14T14:06:35Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f4083bf0978>
>2018-06-14T14:06:35Z DEBUG Destroyed connection context.ldap2_139915064968864
>2018-06-14T14:06:35Z DEBUG Created connection context.ldap2_139915061031040
>2018-06-14T14:06:35Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket from SchemaCache
>2018-06-14T14:06:35Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f4083a78a20>
>2018-06-14T14:06:35Z DEBUG Destroyed connection context.ldap2_139915061031040
>2018-06-14T14:06:35Z DEBUG step duration: pki-tomcatd ensure_ipa_authority_entry 0.43 sec
>2018-06-14T14:06:35Z DEBUG   [28/28]: configuring certmonger renewal for lightweight CAs
>2018-06-14T14:06:35Z DEBUG step duration: pki-tomcatd add_lightweight_ca_tracking_requests 0.00 sec
>2018-06-14T14:06:35Z DEBUG Done configuring certificate server (pki-tomcatd).
>2018-06-14T14:06:35Z DEBUG service duration: pki-tomcatd 191.75 sec
>2018-06-14T14:06:35Z DEBUG Configuring directory server (dirsrv)
>2018-06-14T14:06:35Z DEBUG   [1/3]: configuring TLS for DS instance
>2018-06-14T14:06:35Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:06:35Z DEBUG Starting external process
>2018-06-14T14:06:35Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-EXAMPLE-COM/', '-N', '-f', '/etc/dirsrv/slapd-EXAMPLE-COM/pwdfile.txt', '-@', '/etc/dirsrv/slapd-EXAMPLE-COM/pwdfile.txt']
>2018-06-14T14:06:35Z DEBUG Process finished, return code=0
>2018-06-14T14:06:35Z DEBUG stdout=
>2018-06-14T14:06:35Z DEBUG stderr=
>2018-06-14T14:06:35Z DEBUG Starting external process
>2018-06-14T14:06:35Z DEBUG args=['/usr/sbin/selinuxenabled']
>2018-06-14T14:06:35Z DEBUG Process finished, return code=0
>2018-06-14T14:06:35Z DEBUG stdout=
>2018-06-14T14:06:35Z DEBUG stderr=
>2018-06-14T14:06:35Z DEBUG Starting external process
>2018-06-14T14:06:35Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-EXAMPLE-COM/']
>2018-06-14T14:06:35Z DEBUG Process finished, return code=0
>2018-06-14T14:06:35Z DEBUG stdout=
>2018-06-14T14:06:35Z DEBUG stderr=
>2018-06-14T14:06:35Z DEBUG Starting external process
>2018-06-14T14:06:35Z DEBUG args=['/usr/sbin/selinuxenabled']
>2018-06-14T14:06:35Z DEBUG Process finished, return code=0
>2018-06-14T14:06:35Z DEBUG stdout=
>2018-06-14T14:06:35Z DEBUG stderr=
>2018-06-14T14:06:35Z DEBUG Starting external process
>2018-06-14T14:06:35Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-EXAMPLE-COM/cert9.db']
>2018-06-14T14:06:35Z DEBUG Process finished, return code=0
>2018-06-14T14:06:35Z DEBUG stdout=
>2018-06-14T14:06:35Z DEBUG stderr=
>2018-06-14T14:06:35Z DEBUG Starting external process
>2018-06-14T14:06:35Z DEBUG args=['/usr/sbin/selinuxenabled']
>2018-06-14T14:06:35Z DEBUG Process finished, return code=0
>2018-06-14T14:06:35Z DEBUG stdout=
>2018-06-14T14:06:35Z DEBUG stderr=
>2018-06-14T14:06:35Z DEBUG Starting external process
>2018-06-14T14:06:35Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-EXAMPLE-COM/key4.db']
>2018-06-14T14:06:35Z DEBUG Process finished, return code=0
>2018-06-14T14:06:35Z DEBUG stdout=
>2018-06-14T14:06:35Z DEBUG stderr=
>2018-06-14T14:06:35Z DEBUG Starting external process
>2018-06-14T14:06:35Z DEBUG args=['/usr/sbin/selinuxenabled']
>2018-06-14T14:06:35Z DEBUG Process finished, return code=0
>2018-06-14T14:06:35Z DEBUG stdout=
>2018-06-14T14:06:35Z DEBUG stderr=
>2018-06-14T14:06:35Z DEBUG Starting external process
>2018-06-14T14:06:35Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-EXAMPLE-COM/pkcs11.txt']
>2018-06-14T14:06:35Z DEBUG Process finished, return code=0
>2018-06-14T14:06:35Z DEBUG stdout=
>2018-06-14T14:06:35Z DEBUG stderr=
>2018-06-14T14:06:35Z DEBUG Starting external process
>2018-06-14T14:06:35Z DEBUG args=['/usr/sbin/selinuxenabled']
>2018-06-14T14:06:35Z DEBUG Process finished, return code=0
>2018-06-14T14:06:35Z DEBUG stdout=
>2018-06-14T14:06:35Z DEBUG stderr=
>2018-06-14T14:06:35Z DEBUG Starting external process
>2018-06-14T14:06:35Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-EXAMPLE-COM/pwdfile.txt']
