[Fail] ipareplica: Install - Setup CA

[RomanButsiy]

Hi there,

Versions

ansible-playbook 2.9.9
freeipa 4.9.1
ansible-freeipa 1.5.3 (I tried a few versions)
os fedora33

My inventory

[ipaserver]
isv-s-ipa-srv-01.my-hostname.com ansible_host=10.0.0.218

[ipaserver:vars]
ansible_user=root
ipaserver_setup_kra=yes
ipaserver_setup_dns=yes
ipaserver_forwarders=8.8.8.8
ipaserver_forward_policy=first
ipaserver_setup_firewalld=no

[ipareplicas]
isv-s-ipa-repl-02.my-hostname.com ansible_host=10.0.0.217

[ipareplicas:vars]
ansible_user=root
ipareplica_servers=isv-s-ipa-srv-01.my-hostname.com
ipareplica_setup_ca=yes
#ipareplica_setup_kra=yes
ipareplica_setup_dns=yes
ipareplica_forwarders=8.8.8.8
ipareplica_forward_policy=first
ipareplica_setup_firewalld=no

[ipaclients]

[ipaclients:vars]
ansible_user=centos

[ipacluster:children]
ipaserver
ipaclients
ipareplicas

[ipacluster:vars]
ipaserver_domain=my-hostname.com
ipaserver_realm=MY-HOSTNAME.COM
ipaclient_force_join=yes
ipaclient_mkhomedir=yes
ipaserver_allow_zone_overlap=yes
ansible_port="22"
ansible_ssh_private_key_file= '~/.ssh/id_rsa'
ansible_python_interpreter=auto
repo_link=http://10.192.0.162/freeipa/
ipaadmin_password="{{ lookup('env','IPAADMIN_PASSWORD') }}"
ipadm_password="{{ lookup('env','IPADM_PASSWORD') }}"
freeipa_version_to_install=4.9.1

I have a FreeIPA server and a few replicas, I'm trying to add new one and get the next error:

