[Pkg-freeipa-devel] Bug#970880: freeipa-server: FreeIPA server installation fails with Certificate issuance failed (CA_REJECTED)

Ferran Obón ferran.obon at gmail.com
Thu Sep 24 22:30:45 BST 2020 

Package: freeipa-server
Version: 4.8.8-2
Severity: important
X-Debbugs-Cc: ferran.obon at gmail.com

Dear Maintainer,

On a fresh install of Debian, the command ipa-server-install ends with the following error:
RuntimeError: Certificate issuance failed (CA_REJECTED: Server at "https://debian.test.lan:8443/ca/agent/ca//profileProcess" replied:  1: You did not provide a valid certificate for this operation).


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.8.0-2-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages freeipa-server depends on:
ii  389-ds-base                     1.4.4.4-1
ii  acl                             2.2.53-8
ii  adduser                         3.118
ii  apache2                         2.4.46-1
ii  certmonger                      0.79.11-1
ii  chrony                          3.5.1-2
ii  custodia                        0.6.0-5
ii  fonts-font-awesome              5.0.10+really4.7.0~dfsg-2
ii  fonts-open-sans                 1.11-1
ii  freeipa-client                  4.8.8-2
ii  freeipa-common                  4.8.8-2
ii  gssproxy                        0.8.2-2
ii  krb5-admin-server               1.17-10
ii  krb5-kdc                        1.17-10
ii  krb5-kdc-ldap                   1.17-10
ii  krb5-otp                        1.17-10
ii  krb5-pkinit                     1.17-10
ii  ldap-utils                      2.4.53+dfsg-1
ii  libapache2-mod-auth-gssapi      1.6.1-1
ii  libapache2-mod-lookup-identity  1.0.0-1
ii  libapache2-mod-wsgi-py3         4.7.1-2
ii  libc6                           2.31-3
ii  libjs-dojo-core                 1.15.3+dfsg1-1
ii  libjs-jquery                    3.5.1+dfsg-4
ii  libjs-scriptaculous             1.9.0-2
ii  libk5crypto3                    1.17-10
ii  libkrad0                        1.17-10
ii  libkrb5-3                       1.17-10
ii  libldap-2.4-2                   2.4.53+dfsg-1
ii  libnss3-tools                   2:3.56-1
ii  libsasl2-modules-gssapi-mit     2.1.27+dfsg-2
ii  libssl1.1                       1.1.1g-1
ii  libsss-certmap0                 2.3.1-2
ii  libsss-nss-idmap0               2.3.1-2
ii  libtalloc2                      2.3.1-1
ii  libunistring2                   0.9.10-4
ii  libuuid1                        2.36-3+b1
ii  libverto1                       0.3.1-1
ii  libwbclient0                    2:4.12.5+dfsg-3
ii  oddjob                          0.34.6-1
ii  p11-kit                         0.23.21-2
ii  pki-ca                          10.9.4-1
ii  pki-kra                         10.9.4-1
ii  python3                         3.8.2-3
ii  python3-dateutil                2.8.1-4
ii  python3-gssapi                  1.6.1-1+b1
ii  python3-ipaserver               4.8.8-2
ii  python3-ldap                    3.2.0-4+b1
ii  python3-systemd                 234-3+b2
ii  samba-libs                      2:4.12.5+dfsg-3
ii  slapi-nis                       0.56.4-1
ii  softhsm2                        2.6.1-2
ii  ssl-cert                        1.0.39
ii  sssd-dbus                       2.3.1-2
ii  systemd-sysv                    246.6-1

Versions of packages freeipa-server recommends:
ii  freeipa-server-dns  4.8.8-2

freeipa-server suggests no packages.

-- no debconf information

More information about the Pkg-freeipa-devel mailing list