>2018-06-14T14:06:35Z DEBUG Process finished, return code=0
>2018-06-14T14:06:35Z DEBUG stdout=
>2018-06-14T14:06:35Z DEBUG stderr=
>2018-06-14T14:06:35Z DEBUG Starting external process
>2018-06-14T14:06:35Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-EXAMPLE-COM/', '-A', '-n', 'EXAMPLE.COM IPA CA', '-t', 'CT,C,C', '-a', '-f', '/etc/dirsrv/slapd-EXAMPLE-COM/pwdfile.txt']
>2018-06-14T14:06:35Z DEBUG Process finished, return code=0
>2018-06-14T14:06:35Z DEBUG stdout=
>2018-06-14T14:06:35Z DEBUG stderr=
>2018-06-14T14:06:35Z DEBUG certmonger request is in state dbus.String('NEWLY_ADDED_READING_KEYINFO', variant_level=1)
>2018-06-14T14:06:40Z DEBUG certmonger request is in state dbus.String('POST_SAVED_CERT', variant_level=1)
>2018-06-14T14:06:45Z DEBUG certmonger request is in state dbus.String('MONITORING', variant_level=1)
>2018-06-14T14:06:45Z DEBUG Destroyed connection context.ldap2_139915100616072
>2018-06-14T14:06:45Z DEBUG Created connection context.ldap2_139915100616072
>2018-06-14T14:06:45Z DEBUG Starting external process
>2018-06-14T14:06:45Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-EXAMPLE-COM/', '-L', '-n', 'Server-Cert', '-a', '-f', '/etc/dirsrv/slapd-EXAMPLE-COM/pwdfile.txt']
>2018-06-14T14:06:45Z DEBUG Process finished, return code=0
>2018-06-14T14:06:45Z DEBUG stdout=-----BEGIN CERTIFICATE-----
>MIIEnzCCA4egAwIBAgIBCDANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKDAtFWEFN
>UExFLkNPTTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE4MDYx
>NDE0MDYzNVoXDTIwMDYxNDE0MDYzNVowMDEUMBIGA1UECgwLRVhBTVBMRS5DT00x
>GDAWBgNVBAMMD2lwYS5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
>ADCCAQoCggEBAL942kRudaZkfGZlGh898Kyp721UurGXNvKaGZY+8IYFo3RZcl/x
>Uwi+zgI+wAJ8o0YP1hn6zX4onalfh4X1WD75PMKicegS+kkTZcZkl4KFpsWSuHLA
>KxCWC7e8KAxDOo7L4ukq9kxrY8eggxXKJJZf8VdGr1wSeEwvCi5ZHOpddQ5GGaOy
>OIXUc15nRTW1KF9hulApIiVx3DUHKPiMSNE/CDC+nb8bKZ6YT4XdfDBQkQiuRuxy
>RcT57wUbNQH1JmQK9xbk5SegUdwWF0Ax/6K5SccK5CFUdeJtYKZNP8OEd+QO2iZz
>1P29GcfPYdz91ZUAxHysMX83VSSHMOljeQsCAwEAAaOCAbwwggG4MB8GA1UdIwQY
>MBaAFLkweoqVTdkBMwg0fi1QfIzazygGMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEF
>BQcwAYYhaHR0cDovL2lwYS1jYS5leGFtcGxlLmNvbS9jYS9vY3NwMA4GA1UdDwEB
>/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdgYDVR0fBG8w
>bTBroDOgMYYvaHR0cDovL2lwYS1jYS5leGFtcGxlLmNvbS9pcGEvY3JsL01hc3Rl
>ckNSTC5iaW6iNKQyMDAxDjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZp
>Y2F0ZSBBdXRob3JpdHkwHQYDVR0OBBYEFN4OecE3ABrw5ijCMnAYWmjuyFDMMIGP
>BgNVHREEgYcwgYSCD2lwYS5leGFtcGxlLmNvbaAwBgorBgEEAYI3FAIDoCIMIGxk
>YXAvaXBhLmV4YW1wbGUuY29tQEVYQU1QTEUuQ09NoD8GBisGAQUCAqA1MDOgDRsL
>RVhBTVBMRS5DT02hIjAgoAMCAQGhGTAXGwRsZGFwGw9pcGEuZXhhbXBsZS5jb20w
>DQYJKoZIhvcNAQELBQADggEBAC/+T8icNdGXzMwDvccq8owoq3zr1H7Oh9Vx43hh
>gW61EzuBLZT7JH454PdXYBeQ1wHHU6pPp1q8hcd2uXx/XirrewvpByCm7x4P4EmM
>5n2YzBhD5DlwUpLxTtp681PjM7hegR9Ey3IrKQnC4fRyjWrdRxgff6zAvOYSNxA/
>RYvuWw+s/7vktpuXj7Wga6HQ6ewboVW8Z+DIQoaOvI429yQaurxP1DNqFnRwWPou
>nosT5Esdbo1wCU7l765CftNt7xaSG1y166CszNwvuqYISgyvqScnIorIOuvzGJfH
>aw9Of0Vyr3UaILrsOK08ZPhUQt8alETm5b03MuB8M6esYHw=
>-----END CERTIFICATE-----
>
>2018-06-14T14:06:45Z DEBUG stderr=
>2018-06-14T14:06:45Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket from SchemaCache
>2018-06-14T14:06:45Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f40854edac8>
>2018-06-14T14:06:46Z DEBUG step duration: dirsrv __enable_ssl 10.73 sec
>2018-06-14T14:06:46Z DEBUG   [2/3]: adding CA certificate entry
>2018-06-14T14:06:46Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:06:46Z DEBUG Starting external process
>2018-06-14T14:06:46Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-EXAMPLE-COM/', '-L', '-f', '/etc/dirsrv/slapd-EXAMPLE-COM/pwdfile.txt']
>2018-06-14T14:06:46Z DEBUG Process finished, return code=0
>2018-06-14T14:06:46Z DEBUG stdout=
>Certificate Nickname                                         Trust Attributes
>                                                             SSL,S/MIME,JAR/XPI
>
>EXAMPLE.COM IPA CA                                           CT,C,C
>Server-Cert                                                  u,u,u