TASK [ipareplica : Install - Setup CA] ***********************
fatal: [isv-s-ipa-repl-02.my-hostname.com]: FAILED! => {"changed": false, "module_stderr": "Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmprz_brnmr', '--debug'] returned non-zero exit status 1: 'INFO: Connecting to LDAP server at ldaps://isv-s-ipa-repl-02.my-hostname.com:636\\nINFO: Connecting to LDAP server at ldaps://isv-s-ipa-repl-02.my-hostname.com:636\\nINFO: Connecting to security domain at https://isv-s-ipa-srv-01.my-hostname.com:443\\nINFO: Certificate chain: /etc/ipa/ca.crt\\nINFO: Getting security domain info\\nINFO: Logging into security domain IPA\\nDEBUG: Installing Maven dependencies: False\\nINFO: BEGIN spawning CA subsystem in pki-tomcat instance\\nINFO: Loading instance: pki-tomcat\\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\\nINFO: Setting up pkiuser group\\nINFO: Reusing existing pkiuser group with GID 17\\nINFO: Setting up pkiuser user\\nINFO: Reusing existing pkiuser user with UID 17\\nDEBUG: Retrieving UID for \\'pkiuser\\'\\nDEBUG: UID of \\'pkiuser\\' is 17\\nDEBUG: Retrieving GID for \\'pkiuser\\'\\nDEBUG: GID of \\'pkiuser\\' is 17\\nINFO: Initialization\\nINFO: Setting up infrastructure\\nINFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat\\nDEBUG: Command: mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat\\nDEBUG: Command: chmod 770 /etc/sysconfig/pki/tomcat/pki-tomcat\\nDEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat\\nINFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca\\nDEBUG: Command: mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca\\nDEBUG: Command: chmod 770 /etc/sysconfig/pki/tomcat/pki-tomcat/ca\\nDEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca\\nINFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg\\nDEBUG: Command: cp -p /usr/share/pki/server/etc/default.cfg /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg\\nDEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg\\nDEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg\\nDEBUG: Command: touch /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg\\nDEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg\\nDEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg\\nINFO: Creating /var/lib/pki/pki-tomcat\\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat\\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat\\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat\\nINFO: Creating /var/lib/pki/pki-tomcat/ca\\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/ca\\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/ca\\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/ca\\nINFO: Preparing pki-tomcat instance\\nINFO: Loading instance: pki-tomcat\\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\\nINFO: Creating /etc/pki/pki-tomcat\\nDEBUG: Command: mkdir /etc/pki/pki-tomcat\\nINFO: Creating /etc/pki/pki-tomcat/password.conf\\nINFO: Using specified server NSS database password\\nINFO: Using specified internal database password\\nINFO: Generating random replication manager password\\nINFO: Creating /var/log/pki/pki-tomcat\\nDEBUG: Command: mkdir -p /var/log/pki/pki-tomcat\\nDEBUG: Command: chmod 770 /var/log/pki/pki-tomcat\\nDEBUG: Command: chown 17:17 /var/log/pki/pki-tomcat\\nINFO: Creating /etc/pki/pki-tomcat/tomcat.conf\\nDEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/pki/pki-tomcat/tomcat.conf\\nINFO: Creating /etc/pki/pki-tomcat/server.xml\\nDEBUG: Command: cp /usr/share/pki/server/conf/server.xml /etc/pki/pki-tomcat/server.xml\\nINFO: Creating /etc/pki/pki-tomcat/catalina.properties\\nDEBUG: Command: ln -s /usr/share/pki/server/conf/catalina.properties /etc/pki/pki-tomcat/catalina.properties\\nINFO: Creating /etc/pki/pki-tomcat/context.xml\\nDEBUG: Command: ln -s /etc/tomcat/context.xml /etc/pki/pki-tomcat/context.xml\\nINFO: Creating /etc/pki/pki-tomcat/logging.properties\\nDEBUG: Command: ln -s /usr/share/pki/server/conf/logging.properties /etc/pki/pki-tomcat/logging.properties\\nINFO: Creating /etc/sysconfig/pki-tomcat\\nDEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/sysconfig/pki-tomcat\\nINFO: Creating /etc/pki/pki-tomcat/tomcat.conf\\nDEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/pki/pki-tomcat/tomcat.conf\\nINFO: Creating /etc/pki/pki-tomcat/web.xml\\nDEBUG: Command: ln -s /etc/tomcat/web.xml /etc/pki/pki-tomcat/web.xml\\nINFO: Creating /etc/pki/pki-tomcat/Catalina\\nDEBUG: Command: mkdir /etc/pki/pki-tomcat/Catalina\\nINFO: Creating /etc/pki/pki-tomcat/Catalina/localhost\\nDEBUG: Command: mkdir /etc/pki/pki-tomcat/Catalina/localhost\\nINFO: Deploying ROOT web application\\nINFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml\\nINFO: Deploying /pki web application\\nINFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/pki.xml\\nINFO: Creating /var/lib/pki/pki-tomcat/lib\\nDEBUG: Command: ln -s /usr/share/pki/server/lib /var/lib/pki/pki-tomcat/lib\\nINFO: Creating /var/lib/pki/pki-tomcat/common\\nDEBUG: Command: mkdir /var/lib/pki/pki-tomcat/common\\nINFO: Creating /var/lib/pki/pki-tomcat/common/lib\\nDEBUG: Command: ln -s /usr/share/pki/server/common/lib /var/lib/pki/pki-tomcat/common/lib\\nINFO: Creating /var/lib/pki/pki-tomcat/temp\\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/temp\\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/temp\\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/temp\\nINFO: Creating /var/lib/pki/pki-tomcat/work\\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work\\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work\\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work\\nINFO: Creating /var/lib/pki/pki-tomcat/work/Catalina\\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina\\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina\\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina\\nINFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost\\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost\\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost\\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost\\nINFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost/_\\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/_\\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost/_\\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost/_\\nINFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca\\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca\\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca\\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca\\nINFO: Creating /var/lib/pki/pki-tomcat/bin\\nDEBUG: Command: ln -s /usr/share/tomcat/bin /var/lib/pki/pki-tomcat/bin\\nDEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/bin\\nINFO: Creating /var/lib/pki/pki-tomcat/pki-tomcat\\nDEBUG: Command: ln -s /usr/sbin/tomcat /var/lib/pki/pki-tomcat/pki-tomcat\\nDEBUG: Command: chown -h 0:0 /var/lib/pki/pki-tomcat/pki-tomcat\\nDEBUG: Command: systemctl daemon-reload\\nINFO: Creating /var/lib/pki/pki-tomcat/conf\\nDEBUG: Command: ln -s /etc/pki/pki-tomcat /var/lib/pki/pki-tomcat/conf\\nDEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/conf\\nINFO: Creating /var/lib/pki/pki-tomcat/logs\\nDEBUG: Command: ln -s /var/log/pki/pki-tomcat /var/lib/pki/pki-tomcat/logs\\nDEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/logs\\nINFO: Creating /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service\\nDEBUG: Command: ln -s /lib/systemd/system/pki-tomcatd@.service /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service\\nDEBUG: Command: chown -h 17:17 /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service\\nINFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\\nDEBUG: Command: cp /usr/share/pki/setup/pkidaemon_registry /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\\nINFO: Creating CA subsystem\\nINFO: Creating /var/log/pki/pki-tomcat/ca\\nDEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca\\nINFO: Creating /var/log/pki/pki-tomcat/ca/archive\\nDEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca/archive\\nINFO: Creating /var/log/pki/pki-tomcat/ca/signedAudit\\nDEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca/signedAudit\\nINFO: Creating /etc/pki/pki-tomcat/ca\\nDEBUG: Command: mkdir /etc/pki/pki-tomcat/ca\\nINFO: Creating /etc/pki/pki-tomcat/ca/CS.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/conf/CS.cfg /etc/pki/pki-tomcat/ca/CS.cfg\\nINFO: Creating /etc/pki/pki-tomcat/ca/registry.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/conf/registry.cfg /etc/pki/pki-tomcat/ca/registry.cfg\\nINFO: Creating /var/lib/pki/pki-tomcat/ca/emails\\nDEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/emails\\nDEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJobItem /var/lib/pki/pki-tomcat/ca/emails/ExpiredUnpublishJobItem\\nDEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA.html /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_RA.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/riq1Summary.html /var/lib/pki/pki-tomcat/ca/emails/riq1Summary.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Summary.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1Summary.txt\\nDEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA /var/lib/pki/pki-tomcat/ca/emails/certIssued_RA\\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA.html /var/lib/pki/pki-tomcat/ca/emails/certRevoked_RA.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA.html /var/lib/pki/pki-tomcat/ca/emails/certIssued_CA.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Item.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1Item.txt\\nDEBUG: Command: cp /usr/share/pki/ca/emails/publishCertsItem.html /var/lib/pki/pki-tomcat/ca/emails/publishCertsItem.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/euJob1.html /var/lib/pki/pki-tomcat/ca/emails/euJob1.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRequestRejected.html /var/lib/pki/pki-tomcat/ca/emails/certRequestRejected.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA.html /var/lib/pki/pki-tomcat/ca/emails/certIssued_RA.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA /var/lib/pki/pki-tomcat/ca/emails/certIssued_CA\\nDEBUG: Command: cp /usr/share/pki/ca/emails/riq1Item.html /var/lib/pki/pki-tomcat/ca/emails/riq1Item.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/publishCerts.html /var/lib/pki/pki-tomcat/ca/emails/publishCerts.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA.html /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_CA.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA /var/lib/pki/pki-tomcat/ca/emails/certRevoked_CA\\nDEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1.txt\\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA /var/lib/pki/pki-tomcat/ca/emails/certRevoked_RA\\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA.html /var/lib/pki/pki-tomcat/ca/emails/certRevoked_CA.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/euJob1Item.html /var/lib/pki/pki-tomcat/ca/emails/euJob1Item.