[Pkg-freeipa-devel] Bug#970880: Bug#970880: freeipa-server: FreeIPA server installation fails with Certificate issuance failed (CA_REJECTED)
Жохов Александр
a.zhohov at crpt.ru
Tue Jan 5 07:29:33 GMT 2021
Good afternoon, sorry for the bad english.
Faced a similar problem.
Catalina ca logs
2021-01-05 01:07:32 [main] WARNING: Failed to scan [file:/usr/share/java/el-api-3.0.jar] from classloader hierarchy java.io.IOException: java.lang.reflect.InvocationTargetException at org.apache.tomcat.util.compat.Jre9Compat.jarFileNewInstance(Jre9Compat.java:209) at org.apache.tomcat.util.scan.JarFileUrlJar.<init>(JarFileUrlJar.java:65) at org.apache.tomcat.util.scan.JarFactory.newInstance(JarFactory.java:49) at org.apache.tomcat.util.scan.StandardJarScanner.process(StandardJarScanner.java:383) at org.apache.tomcat.util.scan.StandardJarScanner.processURLs(StandardJarScanner.java:318) at org.apache.tomcat.util.scan.StandardJarScanner.doScanClassPath(StandardJarScanner.java:270) at org.apache.tomcat.util.scan.StandardJarScanner.scan(StandardJarScanner.java:233) at org.apache.catalina.startup.ContextConfig.processJarsForWebFragments(ContextConfig.java:2137) at org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1288) at org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:985) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:303) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5082) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:717) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:690) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:706) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:631)
at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1830)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:118)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:526)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:425)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1576)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309)
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)
at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366)
at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:936)
at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:843)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1384)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1374)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:140)
at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:909)
at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardService.startInternal(StandardService.java:434)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.startup.Catalina.start(Catalina.java:772)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:342)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:477)
Caused by: java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.GeneratedConstructorAccessor7.newInstance(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at org.apache.tomcat.util.compat.Jre9Compat.jarFileNewInstance(Jre9Compat.java:206)
... 51 more
Caused by: java.nio.file.NoSuchFileException: /usr/share/java/el-api-3.0.jar
at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:92)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116)
at java.base/sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:55)
at java.base/sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:149)
at java.base/sun.nio.fs.LinuxFileSystemProvider.readAttributes(LinuxFileSystemProvider.java:99)
at java.base/java.nio.file.Files.readAttributes(Files.java:1764)
at java.base/java.util.zip.ZipFile$Source.get(ZipFile.java:1239)
at java.base/java.util.zip.ZipFile$CleanableResource.<init>(ZipFile.java:732)
at java.base/java.util.zip.ZipFile$CleanableResource.get(ZipFile.java:849) [1387/1830] at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:247)
at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:177)
at java.base/java.util.jar.JarFile.<init>(JarFile.java:348)
... 55 more
-------------
2021-01-05 01:08:26 [http-nio-8080-exec-14] INFO: CertProcessor: - req_extensions: o4HmMIHjMIGEBgNVHREEfTB7oC4GCisGAQQBgjcUAgOgIAweaG9zdC9zcnYtZnJlZWlwYTAxLnlk
YXRhLmxpbnV4oEkGBisGAQUCAqA/MD2gDRsLWURBVEEuTElOVVihLDAqoAMCAQGhIzAhGwRob3N0
GxlzcnYtZnJlZWlwYTAxLnlkYXRhLmxpbnV4MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNNC4KJ5
vclSQuXUENF0M13uJ92fMC0GCSsGAQQBgjcUAgQgHh4AYwBhAFMAdQBiAHMAeQBzAHQAZQBtAEMA
ZQByAHQ=
2021-01-05 01:08:26 [http-nio-8080-exec-14] INFO: CertProcessor: - req_subject_name: MCcxFDASBgNVBAoMC1lEQVRBLkxJTlVYMQ8wDQYDVQQDEwZJUEEgUkE=
2021-01-05 01:08:26 [http-nio-8080-exec-14] INFO: CertProcessor: - profileremotehost: 127.0.0.1
2021-01-05 01:08:26 [http-nio-8080-exec-14] INFO: CertProcessor: Submitting certificate request to caSubsystemCert profile
2021-01-05 01:08:26 [http-nio-8080-exec-14] INFO: DBSSession: adding cn=7,ou=ca,ou=requests,o=ipaca
2021-01-05 01:08:26 [http-nio-8080-exec-14] INFO: KeyConstraint: Key algorithnm: RSA
2021-01-05 01:08:26 [http-nio-8080-exec-14] INFO: KeyConstraint: Key type: RSA
2021-01-05 01:08:26 [http-nio-8080-exec-14] WARNING: Certificate request deferred: defer request
2021-01-05 01:08:26 [http-nio-8080-exec-14] INFO: Updating certificate request
2021-01-05 01:08:26 [https-jsse-nio-8443-exec-3] INFO: Getting SSL client certificate.