>
>2018-06-14T14:06:46Z DEBUG stderr=
>2018-06-14T14:06:46Z DEBUG Starting external process
>2018-06-14T14:06:46Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-EXAMPLE-COM/', '-O', '-n', 'EXAMPLE.COM IPA CA', '-f', '/etc/dirsrv/slapd-EXAMPLE-COM/pwdfile.txt']
>2018-06-14T14:06:46Z DEBUG Process finished, return code=0
>2018-06-14T14:06:46Z DEBUG stdout="EXAMPLE.COM IPA CA" [CN=Certificate Authority,O=EXAMPLE.COM]
>
>
>2018-06-14T14:06:46Z DEBUG stderr=
>2018-06-14T14:06:46Z DEBUG Starting external process
>2018-06-14T14:06:46Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-EXAMPLE-COM/', '-L', '-n', 'EXAMPLE.COM IPA CA', '-a', '-f', '/etc/dirsrv/slapd-EXAMPLE-COM/pwdfile.txt']
>2018-06-14T14:06:46Z DEBUG Process finished, return code=0
>2018-06-14T14:06:46Z DEBUG stdout=-----BEGIN CERTIFICATE-----
>MIIDizCCAnOgAwIBAgIBATANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKDAtFWEFN
>UExFLkNPTTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE4MDYx
>NDE0MDQwOFoXDTM4MDYxNDE0MDQwOFowNjEUMBIGA1UECgwLRVhBTVBMRS5DT00x
>HjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEB
>BQADggEPADCCAQoCggEBAJuIMwstNT1kl33GzIsVEA6b/Dmj+e8F5KnotEfdcbWx
>QAd9YnsCYkbcUKu2fraueCdef1Wxk5X8xCehm6aF24CQmaU/GKtTNiPRZGrIm+q5
>1QESD+GCU03dnJRpQ4Ge4CpBuKL0uG0r1u6eXIElYmKQOBc+dn8VFcABqC8wcmYx
>cUpKKSbTXtFsz/fLebO/gZ3Dcqe6uwRaYmcQSYDXofP376PKbPUB2bDfsMKHjuCy
>ZXJp3UwmOq/E1DXTiJ/2ZUoWA0xBkYzM5L6UshLqviqC/8iCZvcHNRqgWAc0cRPv
>SmaDxYOnJL4cntojFY0FP8+GYcguHd08DeAqqLJzuucCAwEAAaOBozCBoDAfBgNV
>HSMEGDAWgBS5MHqKlU3ZATMINH4tUHyM2s8oBjAPBgNVHRMBAf8EBTADAQH/MA4G
>A1UdDwEB/wQEAwIBxjAdBgNVHQ4EFgQUuTB6ipVN2QEzCDR+LVB8jNrPKAYwPQYI
>KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vaXBhLWNhLmV4YW1wbGUu
>Y29tL2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBADtCSzctY35oHlPNHhBxb/fy
>/jD3rNaKDfwLgO/ujVcZ4Hjci+LqO+wLiIP8AgxdbgJEsR57hzFf38JEaZs0+SDS
>xbd+MA1bPnYtAM7+7Mj4poTK1dmVau+5wLCsJEtzh7RAVSTcCQJ9ioe5/CvklfEC
>VD3AF3krKGqj9fgZCFv9yhZVRgVkZoywRJN4UzYHqvn+J98UTuRrrWiHiNkWtjsC
>od8ogxUNhE7NyQDXLpL26iLw8+kj6Xeo8FyT/baE8qobELfuGY2/fLmf37mT9E8s
>Q2n6whJfzjPukTQGErFXj9lL8Fdka/gvHK7+QBJ1oArvGU/voRUwfOVRGZstxFE=
>-----END CERTIFICATE-----
>
>2018-06-14T14:06:46Z DEBUG stderr=
>2018-06-14T14:06:46Z DEBUG step duration: dirsrv __upload_ca_cert 0.17 sec
>2018-06-14T14:06:46Z DEBUG   [3/3]: restarting directory server
>2018-06-14T14:06:46Z DEBUG Destroyed connection context.ldap2_139915100616072
>2018-06-14T14:06:46Z DEBUG Starting external process
>2018-06-14T14:06:46Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload']
>2018-06-14T14:06:46Z DEBUG Process finished, return code=0
>2018-06-14T14:06:46Z DEBUG stdout=
>2018-06-14T14:06:46Z DEBUG stderr=
>2018-06-14T14:06:46Z DEBUG Starting external process
>2018-06-14T14:06:46Z DEBUG args=['/bin/systemctl', 'restart', 'dirsrv@EXAMPLE-COM.service']
>2018-06-14T14:06:49Z DEBUG Process finished, return code=0
>2018-06-14T14:06:49Z DEBUG stdout=
>2018-06-14T14:06:49Z DEBUG stderr=
>2018-06-14T14:06:49Z DEBUG Starting external process
>2018-06-14T14:06:49Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@EXAMPLE-COM.service']
>2018-06-14T14:06:49Z DEBUG Process finished, return code=0
>2018-06-14T14:06:49Z DEBUG stdout=active
>
>2018-06-14T14:06:49Z DEBUG stderr=
>2018-06-14T14:06:49Z DEBUG wait_for_open_ports: localhost [389] timeout 300
>2018-06-14T14:06:49Z DEBUG waiting for port: 389
>2018-06-14T14:06:49Z DEBUG SUCCESS: port: 389
>2018-06-14T14:06:49Z DEBUG Restart of dirsrv@EXAMPLE-COM.service complete
>2018-06-14T14:06:49Z DEBUG Starting external process
>2018-06-14T14:06:49Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@EXAMPLE-COM.service']
>2018-06-14T14:06:49Z DEBUG Process finished, return code=0
>2018-06-14T14:06:49Z DEBUG stdout=active
>
>2018-06-14T14:06:49Z DEBUG stderr=
>2018-06-14T14:06:49Z DEBUG Created connection context.ldap2_139915100616072
>2018-06-14T14:06:49Z DEBUG step duration: dirsrv __restart_instance 3.29 sec
>2018-06-14T14:06:49Z DEBUG Done configuring directory server (dirsrv).