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJob /var/lib/pki/pki-tomcat/ca/emails/ExpiredUnpublishJob\\nDEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_CA\\nDEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_RA\\nINFO: Creating /var/lib/pki/pki-tomcat/ca/profiles/ca\\nDEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/profiles\\nDEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/profiles/ca\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCUserSignedCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUUIDdeviceCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUUIDdeviceCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthTransportCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCocspCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCocspCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSigningECUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECSimpleCMCUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInstallCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInstallCACert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECInternalAuthServerCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_DirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_DirUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSimpleCMCUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRAserverCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caIPAserviceCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirPinUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDirPinUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCcaCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraStorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCkraStorageCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caStorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caStorageCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSigningUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirPinUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirPinUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caEncECUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDirUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECServerCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCACert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCserverCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAdminCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDualCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/ECAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/ECAdminCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECServerCertWithSCT.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/DomainController.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/DomainController.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCauditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCauditSigningCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECSubsystemCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/acmeServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/acmeServerCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOCSPCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caOCSPCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirBasedDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirBasedDualCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCertWithSCT.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentServerCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECserverCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDualCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caManualRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caManualRenewal.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTransportCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAagentCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRAagentCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthSubsystemCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualRAuserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDualRAuserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentFileSigning.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentFileSigning.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOtherCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caOtherCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthServerCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/AdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/AdminCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAuditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAuditSigningCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caJarSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caJarSigningCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSubsystemCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSignedLogCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSignedLogCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRACert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserSignedCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRouterCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRouterCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthOCSPCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthOCSPCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserRenewal.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECsubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECsubsystemCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenMSLoginEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenMSLoginEnrollment.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSSLClientSelfRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSSLClientSelfRenewal.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_UserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_UserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCrossSignedCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCrossSignedCACert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserSMIMEcapCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUserSMIMEcapCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRARouterCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRARouterCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCkraTransportCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCsubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCsubsystemCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECAdminCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTPSCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTPSCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caEncUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCSharedTokenCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAgentServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECAgentServerCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg\\nINFO: Creating /etc/pki/pki-tomcat/ca/flatfile.txt\\nDEBUG: Command: cp /usr/share/pki/ca/conf/flatfile.txt /etc/pki/pki-tomcat/ca/flatfile.txt\\nINFO: Creating /etc/pki/pki-tomcat/ca/adminCert.profile\\nDEBUG: Command: cp /usr/share/pki/ca/conf/rsaAdminCert.profile /etc/pki/pki-tomcat/ca/adminCert.profile\\nINFO: Creating /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile\\nDEBUG: Command: cp /usr/share/pki/ca/conf/caAuditSigningCert.profile /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile\\nINFO: Creating /etc/pki/pki-tomcat/ca/caCert.profile\\nDEBUG: Command: cp /usr/share/pki/ca/conf/caCert.profile /etc/pki/pki-tomcat/ca/caCert.profile\\nINFO: Creating /etc/pki/pki-tomcat/ca/caOCSPCert.profile\\nDEBUG: Command: cp /usr/share/pki/ca/conf/caOCSPCert.profile /etc/pki/pki-tomcat/ca/caOCSPCert.profile\\nINFO: Creating /etc/pki/pki-tomcat/ca/serverCert.profile\\nDEBUG: Command: cp /usr/share/pki/ca/conf/rsaServerCert.profile /etc/pki/pki-tomcat/ca/serverCert.profile\\nINFO: Creating /etc/pki/pki-tomcat/ca/subsystemCert.profile\\nDEBUG: Command: cp /usr/share/pki/ca/conf/rsaSubsystemCert.profile /etc/pki/pki-tomcat/ca/subsystemCert.profile\\nINFO: Creating /etc/pki/pki-tomcat/ca/proxy.conf\\nDEBUG: Command: cp /usr/share/pki/ca/conf/proxy.conf /etc/pki/pki-tomcat/ca/proxy.conf\\nINFO: Creating /var/lib/pki/pki-tomcat/ca/conf\\nDEBUG: Command: ln -s /etc/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/conf\\nINFO: Creating /var/lib/pki/pki-tomcat/ca/logs\\nDEBUG: Command: ln -s /var/log/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/logs\\nINFO: Creating /var/lib/pki/pki-tomcat/ca/registry\\nDEBUG: Command: ln -s /etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat/ca/registry\\nINFO: Loading instance: pki-tomcat\\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\\nDEBUG: - user: pkiuser\\nDEBUG: - group: pkiuser\\nINFO: Getting signing cert info from CS.cfg\\nINFO: Getting ocsp_signing cert info from CS.cfg\\nINFO: Getting sslserver cert info from CS.cfg\\nINFO: Getting subsystem cert info from CS.cfg\\nINFO: Getting audit_signing cert info from CS.cfg\\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\\nINFO: Deploying /ca web application\\nINFO: Loading instance: pki-tomcat\\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\\nDEBUG: - user: pkiuser\\nDEBUG: - group: pkiuser\\nINFO: Creating /var/lib/pki/pki-tomcat/ca/webapps\\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/ca/webapps\\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/ca/webapps\\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/ca/webapps\\nINFO: Setting up ownerships, permissions, and ACLs on /var/lib/pki/pki-tomcat/ca/webapps\\nINFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/ca.xml\\nINFO: Loading instance: pki-tomcat\\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\\nDEBUG: - user: pkiuser\\nDEBUG: - group: pkiuser\\nINFO: Creating password file: /etc/pki/pki-tomcat/pfile\\nINFO: Updating /etc/pki/pki-tomcat/password.conf\\nDEBUG: Command: chmod 660 /etc/pki/pki-tomcat/password.conf\\nDEBUG: Command: chown 17:17 /etc/pki/pki-tomcat/password.conf\\nINFO: Creating /etc/pki/pki-tomcat/alias\\nDEBUG: Command: mkdir /etc/pki/pki-tomcat/alias\\nINFO: Creating NSS database: /etc/pki/pki-tomcat/alias\\nDEBUG: Command: certutil -N -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile\\nDEBUG: Command: ln -s /etc/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/alias\\nDEBUG: Command: ln -s /var/lib/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/ca/alias\\nDEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -C /etc/pki/pki-tomcat/pfile pkcs12-import --pkcs12 /tmp/ca.p12 --password-file /tmp/tmpjfev8p46/password.txt --debug\\nINFO: Certificates in PKCS #12 file:\\nINFO: Java command: /usr/bin/env java -cp /usr/share/pki/lib/* -Djava.util.logging.config.file=/usr/share/pki/etc/logging.properties com.netscape.cmstools.cli.MainCLI -d /etc/pki/pki-tomcat/alias -C /etc/pki/pki-tomcat/pfile --debug pkcs12-cert-find --pkcs12 /tmp/ca.p12 --password-file /tmp/tmpjfev8p46/password.txt --debug\\nINFO: Server URL: https://isv-s-ipa-repl-02.my-hostname.com:8443\\nINFO: Loading NSS password from /etc/pki/pki-tomcat/pfile\\nINFO: NSS database: /etc/pki/pki-tomcat/alias\\nINFO: Message format: null\\nINFO: Command: pkcs12-cert-find --pkcs12 /tmp/ca.p12 --password-file /tmp/tmpjfev8p46/password.txt --debug\\nINFO: Module: pkcs12\\nINFO: Module: cert\\nINFO: Module: find\\nINFO: Initializing NSS\\nINFO: Logging into internal token\\nINFO: Using internal token\\nINFO: - caSigningCert cert-pki-ca\\nINFO: - ocspSigningCert cert-pki-ca\\nINFO: - auditSigningCert