2021-01-05 01:08:26 [https-jsse-nio-8443-exec-3] SEVERE: ReviewReqServlet: You did not provide a valid certificate for this operation
You did not provide a valid certificate for this operation
at com.netscape.cms.servlet.base.CMSServlet.getSSLClientCertificate(CMSServlet.java:843)
at com.netscape.cms.servlet.base.CMSServlet.getSSLClientCertificate(CMSServlet.java:825)
at com.netscape.cms.servlet.base.CMSServlet.authenticate(CMSServlet.java:1685)
at com.netscape.cms.servlet.base.CMSServlet.authenticate(CMSServlet.java:1627)
at com.netscape.cms.servlet.profile.ProfileReviewServlet.process(ProfileReviewServlet.java:120)
at com.netscape.cms.servlet.base.CMSServlet.service(CMSServlet.java:494)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
at com.netscape.cms.tomcat.ExternalAuthenticationValve.invoke(ExternalAuthenticationValve.java:82)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1597)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
2021-01-05 01:08:26 [https-jsse-nio-8443-exec-3] SEVERE: Failed to authorize: You did not provide a valid certificate for this operation.
2021-01-05 01:08:27 [https-jsse-nio-8443-exec-4] INFO: DBSSession: reading cn=7,ou=ca,ou=requests,o=ipaca
2021-01-05 01:11:53 [https-jsse-nio-8443-exec-8] SEVERE: ProfileProcessServlet: No op found
2021-01-05 01:13:03 [Timer-0] INFO: SessionTimer: checking security domain sessions
2021-01-05 01:18:01 [CertStatusUpdateTask] INFO: DBVirtualList: Searching ou=certificateRepository, ou=ca, o=ipaca
Syslog
Jan 5 01:08:09 srv-freeipa01 ns-slapd[4070]: [05/Jan/2021:01:08:09.503254206 +0300] - ERR - ipalockout_getpolicy - [file ipa_lockout.c, line 294]: Failed to retrieve entry "cn=global_policy,cn=DOMAIN.LOCAL,cn=kerberos,dc=domain,dc=linux": 32 Jan 5 01:08:09 srv-freeipa01 certmonger[5797]: 2021-01-05 01:08:09 [5797] Running enrollment/cadata helper "/usr/lib/certmonger/dogtag-ipa-renew-agent-submit". Jan 5 01:08:09 srv-freeipa01 ns-slapd[4070]: [05/Jan/2021:01:08:09.506826816 +0300] - ERR - ipalockout_getpolicy - [file ipa_lockout.c, line 294]: Failed to retrieve entry "cn=global_policy,cn= DOMAIN.LOCAL,cn=kerberos,dc=domain,dc=linux": 32 Jan 5 01:08:09 srv-freeipa01 certmonger[5792]: Error opening "/etc/apache2/nssdb/pwdfile.txt": No such file or directory.
Maybe this will help in solving
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20210105/d1519f89/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list