>2018-06-14T14:06:49Z DEBUG service duration: dirsrv 14.20 sec
>2018-06-14T14:06:49Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:06:49Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:06:49Z DEBUG Starting external process
>2018-06-14T14:06:49Z DEBUG args=['/bin/systemctl', 'stop', 'pki-tomcatd@pki-tomcat.service']
>2018-06-14T14:06:50Z DEBUG Process finished, return code=0
>2018-06-14T14:06:50Z DEBUG stdout=
>2018-06-14T14:06:50Z DEBUG stderr=
>2018-06-14T14:06:50Z DEBUG Stop of pki-tomcatd@pki-tomcat.service complete
>2018-06-14T14:06:50Z DEBUG Ensuring that service pki-tomcatd@pki-tomcat is not running while the next set of commands is being executed.
>2018-06-14T14:06:50Z DEBUG Starting external process
>2018-06-14T14:06:50Z DEBUG args=['/bin/systemctl', 'is-active', 'pki-tomcatd@pki-tomcat.service']
>2018-06-14T14:06:50Z DEBUG Process finished, return code=3
>2018-06-14T14:06:50Z DEBUG stdout=inactive
>
>2018-06-14T14:06:50Z DEBUG stderr=
>2018-06-14T14:06:50Z DEBUG Service pki-tomcatd@pki-tomcat is not running, continue.
>2018-06-14T14:06:50Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
>2018-06-14T14:06:50Z INFO [Set up lightweight CA key retrieval]
>2018-06-14T14:06:50Z INFO Creating principal
>2018-06-14T14:06:50Z DEBUG Starting external process
>2018-06-14T14:06:50Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey dogtag/ipa.example.com@EXAMPLE.COM', '-x', 'ipa-setup-override-restrictions']
>2018-06-14T14:06:50Z DEBUG Process finished, return code=0
>2018-06-14T14:06:50Z DEBUG stdout=Authenticating as principal root/admin@EXAMPLE.COM with password.
>Principal "dogtag/ipa.example.com@EXAMPLE.COM" created.
>
>2018-06-14T14:06:50Z DEBUG stderr=WARNING: no policy specified for dogtag/ipa.example.com@EXAMPLE.COM; defaulting to no policy
>
>2018-06-14T14:06:50Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket from SchemaCache
>2018-06-14T14:06:50Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f40851b4390>
>2018-06-14T14:06:50Z INFO Retrieving keytab
>2018-06-14T14:06:50Z DEBUG Starting external process
>2018-06-14T14:06:50Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'ktadd -k /etc/pki/pki-tomcat/dogtag.keytab dogtag/ipa.example.com@EXAMPLE.COM', '-x', 'ipa-setup-override-restrictions']
>2018-06-14T14:06:51Z DEBUG Process finished, return code=0
>2018-06-14T14:06:51Z DEBUG stdout=Authenticating as principal root/admin@EXAMPLE.COM with password.
>Entry for principal dogtag/ipa.example.com@EXAMPLE.COM with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab.
>Entry for principal dogtag/ipa.example.com@EXAMPLE.COM with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab.
>Entry for principal dogtag/ipa.example.com@EXAMPLE.COM with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab.
>Entry for principal dogtag/ipa.example.com@EXAMPLE.COM with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab.
>Entry for principal dogtag/ipa.example.com@EXAMPLE.COM with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab.
>Entry for principal dogtag/ipa.example.com@EXAMPLE.COM with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab.
>
>2018-06-14T14:06:51Z DEBUG stderr=
>2018-06-14T14:06:51Z INFO Creating Custodia keys
>2018-06-14T14:06:51Z DEBUG Created connection context.ldap2_139915055563608
>2018-06-14T14:06:51Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket from SchemaCache
>2018-06-14T14:06:51Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f40832f8d68>
>2018-06-14T14:06:51Z DEBUG Destroyed connection context.ldap2_139915055563608
>2018-06-14T14:06:51Z DEBUG Created connection context.ldap2_139915055566184
>2018-06-14T14:06:51Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket from SchemaCache
>2018-06-14T14:06:51Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f4085213518>
>2018-06-14T14:06:51Z DEBUG Destroyed connection context.ldap2_139915055566184
>2018-06-14T14:06:51Z INFO Configuring key retriever
>2018-06-14T14:06:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
>2018-06-14T14:06:51Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
>2018-06-14T14:06:51Z DEBUG Destroyed connection context.ldap2_139915100616072
>2018-06-14T14:06:51Z DEBUG Starting external process
>2018-06-14T14:06:51Z DEBUG args=['/bin/systemctl', 'restart', 'dirsrv@EXAMPLE-COM.service']
>2018-06-14T14:06:53Z DEBUG Process finished, return code=0
>2018-06-14T14:06:53Z DEBUG stdout=
>2018-06-14T14:06:53Z DEBUG stderr=
>2018-06-14T14:06:53Z DEBUG Restart of dirsrv@EXAMPLE-COM.service complete
>2018-06-14T14:06:53Z DEBUG Created connection context.ldap2_139915100616072
>2018-06-14T14:06:53Z DEBUG Starting external process
>2018-06-14T14:06:53Z DEBUG args=['/bin/systemctl', 'start', 'pki-tomcatd@pki-tomcat.service']
>2018-06-14T14:06:56Z DEBUG Process finished, return code=0
>2018-06-14T14:06:56Z DEBUG stdout=
>2018-06-14T14:06:56Z DEBUG stderr=
>2018-06-14T14:06:56Z DEBUG Starting external process
>2018-06-14T14:06:56Z DEBUG args=['/bin/systemctl', 'is-active', 'pki-tomcatd@pki-tomcat.service']