cert-pki-ca\\nINFO: - subsystemCert cert-pki-ca\\nINFO: Importing CA certificates:\\nINFO: Importing user certificates:\\nINFO: - caSigningCert cert-pki-ca\\nINFO: - ocspSigningCert cert-pki-ca\\nINFO: - auditSigningCert cert-pki-ca\\nINFO: - subsystemCert cert-pki-ca\\nINFO: Java command: /usr/bin/env java -cp /usr/share/pki/lib/* -Djava.util.logging.config.file=/usr/share/pki/etc/logging.properties com.netscape.cmstools.cli.MainCLI -d /etc/pki/pki-tomcat/alias -C /etc/pki/pki-tomcat/pfile --debug pkcs12-import --pkcs12 /tmp/ca.p12 --password-file /tmp/tmpjfev8p46/password.txt --debug caSigningCert cert-pki-ca ocspSigningCert cert-pki-ca auditSigningCert cert-pki-ca subsystemCert cert-pki-ca\\nINFO: Server URL: https://isv-s-ipa-repl-02.my-hostname.com:8443\\nINFO: Loading NSS password from /etc/pki/pki-tomcat/pfile\\nINFO: NSS database: /etc/pki/pki-tomcat/alias\\nINFO: Message format: null\\nINFO: Command: pkcs12-import --pkcs12 /tmp/ca.p12 --password-file /tmp/tmpjfev8p46/password.txt --debug \"caSigningCert cert-pki-ca\" \"ocspSigningCert cert-pki-ca\" \"auditSigningCert cert-pki-ca\" \"subsystemCert cert-pki-ca\"\\nINFO: Module: pkcs12\\nINFO: Module: import\\nINFO: Initializing NSS\\nINFO: Logging into internal token\\nINFO: Using internal token\\nDEBUG: Command: certutil -M -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile -n caSigningCert cert-pki-ca -t CTu,Cu,Cu\\nDEBUG: Command: certutil -M -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile -n auditSigningCert cert-pki-ca -t u,u,Pu\\nDEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias\\nDEBUG: Result of CA certificate export: \\nINFO: Command: certutil -L -d /etc/pki/pki-tomcat/alias -h internal -n Directory Server CA certificate -f /etc/pki/pki-tomcat/pfile\\nINFO: Importing Directory Server CA certificate cert from /etc/ipa/ca.crt\\nDEBUG: Command: certutil -A -d /etc/pki/pki-tomcat/alias -h internal -n Directory Server CA certificate -t CT,CT,CT -i /etc/ipa/ca.crt -f /etc/pki/pki-tomcat/pfile\\nINFO: Removing /etc/pki/pki-tomcat/pfile\\nDEBUG: Command: rm -f /etc/pki/pki-tomcat/pfile\\nINFO: Getting signing cert info from CS.cfg\\nINFO: Getting ocsp_signing cert info from CS.cfg\\nINFO: Getting sslserver cert info from CS.cfg\\nINFO: Getting subsystem cert info from CS.cfg\\nINFO: Getting audit_signing cert info from CS.cfg\\nINFO: Injecting SAN: False\\nINFO: SSL server cert SAN: \\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\\nINFO: Creating /root/.dogtag/pki-tomcat/ca\\nDEBUG: Command: mkdir -p /root/.dogtag/pki-tomcat/ca\\nDEBUG: Command: chmod 755 /root/.dogtag/pki-tomcat/ca\\nDEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/ca\\nINFO: Creating password file: /root/.dogtag/pki-tomcat/ca/password.conf\\nINFO: Updating /root/.dogtag/pki-tomcat/ca/password.conf\\nDEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/ca/password.conf\\nDEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/ca/password.conf\\nINFO: Storing PKCS #12 password in /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf\\nINFO: Updating /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf\\nDEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf\\nDEBUG: Command: chown 17:17 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf\\nDEBUG: Command: mkdir /root/.dogtag/pki-tomcat/ca/alias\\nDEBUG: Command: certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf\\nINFO: Creating SELinux contexts\\nINFO: Generating system keys\\nINFO: Loading instance: pki-tomcat\\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\\nDEBUG: - user: pkiuser\\nDEBUG: - group: pkiuser\\nINFO: Configuring subsystem\\nINFO: Loading instance: pki-tomcat\\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\\nDEBUG: - user: pkiuser\\nDEBUG: - group: pkiuser\\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\\nINFO: Checking existing SSL server cert: Server-Cert cert-pki-ca\\nDEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpr_671lf1/password.txt -n Server-Cert cert-pki-ca -a\\nINFO: Creating temp SSL server cert for isv-s-ipa-repl-02.my-hostname.com\\nDEBUG: Command: openssl rand -out /tmp/tmpbspcvqtm/noise 2048\\nDEBUG: Command: certutil -R -d /etc/pki/pki-tomcat/alias -k rsa -g 2048 -z /tmp/tmpbspcvqtm/noise -f /tmp/tmpbspcvqtm/password.txt -s cn=isv-s-ipa-repl-02.my-hostname.com,o=2021-12-29 12:52:59 -o /tmp/tmpbspcvqtm/request.bin\\nDEBUG: Command: certutil -C -d /etc/pki/pki-tomcat/alias -x -f /tmp/tmpwxe3qyjk/password.txt -a -i /tmp/tmpze5xxg1s/sslserver.csr -o /tmp/tmpze5xxg1s/sslserver.crt -m 0 -v 12\\nDEBUG: Command: certutil -A -d /etc/pki/pki-tomcat/alias -f /tmp/tmpwxe3qyjk/internal_password.txt -n Server-Cert cert-pki-ca -a -i /tmp/tmpze5xxg1s/sslserver.crt -t CTu,CTu,CTu\\nNotice: Trust flag u is set automatically if the private key is present.\\nINFO: Joining existing domain\\nINFO: Searching for isv-s-ipa-srv-01.my-hostname.com:443\\nINFO: - isv-s-ipa-srv-01.my-hostname.com:443\\nINFO: Getting install token\\nINFO: Using CA at https://isv-s-ipa-repl-02.my-hostname.com:443\\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\\nINFO: Requesting ranges from CA master\\nINFO: Requesting request ID range\\nDEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/password.conf -U https://isv-s-ipa-srv-01.my-hostname.com:443 ca-range-request request --install-token /tmp/tmpydgfdw40/install-token --output-format json --debug\\nINFO: Connecting to https://isv-s-ipa-srv-01.my-hostname.com:443\\nINFO: HTTP request: GET /pki/rest/info HTTP/1.1\\nINFO:   Accept: application/xml\\nINFO:   Host: isv-s-ipa-srv-01.my-hostname.com:443\\nINFO:   Connection: Keep-Alive\\nINFO:   User-Agent: Apache-HttpClient/4.5.10 (Java/11.0.13)\\nINFO: Server certificate: CN=*.my-hostname.com\\nWARNING: UNTRUSTED ISSUER encountered on \\'CN=*.my-hostname.com\\' indicates a non-trusted CA cert \\'CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB\\'\\nTrust this certificate (y/N)? ERROR: java.lang.NullPointerException\\nSEVERE: FATAL: SSL alert sent: BAD_CERTIFICATE\\njavax.ws.rs.ProcessingException: RESTEASY004655: Unable to invoke request\\n\\tat org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine.invoke(ApacheHttpClient4Engine.java:317)\\n\\tat org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:442)\\n\\tat org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:106)\\n\\tat org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76)\\n\\tat com.sun.proxy.$Proxy23.getInfo(Unknown Source)\\n\\tat org.dogtagpki.common.InfoClient.getInfo(InfoClient.java:43)\\n\\tat com.netscape.certsrv.client.PKIClient.getInfo(PKIClient.java:221)\\n\\tat com.netscape.cmstools.cli.MainCLI.getClient(MainCLI.java:597)\\n\\tat org.dogtagpki.cli.CLI.getClient(CLI.java:201)\\n\\tat com.netscape.cmstools.ca.CACLI.getSubsystemClient(CACLI.java:64)\\n\\tat com.netscape.cmstools.range.RangeRequestCLI.execute(RangeRequestCLI.java:77)\\n\\tat org.dogtagpki.cli.CommandCLI.execute(CommandCLI.java:57)\\n\\tat org.dogtagpki.cli.CLI.execute(CLI.java:352)\\n\\tat org.dogtagpki.cli.CLI.execute(CLI.java:352)\\n\\tat com.netscape.cmstools.cli.SubsystemCLI.execute(SubsystemCLI.java:76)\\n\\tat org.dogtagpki.cli.CLI.execute(CLI.java:352)\\n\\tat com.netscape.cmstools.cli.MainCLI.execute(MainCLI.java:658)\\n\\tat com.netscape.cmstools.cli.MainCLI.main(MainCLI.java:694)\\nCaused by: java.io.IOException: SocketException cannot write on socket: Failed to write to socket: (-5987) Invalid function argument.\\n\\tat org.mozilla.jss.ssl.SSLSocket.write(SSLSocket.java:1539)\\n\\tat org.mozilla.jss.ssl.SSLOutputStream.write(SSLOutputStream.java:24)\\n\\tat org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:160)\\n\\tat org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:168)\\n\\tat org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:281)\\n\\tat org.apache.http.impl.AbstractHttpClientConnection.flush(AbstractHttpClientConnection.java:287)\\n\\tat org.apache.http.impl.conn.ManagedClientConnectionImpl.flush(ManagedClientConnectionImpl.java:188)\\n\\tat org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:241)\\n\\tat org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)\\n\\tat org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:679)\\n\\tat org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:481)\\n\\tat org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:836)\\n\\tat org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)\\n\\tat org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)\\n\\tat org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine.invoke(ApacheHttpClient4Engine.java:313)\\n\\t... 17 more\\nCaused by: org.mozilla.jss.ssl.SSLSocketException: Failed to write to socket: (-5987) Invalid function argument.\\n\\tat org.mozilla.jss.ssl.SSLSocket.socketWrite(Native Method)\\n\\tat org.mozilla.jss.ssl.SSLSocket.write(SSLSocket.java:1533)\\n\\t... 31 more\\nERROR: CalledProcessError: Command \\'[\\'pki\\', \\'-d\\', \\'/etc/pki/pki-tomcat/alias\\', \\'-f\\', \\'/etc/pki/pki-tomcat/password.conf\\', \\'-U\\', \\'https://isv-s-ipa-srv-01.my-hostname.com:443\\', \\'ca-range-request\\', \\'request\\', \\'--install-token\\', \\'/tmp/tmpydgfdw40/install-token\\', \\'--output-format\\', \\'json\\', \\'--debug\\']\\' returned non-zero exit status 255.\\n  File \"/usr/lib/python3.9/site-packages/pki/server/pkispawn.py\", line 575, in main\\n    scriptlet.spawn(deployer)\\n  File \"/usr/lib/python3.9/site-packages/pki/server/deployment/scriptlets/configuration.py\", line 850, in spawn\\n    subsystem.request_ranges(master_url, session_id=deployer.install_token.token)\\n  File \"/usr/lib/python3.9/site-packages/pki/server/subsystem.py\", line 1001, in request_ranges\\n    request_range = self.request_range(\\n  File \"/usr/lib/python3.9/site-packages/pki/server/subsystem.py\", line 990, in request_range\\n    output = subprocess.check_output(cmd)\\n  File \"/usr/lib64/python3.9/subprocess.py\", line 420, in check_output\\n    return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,\\n  File \"/usr/lib64/python3.9/subprocess.py\", line 524, in run\\n    raise CalledProcessError(retcode, process.args,\\n\\n')\nSee the installation logs and the following files/directories for more information:\n  /var/log/pki/pki-tomcat\nTraceback (most recent call last):\n  File \"/usr/lib/python3.9/site-packages/ipaserver/install/dogtaginstance.py\", line 207, in spawn_instance\n    ipautil.run(args, nolog=nolog_list)\n  File \"/usr/lib/python3.9/site-packages/ipapython/ipautil.py\", line 598, in run\n    raise CalledProcessError(\nipapython.ipautil.CalledProcessError: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmprz_brnmr', '--debug'] returned non-zero exit status 1: 'INFO: Connecting to LDAP server at ldaps://isv-s-ipa-repl-02.my-hostname.com:636\\nINFO: Connecting to LDAP server at ldaps://isv-s-ipa-repl-02.my-hostname.com:636\\nINFO: Connecting to security domain at https://isv-s-ipa-srv-01.my-hostname.com:443\\nINFO: Certificate chain: /etc/ipa/ca.crt\\nINFO: Getting security domain info\\nINFO: Logging into security domain IPA\\nDEBUG: Installing Maven dependencies: False\\nINFO: BEGIN spawning CA subsystem in pki-tomcat instance\\nINFO: Loading instance: pki-tomcat\\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\\nINFO: Setting up pkiuser group\\nINFO: Reusing existing