#320 Installation on f14beta fails when trying to setup PKI
Closed: Fixed None Opened 10 years ago by simo.

This is the install output when it fails:

Configuring directory server for the CA:
  [1/4]: creating directory server user
  [2/4]: creating directory server instance
  [3/4]: configuring directory to start on boot
  [4/4]: restarting directory server
done configuring pkids.
Configuring certificate server:
  [1/16]: creating certificate server user
  [2/16]: creating pki-ca instance
  [3/16]: restarting certificate server
  [4/16]: configuring certificate server instance
  [5/16]: restarting certificate server
  [6/16]: creating CA agent PKCS#12 file in /root
  [7/16]: creating RA agent certificate database
  [8/16]: importing CA chain to RA certificate database
Unexpected error - see ipaserver-install.log for details:
 must be string or buffer, not None

Attached find logfiles

dirsrv PKI-IPA instance access file

Filed defect https://bugzilla.redhat.com/show_bug.cgi?id=643449

The problem seems rooted in not being able to retrieve the CA certificate chain on the unsecure port 9180.

The issue is casued by a java class org.apache.xml.serializer.TreeWalker (package org.apache.xml.serializer) which is not in the java CLASSPATH when starting pki-ca. As a result of this issue, the pki-ca can't display the CA certificate and gives a 500 internal server error instead.

The issue can be easily solved by:

ln -s %{_javadir}/xalan-j2-serializer.jar /usr/share/tomcat5/common/lib/xalan-j2-serializer.jar

The change is best to be done in pki-common package. I already contacted pki-common maintainer to see if they can do this or if we have to find some kind of workaround.

New release of pki-ca addressing the issue is already in ipa nightly repository and will be released soon in Fedora. Closing the ticket.

Metadata Update from @simo:
- Issue assigned to jzeleny
- Issue set to the milestone: FreeIPA 2.0 - 2011/01 (cleanup)

4 years ago

Login to comment on this ticket.