663344 – ipa-server-install fails on importing CA chain to RA certificate database.

Bug 663344 - ipa-server-install fails on importing CA chain to RA certificate database.

Summary: ipa-server-install fails on importing CA chain to RA certificate database.

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	ipa
Sub Component:
Version:	14
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Rob Crittenden
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-12-15 13:48 UTC by Gowrishankar Rajaiyan
Modified:	2010-12-15 14:08 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-12-15 14:08:31 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
ipaserver-install.log (145.72 KB, text/plain) 2010-12-15 13:52 UTC, Gowrishankar Rajaiyan	no flags	Details
View All

Description Gowrishankar Rajaiyan 2010-12-15 13:48:54 UTC

Description of problem:


Version-Release number of selected component (if applicable):
ipa-server-1.91-0.2010121421gitcec6703.fc14.x86_64
389-ds-base-1.2.7.4-1.fc14.x86_64
pki-ca-1.3.6-1.fc14.noarch

How reproducible:
Always

Steps to Reproduce:
1. Run ipa-server-install (command used "ipa-server-install  --hostname=gsrf14ipas.lab.eng.pnq.redhat.com -r LAB.ENG.PNQ.REDHAT.COM -n lab.eng.pnq.redhat.com -p Secret123 -P Secret123 -a Secret123 -u admin -U --no-ntp")
2. 
3.
  
Actual results:
# ipa-server-install  --hostname=gsrf14ipas.lab.eng.pnq.redhat.com -r LAB.ENG.PNQ.REDHAT.COM -n lab.eng.pnq.redhat.com -p Secret123 -P Secret123 -a Secret123 -u admin -U --no-ntp

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the FreeIPA Server.

This includes:
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)

Excluded by options:
  * Configure the Network Time Daemon (ntpd)

To accept the default shown in brackets, press the Enter key.

The IPA Master Server will be configured with
Hostname:    gsrf14ipas.lab.eng.pnq.redhat.com
IP address:  10.65.201.180
Domain name: lab.eng.pnq.redhat.com

Configuring directory server for the CA: Estimated time 30 minutes
  [1/3]: creating directory server user
  [2/3]: creating directory server instance
  [3/3]: restarting directory server
done configuring pkids.
Configuring certificate server: Estimated time 36 minutes
  [1/16]: creating certificate server user
  [2/16]: creating pki-ca instance
  [3/16]: restarting certificate server
  [4/16]: configuring certificate server instance
  [5/16]: restarting certificate server
  [6/16]: creating CA agent PKCS#12 file in /root
  [7/16]: creating RA agent certificate database
  [8/16]: importing CA chain to RA certificate database
Unexpected error - see ipaserver-install.log for details:
 Unable to retrieve CA chain: request failed with HTTP status 500


Expected results:
Successful setup of IPA with no error messages.


Additional info:

Comment 1 Gowrishankar Rajaiyan 2010-12-15 13:52:32 UTC

Created attachment 468861 [details]
ipaserver-install.log

Comment 2 Simo Sorce 2010-12-15 14:08:31 UTC

This is the cause:
https://fedorahosted.org/freeipa/ticket/320

You will find instructions on how to fix it temporarily until dogtag is fixed in F14.

Note You need to log in before you can comment on or make changes to this bug.