pkiuser group with GID 17\\nINFO: Setting up pkiuser user\\nINFO: Reusing existing pkiuser user with UID 17\\nDEBUG: Retrieving UID for \\'pkiuser\\'\\nDEBUG: UID of \\'pkiuser\\' is 17\\nDEBUG: Retrieving GID for \\'pkiuser\\'\\nDEBUG: GID of \\'pkiuser\\' is 17\\nINFO: Initialization\\nINFO: Setting up infrastructure\\nINFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat\\nDEBUG: Command: mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat\\nDEBUG: Command: chmod 770 /etc/sysconfig/pki/tomcat/pki-tomcat\\nDEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat\\nINFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca\\nDEBUG: Command: mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca\\nDEBUG: Command: chmod 770 /etc/sysconfig/pki/tomcat/pki-tomcat/ca\\nDEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca\\nINFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg\\nDEBUG: Command: cp -p /usr/share/pki/server/etc/default.cfg /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg\\nDEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg\\nDEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg\\nDEBUG: Command: touch /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg\\nDEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg\\nDEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg\\nINFO: Creating /var/lib/pki/pki-tomcat\\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat\\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat\\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat\\nINFO: Creating /var/lib/pki/pki-tomcat/ca\\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/ca\\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/ca\\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/ca\\nINFO: Preparing pki-tomcat instance\\nINFO: Loading instance: pki-tomcat\\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\\nINFO: Creating /etc/pki/pki-tomcat\\nDEBUG: Command: mkdir /etc/pki/pki-tomcat\\nINFO: Creating /etc/pki/pki-tomcat/password.conf\\nINFO: Using specified server NSS database password\\nINFO: Using specified internal database password\\nINFO: Generating random replication manager password\\nINFO: Creating /var/log/pki/pki-tomcat\\nDEBUG: Command: mkdir -p /var/log/pki/pki-tomcat\\nDEBUG: Command: chmod 770 /var/log/pki/pki-tomcat\\nDEBUG: Command: chown 17:17 /var/log/pki/pki-tomcat\\nINFO: Creating /etc/pki/pki-tomcat/tomcat.conf\\nDEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/pki/pki-tomcat/tomcat.conf\\nINFO: Creating /etc/pki/pki-tomcat/server.xml\\nDEBUG: Command: cp /usr/share/pki/server/conf/server.xml /etc/pki/pki-tomcat/server.xml\\nINFO: Creating /etc/pki/pki-tomcat/catalina.properties\\nDEBUG: Command: ln -s /usr/share/pki/server/conf/catalina.properties /etc/pki/pki-tomcat/catalina.properties\\nINFO: Creating /etc/pki/pki-tomcat/context.xml\\nDEBUG: Command: ln -s /etc/tomcat/context.xml /etc/pki/pki-tomcat/context.xml\\nINFO: Creating /etc/pki/pki-tomcat/logging.properties\\nDEBUG: Command: ln -s /usr/share/pki/server/conf/logging.properties /etc/pki/pki-tomcat/logging.properties\\nINFO: Creating /etc/sysconfig/pki-tomcat\\nDEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/sysconfig/pki-tomcat\\nINFO: Creating /etc/pki/pki-tomcat/tomcat.conf\\nDEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/pki/pki-tomcat/tomcat.conf\\nINFO: Creating /etc/pki/pki-tomcat/web.xml\\nDEBUG: Command: ln -s /etc/tomcat/web.xml /etc/pki/pki-tomcat/web.xml\\nINFO: Creating /etc/pki/pki-tomcat/Catalina\\nDEBUG: Command: mkdir /etc/pki/pki-tomcat/Catalina\\nINFO: Creating /etc/pki/pki-tomcat/Catalina/localhost\\nDEBUG: Command: mkdir /etc/pki/pki-tomcat/Catalina/localhost\\nINFO: Deploying ROOT web application\\nINFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml\\nINFO: Deploying /pki web application\\nINFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/pki.xml\\nINFO: Creating /var/lib/pki/pki-tomcat/lib\\nDEBUG: Command: ln -s /usr/share/pki/server/lib /var/lib/pki/pki-tomcat/lib\\nINFO: Creating /var/lib/pki/pki-tomcat/common\\nDEBUG: Command: mkdir /var/lib/pki/pki-tomcat/common\\nINFO: Creating /var/lib/pki/pki-tomcat/common/lib\\nDEBUG: Command: ln -s /usr/share/pki/server/common/lib /var/lib/pki/pki-tomcat/common/lib\\nINFO: Creating /var/lib/pki/pki-tomcat/temp\\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/temp\\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/temp\\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/temp\\nINFO: Creating /var/lib/pki/pki-tomcat/work\\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work\\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work\\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work\\nINFO: Creating /var/lib/pki/pki-tomcat/work/Catalina\\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina\\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina\\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina\\nINFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost\\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost\\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost\\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost\\nINFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost/_\\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/_\\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost/_\\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost/_\\nINFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca\\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca\\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca\\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca\\nINFO: Creating /var/lib/pki/pki-tomcat/bin\\nDEBUG: Command: ln -s /usr/share/tomcat/bin /var/lib/pki/pki-tomcat/bin\\nDEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/bin\\nINFO: Creating /var/lib/pki/pki-tomcat/pki-tomcat\\nDEBUG: Command: ln -s /usr/sbin/tomcat /var/lib/pki/pki-tomcat/pki-tomcat\\nDEBUG: Command: chown -h 0:0 /var/lib/pki/pki-tomcat/pki-tomcat\\nDEBUG: Command: systemctl daemon-reload\\nINFO: Creating /var/lib/pki/pki-tomcat/conf\\nDEBUG: Command: ln -s /etc/pki/pki-tomcat /var/lib/pki/pki-tomcat/conf\\nDEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/conf\\nINFO: Creating /var/lib/pki/pki-tomcat/logs\\nDEBUG: Command: ln -s /var/log/pki/pki-tomcat /var/lib/pki/pki-tomcat/logs\\nDEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/logs\\nINFO: Creating /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service\\nDEBUG: Command: ln -s /lib/systemd/system/pki-tomcatd@.service /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service\\nDEBUG: Command: chown -h 17:17 /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service\\nINFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\\nDEBUG: Command: cp /usr/share/pki/setup/pkidaemon_registry /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\\nINFO: Creating CA subsystem\\nINFO: Creating /var/log/pki/pki-tomcat/ca\\nDEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca\\nINFO: Creating /var/log/pki/pki-tomcat/ca/archive\\nDEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca/archive\\nINFO: Creating /var/log/pki/pki-tomcat/ca/signedAudit\\nDEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca/signedAudit\\nINFO: Creating /etc/pki/pki-tomcat/ca\\nDEBUG: Command: mkdir /etc/pki/pki-tomcat/ca\\nINFO: Creating /etc/pki/pki-tomcat/ca/CS.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/conf/CS.cfg /etc/pki/pki-tomcat/ca/CS.cfg\\nINFO: Creating /etc/pki/pki-tomcat/ca/registry.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/conf/registry.cfg /etc/pki/pki-tomcat/ca/registry.cfg\\nINFO: Creating /var/lib/pki/pki-tomcat/ca/emails\\nDEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/emails\\nDEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJobItem /var/lib/pki/pki-tomcat/ca/emails/ExpiredUnpublishJobItem\\nDEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA.html /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_RA.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/riq1Summary.html /var/lib/pki/pki-tomcat/ca/emails/riq1Summary.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Summary.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1Summary.txt\\nDEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA /var/lib/pki/pki-tomcat/ca/emails/certIssued_RA\\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA.html /var/lib/pki/pki-tomcat/ca/emails/certRevoked_RA.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA.html /var/lib/pki/pki-tomcat/ca/emails/certIssued_CA.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Item.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1Item.txt\\nDEBUG: Command: cp /usr/share/pki/ca/emails/publishCertsItem.html /var/lib/pki/pki-tomcat/ca/emails/publishCertsItem.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/euJob1.html /var/lib/pki/pki-tomcat/ca/emails/euJob1.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRequestRejected.html /var/lib/pki/pki-tomcat/ca/emails/certRequestRejected.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA.html /var/lib/pki/pki-tomcat/ca/emails/certIssued_RA.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA /var/lib/pki/pki-tomcat/ca/emails/certIssued_CA\\nDEBUG: Command: cp /usr/share/pki/ca/emails/riq1Item.html /var/lib/pki/pki-tomcat/ca/emails/riq1Item.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/publishCerts.html /var/lib/pki/pki-tomcat/ca/emails/publishCerts.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA.html /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_CA.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA /var/lib/pki/pki-tomcat/ca/emails/certRevoked_CA\\nDEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1.txt\\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA /var/lib/pki/pki-tomcat/ca/emails/certRevoked_RA\\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA.html /var/lib/pki/pki-tomcat/ca/emails/certRevoked_CA.