>2018-06-14T14:06:56Z DEBUG Process finished, return code=0
>2018-06-14T14:06:56Z DEBUG stdout=active
>
>2018-06-14T14:06:56Z DEBUG stderr=
>2018-06-14T14:06:56Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
>2018-06-14T14:06:56Z DEBUG waiting for port: 8080
>2018-06-14T14:06:56Z DEBUG Failed to connect to port 8080 tcp on ::1
>2018-06-14T14:06:56Z DEBUG Failed to connect to port 8080 tcp on 127.0.0.1
>2018-06-14T14:06:58Z DEBUG SUCCESS: port: 8080
>2018-06-14T14:06:58Z DEBUG waiting for port: 8443
>2018-06-14T14:06:58Z DEBUG SUCCESS: port: 8443
>2018-06-14T14:06:58Z DEBUG Start of pki-tomcatd@pki-tomcat.service complete
>2018-06-14T14:06:58Z DEBUG Waiting until the CA is running
>2018-06-14T14:06:58Z DEBUG request POST http://ipa.example.com:8080/ca/admin/ca/getStatus
>2018-06-14T14:06:58Z DEBUG request body ''
>2018-06-14T14:07:06Z DEBUG response status 200
>2018-06-14T14:07:06Z DEBUG response headers Content-Type: application/xml
>Content-Length: 168
>Date: Thu, 14 Jun 2018 14:07:06 GMT
>
>
>2018-06-14T14:07:06Z DEBUG response body b'<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.6.1-3.fc28</Version></XMLResponse>'
>2018-06-14T14:07:06Z DEBUG The CA status is: running
>2018-06-14T14:07:06Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:07:06Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:07:06Z DEBUG Configuring ipa-otpd
>2018-06-14T14:07:06Z DEBUG   [1/2]: starting ipa-otpd 
>2018-06-14T14:07:06Z DEBUG Starting external process
>2018-06-14T14:07:06Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-otpd.socket']
>2018-06-14T14:07:06Z DEBUG Process finished, return code=3
>2018-06-14T14:07:06Z DEBUG stdout=inactive
>
>2018-06-14T14:07:06Z DEBUG stderr=
>2018-06-14T14:07:06Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:07:06Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:07:06Z DEBUG Starting external process
>2018-06-14T14:07:06Z DEBUG args=['/bin/systemctl', 'restart', 'ipa-otpd.socket']
>2018-06-14T14:07:06Z DEBUG Process finished, return code=0
>2018-06-14T14:07:06Z DEBUG stdout=
>2018-06-14T14:07:06Z DEBUG stderr=
>2018-06-14T14:07:06Z DEBUG Starting external process
>2018-06-14T14:07:06Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-otpd.socket']
>2018-06-14T14:07:06Z DEBUG Process finished, return code=0
>2018-06-14T14:07:06Z DEBUG stdout=active
>
>2018-06-14T14:07:06Z DEBUG stderr=
>2018-06-14T14:07:06Z DEBUG Restart of ipa-otpd.socket complete
>2018-06-14T14:07:06Z DEBUG step duration: ipa-otpd __start 0.08 sec
>2018-06-14T14:07:06Z DEBUG   [2/2]: configuring ipa-otpd to start on boot
>2018-06-14T14:07:06Z DEBUG Starting external process
>2018-06-14T14:07:06Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ipa-otpd.socket']
>2018-06-14T14:07:06Z DEBUG Process finished, return code=1
>2018-06-14T14:07:06Z DEBUG stdout=disabled
>
>2018-06-14T14:07:06Z DEBUG stderr=
>2018-06-14T14:07:06Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:07:06Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:07:06Z DEBUG Starting external process
>2018-06-14T14:07:06Z DEBUG args=['/bin/systemctl', 'disable', 'ipa-otpd.socket']
>2018-06-14T14:07:07Z DEBUG Process finished, return code=0
>2018-06-14T14:07:07Z DEBUG stdout=
>2018-06-14T14:07:07Z DEBUG stderr=
>2018-06-14T14:07:07Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket from SchemaCache
>2018-06-14T14:07:07Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f40832f84e0>
>2018-06-14T14:07:07Z DEBUG step duration: ipa-otpd __enable 0.64 sec
>2018-06-14T14:07:07Z DEBUG Done configuring ipa-otpd.
>2018-06-14T14:07:07Z DEBUG service duration: ipa-otpd 0.72 sec
>2018-06-14T14:07:07Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:07:07Z DEBUG Configuring the web interface (httpd)
>2018-06-14T14:07:07Z DEBUG   [1/21]: stopping httpd
>2018-06-14T14:07:07Z DEBUG Starting external process
>2018-06-14T14:07:07Z DEBUG args=['/bin/systemctl', 'is-active', 'httpd.service']
>2018-06-14T14:07:07Z DEBUG Process finished, return code=3
>2018-06-14T14:07:07Z DEBUG stdout=failed
>
>2018-06-14T14:07:07Z DEBUG stderr=
>2018-06-14T14:07:07Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:07:07Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:07:07Z DEBUG Starting external process
>2018-06-14T14:07:07Z DEBUG args=['/bin/systemctl', 'stop', 'httpd.service']
>2018-06-14T14:07:07Z DEBUG Process finished, return code=0
>2018-06-14T14:07:07Z DEBUG stdout=
>2018-06-14T14:07:07Z DEBUG stderr=
>2018-06-14T14:07:07Z DEBUG Stop of httpd.service complete
>2018-06-14T14:07:07Z DEBUG step duration: httpd __stop 0.05 sec
>2018-06-14T14:07:07Z DEBUG   [2/21]: backing up ssl.conf
>2018-06-14T14:07:07Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ssl.conf'
>2018-06-14T14:07:07Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
>2018-06-14T14:07:07Z DEBUG step duration: httpd backup_ssl_conf 0.00 sec
>2018-06-14T14:07:07Z DEBUG   [3/21]: disabling nss.conf
>2018-06-14T14:07:07Z DEBUG step duration: httpd disable_nss_conf 0.00 sec
>2018-06-14T14:07:07Z DEBUG   [4/21]: configuring mod_ssl certificate paths
