[Pkg-freeipa-devel] Bug#970880: Bug#970880: Bug#970880: freeipa-server: FreeIPA server installation fails with Certificate issuance failed (CA_REJECTED)

[Timo Aaltonen]

On 5.1.2021 9.29, Жохов Александр wrote:
> Good afternoon, sorry for the bad english.
> 
> Faced a similar problem.
> 
> Catalina ca logs
> 
> 2021-01-05 01:07:32 [main] WARNING: Failed to scan 
> [file:/usr/share/java/el-api-3.0.jar] from classloader hierarchy 
> java.io.IOException: 
 >
> Caused by: java.nio.file.NoSuchFileException: /usr/share/java/el-api-3.0.jar

Figure out which jar is trying to search that and we'd at least get rid 
  of this error. dogtag 10.10.2-1 at least should use the correct el-api 
from tomcat9 now, but there's probably some other package which still 
doesn't.


> Syslog
> 
> Jan  5 01:08:09 srv-freeipa01 ns-slapd[4070]: 
> [05/Jan/2021:01:08:09.503254206 +0300] - ERR - ipalockout_getpolicy - 
> [file ipa_lockout.c, line 294]: Failed to retrieve entry 
> "cn=global_policy,cn=DOMAIN.LOCAL,cn=kerberos,dc=domain,dc=linux": 
> 32                                                                                  
>                                                                                                                                          Jan  5 01:08:09 srv-freeipa01 certmonger[5797]: 2021-01-05 01:08:09 [5797] Running enrollment/cadata helper "/usr/lib/certmonger/dogtag-ipa-renew-agent-submit".                                                                     Jan  5 01:08:09 srv-freeipa01 ns-slapd[4070]: [05/Jan/2021:01:08:09.506826816 +0300] - ERR - ipalockout_getpolicy - [file ipa_lockout.c, line 294]: Failed to retrieve entry "cn=global_policy,cn= DOMAIN.LOCAL,cn=kerberos,dc=domain,dc=linux": 32                                                        Jan  5 01:08:09 srv-freeipa01 certmonger[5792]: Error opening "/etc/apache2/nssdb/pwdfile.txt": No such file or directory.

That certdb isn't used anymore, so I don't know how you got that.


-- 
t