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/euJob1Item.html /var/lib/pki/pki-tomcat/ca/emails/euJob1Item.html\\nDEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJob /var/lib/pki/pki-tomcat/ca/emails/ExpiredUnpublishJob\\nDEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_CA\\nDEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_RA\\nINFO: Creating /var/lib/pki/pki-tomcat/ca/profiles/ca\\nDEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/profiles\\nDEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/profiles/ca\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCUserSignedCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUUIDdeviceCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUUIDdeviceCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthTransportCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCocspCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCocspCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSigningECUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECSimpleCMCUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInstallCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInstallCACert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECInternalAuthServerCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_DirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_DirUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSimpleCMCUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRAserverCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caIPAserviceCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirPinUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDirPinUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCcaCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraStorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCkraStorageCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caStorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caStorageCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSigningUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirPinUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirPinUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caEncECUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDirUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECServerCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCACert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCserverCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAdminCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDualCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/ECAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/ECAdminCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECServerCertWithSCT.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/DomainController.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/DomainController.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCauditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCauditSigningCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECSubsystemCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/acmeServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/acmeServerCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOCSPCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caOCSPCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirBasedDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirBasedDualCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCertWithSCT.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentServerCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECserverCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDualCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caManualRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caManualRenewal.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTransportCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAagentCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRAagentCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthSubsystemCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualRAuserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDualRAuserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentFileSigning.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentFileSigning.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOtherCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caOtherCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthServerCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/AdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/AdminCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAuditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAuditSigningCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caJarSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caJarSigningCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSubsystemCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSignedLogCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSignedLogCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRACert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserSignedCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRouterCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRouterCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthOCSPCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthOCSPCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserRenewal.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECsubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECsubsystemCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenMSLoginEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenMSLoginEnrollment.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSSLClientSelfRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSSLClientSelfRenewal.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_UserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_UserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCrossSignedCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCrossSignedCACert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserSMIMEcapCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUserSMIMEcapCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRARouterCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRARouterCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCkraTransportCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCsubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCsubsystemCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECAdminCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTPSCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTPSCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caEncUserCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCSharedTokenCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAgentServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECAgentServerCert.cfg\\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg\\nINFO: Creating /etc/pki/pki-tomcat/ca/flatfile.txt\\nDEBUG: Command: cp /usr/share/pki/ca/conf/flatfile.txt /etc/pki/pki-tomcat/ca/flatfile.txt\\nINFO: Creating /etc/pki/pki-tomcat/ca/adminCert.profile\\nDEBUG: Command: cp /usr/share/pki/ca/conf/rsaAdminCert.profile /etc/pki/pki-tomcat/ca/adminCert.profile\\nINFO: Creating /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile\\nDEBUG: Command: cp /usr/share/pki/ca/conf/caAuditSigningCert.profile /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile\\nINFO: Creating /etc/pki/pki-tomcat/ca/caCert.profile\\nDEBUG: Command: cp /usr/share/pki/ca/conf/caCert.profile /etc/pki/pki-tomcat/ca/caCert.profile\\nINFO: Creating /etc/pki/pki-tomcat/ca/caOCSPCert.profile\\nDEBUG: Command: cp /usr/share/pki/ca/conf/caOCSPCert.profile /etc/pki/pki-tomcat/ca/caOCSPCert.profile\\nINFO: Creating /etc/pki/pki-tomcat/ca/serverCert.profile\\nDEBUG: Command: cp /usr/share/pki/ca/conf/rsaServerCert.profile /etc/pki/pki-tomcat/ca/serverCert.profile\\nINFO: Creating /etc/pki/pki-tomcat/ca/subsystemCert.profile\\nDEBUG: Command: cp /usr/share/pki/ca/conf/rsaSubsystemCert.profile /etc/pki/pki-tomcat/ca/subsystemCert.profile\\nINFO: Creating /etc/pki/pki-tomcat/ca/proxy.conf\\nDEBUG: Command: cp /usr/share/pki/ca/conf/proxy.conf /etc/pki/pki-tomcat/ca/proxy.conf\\nINFO: Creating /var/lib/pki/pki-tomcat/ca/conf\\nDEBUG: Command: ln -s /etc/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/conf\\nINFO: Creating /var/lib/pki/pki-tomcat/ca/logs\\nDEBUG: Command: ln -s /var/log/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/logs\\nINFO: Creating /var/lib/pki/pki-tomcat/ca/registry\\nDEBUG: Command: ln -s /etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat/ca/registry\\nINFO: Loading instance: pki-tomcat\\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\\nDEBUG: - user: pkiuser\\nDEBUG: - group: pkiuser\\nINFO: Getting signing cert info from CS.cfg\\nINFO: Getting ocsp_signing cert info from CS.cfg\\nINFO: Getting sslserver cert info from CS.cfg\\nINFO: Getting subsystem cert info from CS.cfg\\nINFO: Getting audit_signing cert info from CS.cfg\\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\\nINFO: Deploying /ca web application\\nINFO: Loading instance: pki-tomcat\\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\\nDEBUG: - user: pkiuser\\nDEBUG: - group: pkiuser\\nINFO: Creating /var/lib/pki/pki-tomcat/ca/webapps\\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/ca/webapps\\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/ca/webapps\\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/ca/webapps\\nINFO: Setting up ownerships, permissions, and ACLs on /var/lib/pki/pki-tomcat/ca/webapps\\nINFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/ca.xml\\nINFO: Loading instance: pki-tomcat\\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\\nDEBUG: - user: pkiuser\\nDEBUG: - group: pkiuser\\nINFO: Creating password file: /etc/pki/pki-tomcat/pfile\\nINFO: Updating /etc/pki/pki-tomcat/password.conf\\nDEBUG: Command: chmod 660 /etc/pki/pki-tomcat/password.conf\\nDEBUG: Command: chown 17:17 /etc/pki/pki-tomcat/password.conf\\nINFO: Creating /etc/pki/pki-tomcat/alias\\nDEBUG: Command: mkdir /etc/pki/pki-tomcat/alias\\nINFO: Creating NSS database: /etc/pki/pki-tomcat/alias\\nDEBUG: Command: certutil -N -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile\\nDEBUG: Command: ln -s /etc/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/alias\\nDEBUG: Command: ln -s /var/lib/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/ca/alias\\nDEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -C /etc/pki/pki-tomcat/pfile pkcs12-import --pkcs12 /tmp/ca.p12 --password-file /tmp/tmpjfev8p46/password.txt --debug\\nINFO: Certificates in PKCS #12 file:\\nINFO: Java command: /usr/bin/env java -cp /usr/share/pki/lib/* -Djava.util.logging.config.file=/usr/share/pki/etc/logging.properties com.netscape.cmstools.cli.MainCLI -d /etc/pki/pki-tomcat/alias -C /etc/pki/pki-tomcat/pfile --debug pkcs12-cert-find --pkcs12 /tmp/ca.p12 --password-file /tmp/tmpjfev8p46/password.txt --debug\\nINFO: Server URL: https://isv-s-ipa-repl-02.my-hostname.com:8443\\nINFO: Loading NSS password from /etc/pki/pki-tomcat/pfile\\nINFO: NSS database: /etc/pki/pki-tomcat/alias\\nINFO: Message format: null\\nINFO: Command: pkcs12-cert-find --pkcs12 /tmp/ca.p12 --password-file /tmp/tmpjfev8p46/password.txt --debug\\nINFO: Module: pkcs12\\nINFO: Module: cert\\nINFO: Module: find\\nINFO: Initializing NSS\\nINFO: Logging into internal token\\nINFO: Using internal token\\nINFO: - caSigningCert cert-pki-ca\\nINFO: - ocspSigningCert cert-pki-ca\\nINFO: - auditSigningCert cert-pki-ca\\nINFO: - subsystemCert cert-pki-ca\\nINFO: Importing CA certificates:\\nINFO: Importing user certificates:\\nINFO: - caSigningCert cert-pki-ca\\nINFO: - ocspSigningCert cert-pki-ca\\nINFO: - auditSigningCert cert-pki-ca\\nINFO: - subsystemCert cert-pki-ca\\nINFO: Java command: /usr/bin/env java -cp /usr/share/pki/lib/* -Djava.util.logging.config.file=/usr/share/pki/etc/logging.properties com.netscape.cmstools.cli.MainCLI -d /etc/pki/pki-tomcat/alias -C /etc/pki/pki-tomcat/pfile --debug pkcs12-import --pkcs12 /tmp/ca.p12 --password-file /tmp/tmpjfev8p46/password.txt --debug caSigningCert cert-pki-ca ocspSigningCert cert-pki-ca auditSigningCert cert-pki-ca subsystemCert cert-pki-ca\\nINFO: Server URL: https://isv-s-ipa-repl-02.my-hostname.com:8443\\nINFO: Loading NSS password from /etc/pki/pki-tomcat/pfile\\nINFO: NSS database: /etc/pki/pki-tomcat/alias\\nINFO: