Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1441548
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem: ipa server install fails with `--external-ca` option with following error - [22/30]: Configure HTTP to proxy connections [23/30]: restarting certificate server [24/30]: migrating certificate profiles to LDAP [error] NetworkError: cannot connect to 'https://guest42.testrelm.test:8443/ca/rest/account/login': [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579) ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR cannot connect to 'https://guest42.testrelm.test:8443/ca/rest/account/login': [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579) ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information Version-Release number of selected component (if applicable): # rpm -qa ipa-server selinux-policy 389-ds-base 389-ds-base-1.3.6.1-5.el7.x86_64 selinux-policy-3.13.1-141.el7.noarch ipa-server-4.5.0-5.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1. ipa-server-install --ip-address $(ip addr|grep "global"|cut -d " " -f6|cut -d "/" -f1|head -n 1) -r testrelm.test -p 'Secret123' -a 'Secret123' --setup-dns --forwarder 10.65.201.89 -U --external-ca 2. Generate certificate ipa.crt 3.# ipa-server-install --external_cert_file=/root/ipa-ca/ipa.crt --external_ca_file=/root/ipa-ca/ipacacert.asc Actual results: installation fails with above mentioned message Expected results: installation should be successful.
Metadata Update from @pvoborni: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1441548
Metadata Update from @pvoborni: - Issue priority set to: blocker - Issue tagged with: regression, testblocker
Metadata Update from @stlaz: - Issue assigned to stlaz
master:
ipa-4-5:
Metadata Update from @jcholast: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.