https://bugzilla.redhat.com/show_bug.cgi?id=716996
Description of problem: When running ipaserver-install and choosing a Directory Manager password with a backslash in it, ipaserver-install will fail with a cryptic Exception: ERROR: Tag=CertReqPair has no values tag=Nickname value=caSigningCert cert-pki-ca tag=Nickname value=ocspSigningCert cert-pki-ca tag=Nickname value=Server-Cert cert-pki-ca tag=Nickname value=subsystemCert cert-pki-ca tag=Nickname value=auditSigningCert cert-pki-ca req_list_size=5 cert_list_size=0 dn_list_size=5 Exception in CertSubjectPanel(): java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 ERROR: ConfigureCA: CertSubjectPanel() failure ERROR: unable to create CA ####################################################################### 2011-06-27 20:56:20,748 DEBUG stderr=java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 at java.util.ArrayList.RangeCheck(ArrayList.java:547) at java.util.ArrayList.get(ArrayList.java:322) at ConfigureCA.CertSubjectPanel(ConfigureCA.java:733) at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1316) at ConfigureCA.main(ConfigureCA.java:1761) 2011-06-27 20:56:20,748 CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname ipa01.office.aboveit.nl -cs_port 9445 -client_certdb_dir /tmp/tmp-kI8P1V -client_certdb_pwd 'XXXXXXXX' -preop_pin ly77FHMU7qr5auedXRdj -domain_name IPA -admin_user admin -admin_email root@localhost -admin_password 'XXXXXXXX' -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject "CN=ipa-ca-agent,O=ABOVEIT" -ldap_host ipa01.office.aboveit.nl -ldap_port 7389 -bind_dn "cn=Directory Manager" -bind_password 'XXXXXXXX' -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd 'XXXXXXXX' -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name "CN=CA Subsystem,O=ABOVEIT" -ca_ocsp_cert_subject_name "CN=OCSP Subsystem,O=ABOVEIT" -ca_server_cert_subject_name "CN=ipa01.office.aboveit.nl,O=ABOVEIT" -ca_audit_signing_cert_subject_name "CN=CA Audit,O=ABOVEIT" -ca_sign_cert_subject_name "CN=Certificate Authority,O=ABOVEIT" -external false -clone false' returned non-zero exit status 255 2011-06-27 20:56:20,749 DEBUG Configuration of CA failed File "/usr/sbin/ipa-server-install", line 944, in <module> sys.exit(main()) File "/usr/sbin/ipa-server-install", line 734, in main subject_base=options.subject) File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 539, in configure_instance self.start_creation("Configuring certificate server", 360) File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 301, in start_creation method() File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 678, in __configure_instance raise RuntimeError('Configuration of CA failed') Version-Release number of selected component (if applicable): RHEL6.1, up-to-date as per report date. ipa-pki-ca-theme-9.0.3-6.el6.noarch python-iniparse-0.3.1-2.1.el6.noarch ipa-client-2.0.0-23.el6_1.1.x86_64 ipa-server-2.0.0-23.el6_1.1.x86_64 ipa-pki-common-theme-9.0.3-6.el6.noarch ipa-admintools-2.0.0-23.el6_1.1.x86_64 ipa-server-selinux-2.0.0-23.el6_1.1.x86_64 ipa-python-2.0.0-23.el6_1.1.x86_64 pki-symkey-9.0.3-10.el6.x86_64 pki-util-9.0.3-10.el6.noarch pki-silent-9.0.3-10.el6.noarch ipa-pki-ca-theme-9.0.3-6.el6.noarch pki-native-tools-9.0.3-10.el6.x86_64 pki-java-tools-9.0.3-10.el6.noarch pki-setup-9.0.3-10.el6.noarch pki-ca-9.0.3-10.el6.noarch ipa-pki-common-theme-9.0.3-6.el6.noarch pki-selinux-9.0.3-10.el6.noarch pki-common-9.0.3-10.el6.noarch krb5-pkinit-openssl-1.9-9.el6.x86_64 How reproducible: Run ipaserver-install; when asked for the Directory Manager password input a password with a backslash in it. Afterwards, you can check by redoing the same install but choosing another pw withouth the backslash, which will be allright. Additional info: I'm pretty sure there's supposed to be more than just subject_base on that line referencing line 734
master: 209bcb0
ipa-2-1: 428d8c4
Metadata Update from @mkosek: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 2.1.2 (bug fixing)
Login to comment on this ticket.