Message format: null\\nINFO: Command: pkcs12-import --pkcs12 /tmp/ca.p12 --password-file /tmp/tmpjfev8p46/password.txt --debug \"caSigningCert cert-pki-ca\" \"ocspSigningCert cert-pki-ca\" \"auditSigningCert cert-pki-ca\" \"subsystemCert cert-pki-ca\"\\nINFO: Module: pkcs12\\nINFO: Module: import\\nINFO: Initializing NSS\\nINFO: Logging into internal token\\nINFO: Using internal token\\nDEBUG: Command: certutil -M -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile -n caSigningCert cert-pki-ca -t CTu,Cu,Cu\\nDEBUG: Command: certutil -M -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile -n auditSigningCert cert-pki-ca -t u,u,Pu\\nDEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias\\nDEBUG: Result of CA certificate export: \\nINFO: Command: certutil -L -d /etc/pki/pki-tomcat/alias -h internal -n Directory Server CA certificate -f /etc/pki/pki-tomcat/pfile\\nINFO: Importing Directory Server CA certificate cert from /etc/ipa/ca.crt\\nDEBUG: Command: certutil -A -d /etc/pki/pki-tomcat/alias -h internal -n Directory Server CA certificate -t CT,CT,CT -i /etc/ipa/ca.crt -f /etc/pki/pki-tomcat/pfile\\nINFO: Removing /etc/pki/pki-tomcat/pfile\\nDEBUG: Command: rm -f /etc/pki/pki-tomcat/pfile\\nINFO: Getting signing cert info from CS.cfg\\nINFO: Getting ocsp_signing cert info from CS.cfg\\nINFO: Getting sslserver cert info from CS.cfg\\nINFO: Getting subsystem cert info from CS.cfg\\nINFO: Getting audit_signing cert info from CS.cfg\\nINFO: Injecting SAN: False\\nINFO: SSL server cert SAN: \\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\\nINFO: Creating /root/.dogtag/pki-tomcat/ca\\nDEBUG: Command: mkdir -p /root/.dogtag/pki-tomcat/ca\\nDEBUG: Command: chmod 755 /root/.dogtag/pki-tomcat/ca\\nDEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/ca\\nINFO: Creating password file: /root/.dogtag/pki-tomcat/ca/password.conf\\nINFO: Updating /root/.dogtag/pki-tomcat/ca/password.conf\\nDEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/ca/password.conf\\nDEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/ca/password.conf\\nINFO: Storing PKCS #12 password in /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf\\nINFO: Updating /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf\\nDEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf\\nDEBUG: Command: chown 17:17 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf\\nDEBUG: Command: mkdir /root/.dogtag/pki-tomcat/ca/alias\\nDEBUG: Command: certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf\\nINFO: Creating SELinux contexts\\nINFO: Generating system keys\\nINFO: Loading instance: pki-tomcat\\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\\nDEBUG: - user: pkiuser\\nDEBUG: - group: pkiuser\\nINFO: Configuring subsystem\\nINFO: Loading instance: pki-tomcat\\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\\nDEBUG: - user: pkiuser\\nDEBUG: - group: pkiuser\\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\\nINFO: Checking existing SSL server cert: Server-Cert cert-pki-ca\\nDEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpr_671lf1/password.txt -n Server-Cert cert-pki-ca -a\\nINFO: Creating temp SSL server cert for isv-s-ipa-repl-02.my-hostname.com\\nDEBUG: Command: openssl rand -out /tmp/tmpbspcvqtm/noise 2048\\nDEBUG: Command: certutil -R -d /etc/pki/pki-tomcat/alias -k rsa -g 2048 -z /tmp/tmpbspcvqtm/noise -f /tmp/tmpbspcvqtm/password.txt -s cn=isv-s-ipa-repl-02.my-hostname.com,o=2021-12-29 12:52:59 -o /tmp/tmpbspcvqtm/request.bin\\nDEBUG: Command: certutil -C -d /etc/pki/pki-tomcat/alias -x -f /tmp/tmpwxe3qyjk/password.txt -a -i /tmp/tmpze5xxg1s/sslserver.csr -o /tmp/tmpze5xxg1s/sslserver.crt -m 0 -v 12\\nDEBUG: Command: certutil -A -d /etc/pki/pki-tomcat/alias -f /tmp/tmpwxe3qyjk/internal_password.txt -n Server-Cert cert-pki-ca -a -i /tmp/tmpze5xxg1s/sslserver.crt -t CTu,CTu,CTu\\nNotice: Trust flag u is set automatically if the private key is present.\\nINFO: Joining existing domain\\nINFO: Searching for isv-s-ipa-srv-01.my-hostname.com:443\\nINFO: - isv-s-ipa-srv-01.my-hostname.com:443\\nINFO: Getting install token\\nINFO: Using CA at https://isv-s-ipa-repl-02.my-hostname.com:443\\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\\nINFO: Requesting ranges from CA master\\nINFO: Requesting request ID range\\nDEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/password.conf -U https://isv-s-ipa-srv-01.my-hostname.com:443 ca-range-request request --install-token /tmp/tmpydgfdw40/install-token --output-format json --debug\\nINFO: Connecting to https://isv-s-ipa-srv-01.my-hostname.com:443\\nINFO: HTTP request: GET /pki/rest/info HTTP/1.1\\nINFO:   Accept: application/xml\\nINFO:   Host: isv-s-ipa-srv-01.my-hostname.com:443\\nINFO:   Connection: Keep-Alive\\nINFO:   User-Agent: Apache-HttpClient/4.5.10 (Java/11.0.13)\\nINFO: Server certificate: CN=*.my-hostname.com\\nWARNING: UNTRUSTED ISSUER encountered on \\'CN=*.my-hostname.com\\' indicates a non-trusted CA cert \\'CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB\\'\\nTrust this certificate (y/N)? ERROR: java.lang.NullPointerException\\nSEVERE: FATAL: SSL alert sent: BAD_CERTIFICATE\\njavax.ws.rs.ProcessingException: RESTEASY004655: Unable to invoke request\\n\\tat org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine.invoke(ApacheHttpClient4Engine.java:317)\\n\\tat org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:442)\\n\\tat org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:106)\\n\\tat org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76)\\n\\tat com.sun.proxy.$Proxy23.getInfo(Unknown Source)\\n\\tat org.dogtagpki.common.InfoClient.getInfo(InfoClient.java:43)\\n\\tat com.netscape.certsrv.client.PKIClient.getInfo(PKIClient.java:221)\\n\\tat com.netscape.cmstools.cli.MainCLI.getClient(MainCLI.java:597)\\n\\tat org.dogtagpki.cli.CLI.getClient(CLI.java:201)\\n\\tat com.netscape.cmstools.ca.CACLI.getSubsystemClient(CACLI.java:64)\\n\\tat com.netscape.cmstools.range.RangeRequestCLI.execute(RangeRequestCLI.java:77)\\n\\tat org.dogtagpki.cli.CommandCLI.execute(CommandCLI.java:57)\\n\\tat org.dogtagpki.cli.CLI.execute(CLI.java:352)\\n\\tat org.dogtagpki.cli.CLI.execute(CLI.java:352)\\n\\tat com.netscape.cmstools.cli.SubsystemCLI.execute(SubsystemCLI.java:76)\\n\\tat org.dogtagpki.cli.CLI.execute(CLI.java:352)\\n\\tat com.netscape.cmstools.cli.MainCLI.execute(MainCLI.java:658)\\n\\tat com.netscape.cmstools.cli.MainCLI.main(MainCLI.java:694)\\nCaused by: java.io.IOException: SocketException cannot write on socket: Failed to write to socket: (-5987) Invalid function argument.\\n\\tat org.mozilla.jss.ssl.SSLSocket.write(SSLSocket.java:1539)\\n\\tat org.mozilla.jss.ssl.SSLOutputStream.write(SSLOutputStream.java:24)\\n\\tat org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:160)\\n\\tat org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:168)\\n\\tat org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:281)\\n\\tat org.apache.http.impl.AbstractHttpClientConnection.flush(AbstractHttpClientConnection.java:287)\\n\\tat org.apache.http.impl.conn.ManagedClientConnectionImpl.flush(ManagedClientConnectionImpl.java:188)\\n\\tat org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:241)\\n\\tat org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)\\n\\tat org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:679)\\n\\tat org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:481)\\n\\tat org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:836)\\n\\tat org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)\\n\\tat org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)\\n\\tat org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine.invoke(ApacheHttpClient4Engine.java:313)\\n\\t... 17 more\\nCaused by: org.mozilla.jss.ssl.SSLSocketException: Failed to write to socket: (-5987) Invalid function argument.\\n\\tat org.mozilla.jss.ssl.SSLSocket.socketWrite(Native Method)\\n\\tat org.mozilla.jss.ssl.SSLSocket.write(SSLSocket.java:1533)\\n\\t... 31 more\\nERROR: CalledProcessError: Command \\'[\\'pki\\', \\'-d\\', \\'/etc/pki/pki-tomcat/alias\\', \\'-f\\', \\'/etc/pki/pki-tomcat/password.conf\\', \\'-U\\', \\'https://isv-s-ipa-srv-01.my-hostname.com:443\\', \\'ca-range-request\\', \\'request\\', \\'--install-token\\', \\'/tmp/tmpydgfdw40/install-token\\', \\'--output-format\\', \\'json\\', \\'--debug\\']\\' returned non-zero exit status 255.\\n  File \"/usr/lib/python3.9/site-packages/pki/server/pkispawn.py\", line 575, in main\\n    scriptlet.spawn(deployer)\\n  File \"/usr/lib/python3.9/site-packages/pki/server/deployment/scriptlets/configuration.py\", line 850, in spawn\\n    subsystem.request_ranges(master_url, session_id=deployer.install_token.token)\\n  File \"/usr/lib/python3.9/site-packages/pki/server/subsystem.py\", line 1001, in request_ranges\\n    request_range = self.request_range(\\n  File \"/usr/lib/python3.9/site-packages/pki/server/subsystem.py\", line 990, in request_range\\n    output = subprocess.check_output(cmd)\\n  File \"/usr/lib64/python3.9/subprocess.py\", line 420, in check_output\\n    return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,\\n  File \"/usr/lib64/python3.9/subprocess.py\", line 524, in run\\n    raise CalledProcessError(retcode, process.args,\\n\\n')\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n  File \"<stdin>\", line 102, in <module>\n  File \"<stdin>\", line 94, in _ansiballz_main\n  File \"<stdin>\", line 40, in invoke_module\n  File \"/usr/lib64/python3.9/runpy.py\", line 210, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib64/python3.9/runpy.py\", line 97, in _run_module_code\n    _run_code(code, mod_globals, init_globals,\n  File \"/usr/lib64/python3.9/runpy.py\", line 87, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_ipareplica_setup_ca_payload_w3x9jt4f/ansible_ipareplica_setup_ca_payload.zip/ansible/modules/ipareplica_setup_ca.py\", line 259, in <module>\n  File \"/tmp/ansible_ipareplica_setup_ca_payload_w3x9jt4f/ansible_ipareplica_setup_ca_payload.zip/ansible/modules/ipareplica_setup_ca.py\", line 251, in main\n  File \"/usr/lib/python3.9/site-packages/ipaserver/install/ca.py\", line 270, in install\n    install_step_0(standalone, replica_config, options, custodia=custodia)\n  File \"/usr/lib/python3.9/site-packages/ipaserver/install/ca.py\", line 338, in install_step_0\n    ca.configure_instance(\n  File \"/usr/lib/python3.9/site-packages/ipaserver/install/cainstance.py\", line 486, in configure_instance\n    self.start_creation(runtime=runtime)\n  File \"/usr/lib/python3.9/site-packages/ipaserver/install/service.py\", line 635, in start_creation\n    run_step(full_msg, method)\n  File \"/usr/lib/python3.9/site-packages/ipaserver/install/service.py\", line 621, in run_step\n    method()\n  File \"/usr/lib/python3.9/site-packages/ipaserver/install/cainstance.py\", line 605, in __spawn_instance\n    DogtagInstance.spawn_instance(\n  File \"/usr/lib/python3.9/site-packages/ipaserver/install/dogtaginstance.py\", line 209, in spawn_instance\n    self.handle_setup_error(e)\n  File \"/usr/lib/python3.9/site-packages/ipaserver/install/dogtaginstance.py\", line 532, in handle_setup_error\n    raise RuntimeError(\"%s configuration failed.\" % self.subsystem)\nRuntimeError: CA configuration failed.\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