>2018-06-14T14:07:07Z DEBUG step duration: httpd configure_mod_ssl_certs 0.02 sec
>2018-06-14T14:07:07Z DEBUG   [5/21]: setting mod_ssl protocol list to TLSv1.0 - TLSv1.2
>2018-06-14T14:07:07Z DEBUG step duration: httpd set_mod_ssl_protocol 0.01 sec
>2018-06-14T14:07:07Z DEBUG   [6/21]: configuring mod_ssl log directory
>2018-06-14T14:07:07Z DEBUG step duration: httpd set_mod_ssl_logdir 0.00 sec
>2018-06-14T14:07:07Z DEBUG   [7/21]: disabling mod_ssl OCSP
>2018-06-14T14:07:07Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
>2018-06-14T14:07:07Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
>2018-06-14T14:07:07Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
>2018-06-14T14:07:07Z DEBUG step duration: httpd disable_mod_ssl_ocsp 0.04 sec
>2018-06-14T14:07:07Z DEBUG   [8/21]: adding URL rewriting rules
>2018-06-14T14:07:07Z DEBUG step duration: httpd __add_include 0.00 sec
>2018-06-14T14:07:07Z DEBUG   [9/21]: configuring httpd
>2018-06-14T14:07:07Z DEBUG Starting external process
>2018-06-14T14:07:07Z DEBUG args=['/usr/sbin/selinuxenabled']
>2018-06-14T14:07:07Z DEBUG Process finished, return code=0
>2018-06-14T14:07:07Z DEBUG stdout=
>2018-06-14T14:07:07Z DEBUG stderr=
>2018-06-14T14:07:07Z DEBUG Starting external process
>2018-06-14T14:07:07Z DEBUG args=['/sbin/restorecon', '/etc/systemd/system/httpd.service.d/ipa.conf']
>2018-06-14T14:07:07Z DEBUG Process finished, return code=0
>2018-06-14T14:07:07Z DEBUG stdout=
>2018-06-14T14:07:07Z DEBUG stderr=
>2018-06-14T14:07:07Z DEBUG Starting external process
>2018-06-14T14:07:07Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload']
>2018-06-14T14:07:07Z DEBUG Process finished, return code=0
>2018-06-14T14:07:07Z DEBUG stdout=
>2018-06-14T14:07:07Z DEBUG stderr=
>2018-06-14T14:07:07Z DEBUG Starting external process
>2018-06-14T14:07:07Z DEBUG args=['/usr/sbin/selinuxenabled']
>2018-06-14T14:07:07Z DEBUG Process finished, return code=0
>2018-06-14T14:07:07Z DEBUG stdout=
>2018-06-14T14:07:07Z DEBUG stderr=
>2018-06-14T14:07:07Z DEBUG Starting external process
>2018-06-14T14:07:07Z DEBUG args=['/sbin/restorecon', '/etc/httpd/conf.modules.d/02-ipa-wsgi.conf']
>2018-06-14T14:07:07Z DEBUG Process finished, return code=0
>2018-06-14T14:07:07Z DEBUG stdout=
>2018-06-14T14:07:07Z DEBUG stderr=
>2018-06-14T14:07:07Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ipa.conf'
>2018-06-14T14:07:07Z DEBUG   -> Not backing up - '/etc/httpd/conf.d/ipa.conf' doesn't exist
>2018-06-14T14:07:07Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ipa-rewrite.conf'
>2018-06-14T14:07:07Z DEBUG   -> Not backing up - '/etc/httpd/conf.d/ipa-rewrite.conf' doesn't exist
>2018-06-14T14:07:07Z DEBUG step duration: httpd __configure_http 0.22 sec
>2018-06-14T14:07:07Z DEBUG   [10/21]: setting up httpd keytab
>2018-06-14T14:07:07Z DEBUG raw: service_add('HTTP/ipa.example.com@EXAMPLE.COM', force=True, version='2.229')
>2018-06-14T14:07:07Z DEBUG service_add(ipapython.kerberos.Principal('HTTP/ipa.example.com@EXAMPLE.COM'), force=True, skip_host_check=False, all=False, raw=False, version='2.229', no_members=False)
>2018-06-14T14:07:07Z DEBUG raw: host_show('ipa.example.com', version='2.229')
>2018-06-14T14:07:07Z DEBUG host_show('ipa.example.com', rights=False, all=False, raw=False, version='2.229', no_members=False)
>2018-06-14T14:07:07Z DEBUG Backing up system configuration file '/var/lib/ipa/gssproxy/http.keytab'
>2018-06-14T14:07:07Z DEBUG   -> Not backing up - '/var/lib/ipa/gssproxy/http.keytab' doesn't exist
>2018-06-14T14:07:07Z DEBUG Starting external process
>2018-06-14T14:07:07Z DEBUG args=['/usr/sbin/ipa-getkeytab', '-k', '/var/lib/ipa/gssproxy/http.keytab', '-p', 'HTTP/ipa.example.com@EXAMPLE.COM', '-H', 'ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket', '-Y', 'EXTERNAL']
>2018-06-14T14:07:08Z DEBUG Process finished, return code=0
>2018-06-14T14:07:08Z DEBUG stdout=
>2018-06-14T14:07:08Z DEBUG stderr=Keytab successfully retrieved and stored in: /var/lib/ipa/gssproxy/http.keytab
>
>2018-06-14T14:07:08Z DEBUG step duration: httpd request_service_keytab 0.08 sec
>2018-06-14T14:07:08Z DEBUG   [11/21]: configuring Gssproxy
>2018-06-14T14:07:08Z DEBUG Starting external process
>2018-06-14T14:07:08Z DEBUG args=['/usr/sbin/selinuxenabled']
>2018-06-14T14:07:08Z DEBUG Process finished, return code=0
>2018-06-14T14:07:08Z DEBUG stdout=
>2018-06-14T14:07:08Z DEBUG stderr=
>2018-06-14T14:07:08Z DEBUG Starting external process
>2018-06-14T14:07:08Z DEBUG args=['/sbin/restorecon', '/etc/gssproxy/10-ipa.conf']
>2018-06-14T14:07:08Z DEBUG Process finished, return code=0
>2018-06-14T14:07:08Z DEBUG stdout=
>2018-06-14T14:07:08Z DEBUG stderr=
>2018-06-14T14:07:08Z DEBUG Starting external process
>2018-06-14T14:07:08Z DEBUG args=['/bin/systemctl', 'restart', 'gssproxy.service']
>2018-06-14T14:07:08Z DEBUG Process finished, return code=0
>2018-06-14T14:07:08Z DEBUG stdout=
>2018-06-14T14:07:08Z DEBUG stderr=
>2018-06-14T14:07:08Z DEBUG Starting external process
