When CA-less server-install is run only with --dirsrv-cert-file and --http-cert-file, obviously the below message is shown:
--dirsrv-cert-file
--http-cert-file
ipa-server-install: error: --dirsrv-cert-file, --http-cert-file, and --pkinit-cert-file or --no-pkinit are required if any key file options are used.
Alright, seems like we need to add --pkinit-cert-file. Now, we get:
--pkinit-cert-file
ERROR Cannot create KDC PKINIT certificate and use provided external PKINIT certificate at the same time. Please choose one of them.
By looking in ipaserver/install/server/install.py around line 515, we are doing this check:
ipaserver/install/server/install.py
if options.pkinit_cert_files: if not options.no_pkinit:
which by itself is non-sensical as no_pkinit cannot be specified along with pkinit_cert_files. But lets' give it a chance and add --no-pkinit. We get:
no_pkinit
pkinit_cert_files
--no-pkinit
ipa-server-install: error: --no-pkinit and --pkinit-cert-file cannot be specified together
I am facing same issue in ipa-server-4.5.0-2.el7.x86_64
# ipa-server-install --http-cert-file 'server.p12' --dirsrv-cert-file 'server.p12' --ca-cert-file 'root.pem' --ip-address $(ip addr|grep "global"|cut -d " " -f6|cut -d "/" -f1|head -n 1) -r testrelm.test -p 'Secret123' -a 'Secret123' -U Usage: ipa-server-install [options] ipa-server-install: error: --dirsrv-cert-file, --http-cert-file, and --pkinit-cert-file or --no-pkinit are required if any key file options are used. ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
Metadata Update from @pvoborni: - Issue priority set to: blocker - Issue set to the milestone: FreeIPA 4.5.1 - Issue tagged with: refactoring
Metadata Update from @pvoborni: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1437953
Issue linked to bug 1437953
Metadata Update from @pvoborni: - Issue untagged with: refactoring - Issue tagged with: regression
Metadata Update from @stlaz: - Issue assigned to stlaz
master:
ipa-4-5:
Metadata Update from @mbasti: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.