I'm worried about this part:

DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/password.conf -U https://isv-s-ipa-srv-01.my-hostname.com:443 ca-range-request request --install-token /tmp/tmpydgfdw40/install-token --output-format json --debug\\nINFO: Connecting to https://isv-s-ipa-srv-01.my-hostname.com:443\\nINFO: HTTP request: GET /pki/rest/info HTTP/1.1\\nINFO: Accept: application/xml\\nINFO: Host: isv-s-ipa-srv-01.my-hostname.com:443\\nINFO: Connection: Keep-Alive\\nINFO: User-Agent: Apache-HttpClient/4.5.10 (Java/11.0.13)\\nINFO: Server certificate: CN=*.my-hostname.com\\nWARNING: UNTRUSTED ISSUER encountered on \\'CN=*.my-hostname.com\\' indicates a non-trusted CA cert \\'CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB\\'\\nTrust this certificate (y/N)? ERROR: java.lang.NullPointerException\\nSEVERE: FATAL: SSL alert sent: BAD_CERTIFICATE\\n

Earlier on the server and replicas I changed the certificates for HTTP/LDAP using documentation Using 3rd part certificates for HTTP/LDAP

What can I do to successfully add new one replica?

Thanks

[arozmarin]

Hi there,

I'm testing in lab to install IPAserver and replica with CA, DNS and KRA enabled. If I install IPA server and then replica Ansible script works OK and after that I install letcencrypt certs for HTTP and LDAP. No problem here. But when I install IPA server and letsencrypt certs for HTTP and LDAP, after I run Ansible script for replica, script stops at TASK [ipareplica : Install - Setup CA] I don't get any error and nothing, I let script running for more than an hour and nothing. I checked all logs and no errors. here is what I see last

`TASK [ipareplica : Install - Setup CA] *** task path: /Users/user/Projects/ansible-freeipa/roles/ipareplica/tasks/install.yml:542

ESTABLISH SSH CONNECTION FOR USER: alocal SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o Port=22 -o 'IdentityFile="/Users/user/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="alocal"' -o ConnectTimeout=10 -o 'ControlPath="/Users/user/.ansible/cp/ca8512ec65"' ipa2.s2.test.local '/bin/sh -c '"'"'echo ~alocal && sleep 0'"'"'' (0, b'/home/alocal\n', b'') ESTABLISH SSH CONNECTION FOR USER: alocal SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o Port=22 -o 'IdentityFile="/Users/user/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="alocal"' -o ConnectTimeout=10 -o 'ControlPath="/Users/user/.ansible/cp/ca8512ec65"' ipa2.s2.test.local '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/alocal/.ansible/tmp `"&& mkdir "` echo /home/alocal/.ansible/tmp/ansible-tmp-1675122954.680953-97244-24733543254068 `" && echo ansible-tmp-1675122954.680953-97244-24733543254068="` echo /home/alocal/.ansible/tmp/ansible-tmp-1675122954.680953-97244-24733543254068 `" ) && sleep 0'"'"'' (0, b'ansible-tmp-1675122954.680953-97244-24733543254068=/home/alocal/.ansible/tmp/ansible-tmp-1675122954.680953-97244-24733543254068\n', b'') Using module file /Users/user/Projects/ansible-freeipa/roles/ipareplica/library/ipareplica_setup_ca.py PUT /Users/user/.ansible/tmp/ansible-local-95165bhd07g2s/tmp88xo_40d TO /home/alocal/.ansible/tmp/ansible-tmp-1675122954.680953-97244-24733543254068/AnsiballZ_ipareplica_setup_ca.py SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o Port=22 -o 'IdentityFile="/Users/user/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="alocal"' -o ConnectTimeout=10 -o 'ControlPath="/Users/user/.ansible/cp/ca8512ec65"' '[ipa2.s2.test.local]' (0, b'sftp> put /Users/user/.ansible/tmp/ansible-local-95165bhd07g2s/tmp88xo_40d /home/alocal/.ansible/tmp/ansible-tmp-1675122954.680953-97244-24733543254068/AnsiballZ_ipareplica_setup_ca.py\n', b'') ESTABLISH SSH CONNECTION FOR USER: alocal SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o Port=22 -o 'IdentityFile="/Users/user/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="alocal"' -o ConnectTimeout=10 -o 'ControlPath="/Users/user/.ansible/cp/ca8512ec65"' ipa2.s2.test.local '/bin/sh -c '"'"'chmod u+x /home/alocal/.ansible/tmp/ansible-tmp-1675122954.680953-97244-24733543254068/ /home/alocal/.ansible/tmp/ansible-tmp-1675122954.680953-97244-24733543254068/AnsiballZ_ipareplica_setup_ca.py && sleep 0'"'"'' (0, b'', b'') ESTABLISH SSH CONNECTION FOR USER: alocal SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o Port=22 -o 'IdentityFile="/Users/user/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="alocal"' -o ConnectTimeout=10 -o 'ControlPath="/Users/user/.ansible/cp/ca8512ec65"' -tt ipa2.s2.test.local '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=nqpcdoqgwvspknczyzbbsrjwxptzphrb] password:" -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-nqpcdoqgwvspknczyzbbsrjwxptzphrb ; /usr/bin/python3 /home/alocal/.ansible/tmp/ansible-tmp-1675122954.680953-97244-24733543254068/AnsiballZ_ipareplica_setup_ca.py'"'"'"'"'"'"'"'"' && sleep 0'"'"'' Escalation succeeded` last log from ipareplica-install.log 2023-01-30T23:56:31Z DEBUG Starting external process 2023-01-30T23:56:31Z DEBUG args=['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmp9ajbw7pg', '--debug', '--log-file', '/var/log/pki/pki-ca-spawn.20230131105631.log'] If I install replica without script it work fine. Variables that I use [ipaserver:vars] ipaserver_setup_dns=yes ipaserver_setup_kra=yes ipaserver_auto_forwarders=yes ipaserver_allow_zone_overlap=yes ipaserver_reverse_zones=0.10.10.in-addr.arpa,0.20.10.in-addr.arpa,0.30.10.in-addr.arpa ipaserver_auto_reverse=true ipaserver_forwarders=10.10.0.1 ipaserver_setup_firewalld=yes [ipareplicas:vars] ipadm_password=password ipareplica_setup_dns=yes ipareplica_setup_ca=yes ipareplica_setup_kra=yes ipareplica_server=ipa2.s2.test.local ipaserver_hostname=ipa1.s2.test.local ipaclient_force_join=yes ipareplica_domain=test.local ipaadmin_principal=admin ipaadmin_password=password ipareplica_allow_zone_overlap=yes ipareplica_auto_reverse=yes ipareplica_forwarders=10.10.0.1 ipareplica_setup_firewalld=yes ipaclient_all_ip_addresses=yes [ipa:vars] #ipaclient_mkhomedir=yes ansible_user=alocal become_method=sudo ansible_sudo_pass=pass ipadm_password=password ipaadmin_password=password ipaserver_domain=test.local ipaserver_realm=TEST.LOCAL ansible_port="22" ansible_ssh_private_key_file= '~/.ssh/id_rsa' ipaclient_all_ip_addresses=yes Any Idea what scripts stops at "ipareplica : Install - Setup CA" with no errors and nothing, only when I install third party certsificates on IPAserver before I install IPAreplica. I try to install freeipa on Rocky Linux 9.1 and IPA version 4.10.0 Thanks

[soukron]

Same issue here... I haven't tested without custom certificates (as I can't do it as the main server is already in production) but the rest remains the same: adding a replica to that server, which has custom certificates, and the playbook hangs in the Setup CA.

What I can confirm is that using the installer (ipa-replica-install) works properly...