>2018-06-14T14:07:08Z DEBUG args=['/bin/systemctl', 'is-active', 'gssproxy.service']
>2018-06-14T14:07:08Z DEBUG Process finished, return code=0
>2018-06-14T14:07:08Z DEBUG stdout=active
>
>2018-06-14T14:07:08Z DEBUG stderr=
>2018-06-14T14:07:08Z DEBUG Restart of gssproxy.service complete
>2018-06-14T14:07:08Z DEBUG step duration: httpd configure_gssproxy 0.06 sec
>2018-06-14T14:07:08Z DEBUG   [12/21]: setting up ssl
>2018-06-14T14:07:08Z DEBUG certmonger request is in state dbus.String('NEWLY_ADDED_READING_CERT', variant_level=1)
>2018-06-14T14:07:13Z DEBUG certmonger request is in state dbus.String('MONITORING', variant_level=1)
>2018-06-14T14:07:13Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
>2018-06-14T14:07:13Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
>2018-06-14T14:07:13Z DEBUG step duration: httpd __setup_ssl 5.23 sec
>2018-06-14T14:07:13Z DEBUG   [13/21]: configure certmonger for renewals
>2018-06-14T14:07:13Z DEBUG Starting external process
>2018-06-14T14:07:13Z DEBUG args=['/bin/systemctl', 'is-active', 'certmonger.service']
>2018-06-14T14:07:13Z DEBUG Process finished, return code=0
>2018-06-14T14:07:13Z DEBUG stdout=active
>
>2018-06-14T14:07:13Z DEBUG stderr=
>2018-06-14T14:07:13Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:07:13Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:07:13Z DEBUG step duration: httpd configure_certmonger_renewal_guard 0.10 sec
>2018-06-14T14:07:13Z DEBUG   [14/21]: publish CA cert
>2018-06-14T14:07:13Z DEBUG step duration: httpd __publish_ca_cert 0.01 sec
>2018-06-14T14:07:13Z DEBUG   [15/21]: clean up any existing httpd ccaches
>2018-06-14T14:07:13Z DEBUG step duration: httpd remove_httpd_ccaches 0.00 sec
>2018-06-14T14:07:13Z DEBUG   [16/21]: configuring SELinux for httpd
>2018-06-14T14:07:13Z DEBUG Starting external process
>2018-06-14T14:07:13Z DEBUG args=['/usr/sbin/selinuxenabled']
>2018-06-14T14:07:13Z DEBUG Process finished, return code=0
>2018-06-14T14:07:13Z DEBUG stdout=
>2018-06-14T14:07:13Z DEBUG stderr=
>2018-06-14T14:07:13Z DEBUG Starting external process
>2018-06-14T14:07:13Z DEBUG args=['/usr/sbin/getsebool', 'httpd_can_network_connect']
>2018-06-14T14:07:13Z DEBUG Process finished, return code=0
>2018-06-14T14:07:13Z DEBUG stdout=httpd_can_network_connect --> off
>
>2018-06-14T14:07:13Z DEBUG stderr=
>2018-06-14T14:07:13Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:07:13Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:07:13Z DEBUG Starting external process
>2018-06-14T14:07:13Z DEBUG args=['/usr/sbin/getsebool', 'httpd_manage_ipa']
>2018-06-14T14:07:13Z DEBUG Process finished, return code=0
>2018-06-14T14:07:13Z DEBUG stdout=httpd_manage_ipa --> off
>
>2018-06-14T14:07:13Z DEBUG stderr=
>2018-06-14T14:07:13Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:07:13Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:07:13Z DEBUG Starting external process
>2018-06-14T14:07:13Z DEBUG args=['/usr/sbin/getsebool', 'httpd_run_ipa']
>2018-06-14T14:07:13Z DEBUG Process finished, return code=0
>2018-06-14T14:07:13Z DEBUG stdout=httpd_run_ipa --> off
>
>2018-06-14T14:07:13Z DEBUG stderr=
>2018-06-14T14:07:13Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:07:13Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:07:13Z DEBUG Starting external process
>2018-06-14T14:07:13Z DEBUG args=['/usr/sbin/getsebool', 'httpd_dbus_sssd']
>2018-06-14T14:07:13Z DEBUG Process finished, return code=0
>2018-06-14T14:07:13Z DEBUG stdout=httpd_dbus_sssd --> off
>
>2018-06-14T14:07:13Z DEBUG stderr=
>2018-06-14T14:07:13Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:07:13Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
>2018-06-14T14:07:13Z DEBUG Starting external process
>2018-06-14T14:07:13Z DEBUG args=['/usr/sbin/setsebool', '-P', 'httpd_can_network_connect=on', 'httpd_manage_ipa=on', 'httpd_run_ipa=on', 'httpd_dbus_sssd=on']
>2018-06-14T14:07:19Z DEBUG Process finished, return code=0
>2018-06-14T14:07:19Z DEBUG stdout=
>2018-06-14T14:07:19Z DEBUG stderr=
>2018-06-14T14:07:19Z DEBUG step duration: httpd configure_selinux_for_httpd 6.30 sec
>2018-06-14T14:07:19Z DEBUG   [17/21]: create KDC proxy config
>2018-06-14T14:07:19Z DEBUG Backing up system configuration file '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf'
>2018-06-14T14:07:19Z DEBUG   -> Not backing up - '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf' doesn't exist
>2018-06-14T14:07:19Z DEBUG step duration: httpd create_kdcproxy_conf 0.00 sec
>2018-06-14T14:07:19Z DEBUG   [18/21]: enable KDC proxy
>2018-06-14T14:07:19Z DEBUG service KDC has all config values set
>2018-06-14T14:07:19Z DEBUG step duration: httpd enable_kdcproxy 0.01 sec
>2018-06-14T14:07:19Z DEBUG   [19/21]: starting httpd
>2018-06-14T14:07:19Z DEBUG Starting external process
>2018-06-14T14:07:19Z DEBUG args=['/bin/systemctl', 'start', 'httpd.service']
>2018-06-14T14:07:20Z DEBUG Process finished, return code=1
>2018-06-14T14:07:20Z DEBUG stdout=
>2018-06-14T14:07:20Z DEBUG stderr=Job for httpd.service failed because the control process exited with error code.
