Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1341249
Created attachment 1163261 Logs from installing the external CA Description of problem: When trying to subsequently install an external CA on a CA-less IdM installation, the setup fails, because the CA status can't be checked after restarting pki-tomcatd@pki-tomcat.service. In the ipaserver-ca-install.log logfile you can see that the URL https://vm-01.idm.example.com:8443/ca/admin/ca/getStatus returns an 404 error (Not found). Version-Release number of selected component (if applicable): ipa-server-4.2.0-15.el7_2.15.x86_64 How reproducible: Always. Steps to Reproduce: 1. Set up an IdM master without CA 2. Run "ipa-ca-install --external-ca" 3. Submit the CSR to the external CA and copy the issued certificate + CA certificate to the IdM host. 4. Continue with the CA Setup ipa-ca-install --external-cert-file=/root/vm-01.idm.example.com.crt --external-cert-file=/root/ca.crt Actual results: When continuing with the second step of the CA setup, ipa-ca-install fails: ... [13/27]: restarting certificate server ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart the Dogtag instance.See the installation log for details. Expected results: ipa-ca-install should finish successfully.
master:
ipa-4-3:
Metadata Update from @jcholast: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 4.3.3
Login to comment on this ticket.