>See "systemctl status httpd.service" and "journalctl -xe" for details.
>
>2018-06-14T14:07:20Z DEBUG Traceback (most recent call last):
>  File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 555, in start_creation
>    run_step(full_msg, method)
>  File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 541, in run_step
>    method()
>  File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 447, in start
>    self.service.start(instance_name, capture_output=capture_output, wait=wait)
>  File "/usr/lib/python3.6/site-packages/ipaplatform/base/services.py", line 301, in start
>    skip_output=not capture_output)
>  File "/usr/lib/python3.6/site-packages/ipapython/ipautil.py", line 572, in run
>    p.returncode, arg_string, output_log, error_log
>ipapython.ipautil.CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'httpd.service'] returned non-zero exit status 1: 'Job for httpd.service failed because the control process exited with error code.\nSee "systemctl status httpd.service" and "journalctl -xe" for details.\n')
>
>2018-06-14T14:07:20Z DEBUG   [error] CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'httpd.service'] returned non-zero exit status 1: 'Job for httpd.service failed because the control process exited with error code.\nSee "systemctl status httpd.service" and "journalctl -xe" for details.\n')
>2018-06-14T14:07:20Z DEBUG   File "/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 178, in execute
>    return_value = self.run()
>  File "/usr/lib/python3.6/site-packages/ipapython/install/cli.py", line 319, in run
>    return cfgr.run()
>  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 364, in run
>    return self.execute()
>  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 389, in execute
>    for rval in self._executor():
>  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 434, in __runner
>    exc_handler(exc_info)
>  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 463, in _handle_execute_exception
>    self._handle_exception(exc_info)
>  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 453, in _handle_exception
>    six.reraise(*exc_info)
>  File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
>    raise value
>  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 424, in __runner
>    step()
>  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421, in <lambda>
>    step = lambda: next(self.__gen)
>  File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
>    six.reraise(*exc_info)
>  File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
>    raise value
>  File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
>    value = gen.send(prev_value)
>  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 658, in _configure
>    next(executor)
>  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 434, in __runner
>    exc_handler(exc_info)
>  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 463, in _handle_execute_exception
>    self._handle_exception(exc_info)
>  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 521, in _handle_exception
>    self.__parent._handle_exception(exc_info)
>  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 453, in _handle_exception
>    six.reraise(*exc_info)
>  File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
>    raise value
>  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 518, in _handle_exception
>    super(ComponentBase, self)._handle_exception(exc_info)
>  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 453, in _handle_exception
>    six.reraise(*exc_info)
>  File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
>    raise value
>  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 424, in __runner
>    step()
>  File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421, in <lambda>
>    step = lambda: next(self.__gen)
>  File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
>    six.reraise(*exc_info)
>  File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
>    raise value
>  File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
>    value = gen.send(prev_value)
>  File "/usr/lib/python3.6/site-packages/ipapython/install/common.py", line 65, in _install
>    for unused in self._installer(self.parent):
>  File "/usr/lib/python3.6/site-packages/ipaserver/install/server/__init__.py", line 602, in main
>    master_install(self)
>  File "/usr/lib/python3.6/site-packages/ipaserver/install/server/install.py", line 252, in decorated
>    func(installer)
>  File "/usr/lib/python3.6/site-packages/ipaserver/install/server/install.py", line 882, in install
>    ca_is_configured=setup_ca)
>  File "/usr/lib/python3.6/site-packages/ipaserver/install/httpinstance.py", line 146, in create_instance
>    self.start_creation()
>  File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 555, in start_creation
>    run_step(full_msg, method)
>  File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 541, in run_step
>    method()
>  File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 447, in start
>    self.service.start(instance_name, capture_output=capture_output, wait=wait)
>  File "/usr/lib/python3.6/site-packages/ipaplatform/base/services.py", line 301, in start
>    skip_output=not capture_output)
>  File "/usr/lib/python3.6/site-packages/ipapython/ipautil.py", line 572, in run
>    p.returncode, arg_string, output_log, error_log
>
>2018-06-14T14:07:20Z DEBUG The ipa-server-install command failed, exception: CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'httpd.service'] returned non-zero exit status 1: 'Job for httpd.service failed because the control process exited with error code.\nSee "systemctl status httpd.service" and "journalctl -xe" for details.\n')
>2018-06-14T14:07:20Z ERROR CalledProcessError(Command ['/bin/systemctl', 'start', 'httpd.service'] returned non-zero exit status 1: 'Job for httpd.service failed because the control process exited with error code.\nSee "systemctl status httpd.service" and "journalctl -xe" for details.\n')
>2018-06-14T14:07:20Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

Actions: View

Attachments on bug 1591703: 1451883 | 1451884