I'm attempting to reinstall a replica that I had previously removed.
When I run ipa-replica-install and include the --setup-kra option, it
eventually fails. I've included the output of the ipa-replica-install
command, and the only "bad" thing I can find is the following in the
tomcat debug log:
2020-11-29 03:51:35 [ajp-nio-127.0.0.1-8009-exec-3] SEVERE:
addConnector: Connector is already defined
I've gone through and run ipa-healthcheck, all is well there. After
uninstalling, I couldn't find any old references to the replica in the
LDAP database.... the ipa-replica-install works fine if I do not include
--setup-kra.
Any help would be appreciated. I'm happy to provide whatever additional
logs that may be needed. I've replaced my internal DNS suffix with
'example.com'.
Thanks!
- Dave
Failed to configure KRA instance: CalledProcessError(Command
['/usr/sbin/pkispawn', '-s', 'KRA', '-f',
'/tmp/tmpf6kaucv2', '--debug']
returned non-zero exit status 1: 'INFO: Connecting to LDAP server at
ldaps://ipa.example.com:636\nINFO: Connecting to LDAP server at
ldaps://ipa.example.com:636\nINFO: Connecting to security domain at
https://ipa.example.com:443\nINFO: Getting security domain info\nINFO:
Logging into security domain IPA\nDEBUG: Installing Maven dependencies:
False\nINFO: BEGIN spawning KRA subsystem in pki-tomcat instance\nINFO:
Loading instance: pki-tomcat\nINFO: Loading global Tomcat config:
/etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config:
/usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config:
/etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config:
/etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config:
/var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem
registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading
instance registry:
/etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user:
pkiuser\nINFO: - group: pkiuser\nINFO: Setting up pkiuser group\nINFO:
Reusing existing pkiuser group with GID 17\nINFO: Setting up pkiuser
user\nINFO: Reusing existing pkiuser user with UID 17\nDEBUG: Retrieving
UID for \'pkiuser\'\nDEBUG: UID of \'pkiuser\' is 17\nDEBUG: Retrieving
GID for \'pkiuser\'\nDEBUG: GID of \'pkiuser\' is 17\nINFO:
Initialization\nINFO: Appending logs to /var/log/pki/pki-tomcat\nINFO:
Setting up infrastructure\nINFO: Creating
/etc/sysconfig/pki/tomcat/pki-tomcat\nINFO: Creating
/etc/sysconfig/pki/tomcat/pki-tomcat/kra\nDEBUG: Command: mkdir -p
/etc/sysconfig/pki/tomcat/pki-tomcat/kra\nDEBUG: Command: chmod 770
/etc/sysconfig/pki/tomcat/pki-tomcat/kra\nDEBUG: Command: chown 17:17
/etc/sysconfig/pki/tomcat/pki-tomcat/kra\nINFO: Creating
/etc/sysconfig/pki/tomcat/pki-tomcat/kra/default.cfg\nDEBUG: Command: cp
-p /usr/share/pki/server/etc/default.cfg
/etc/sysconfig/pki/tomcat/pki-tomcat/kra/default.cfg\nDEBUG: Command:
chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/kra/default.cfg\nDEBUG:
Command: chown 17:17
/etc/sysconfig/pki/tomcat/pki-tomcat/kra/default.cfg\nDEBUG: Command:
touch /etc/sysconfig/pki/tomcat/pki-tomcat/kra/deployment.cfg\nDEBUG:
Command: chmod 660
/etc/sysconfig/pki/tomcat/pki-tomcat/kra/deployment.cfg\nDEBUG: Command:
chown 17:17
/etc/sysconfig/pki/tomcat/pki-tomcat/kra/deployment.cfg\nINFO: Creating
/var/lib/pki/pki-tomcat\nINFO: Creating
/var/lib/pki/pki-tomcat/kra\nDEBUG: Command: mkdir -p
/var/lib/pki/pki-tomcat/kra\nDEBUG: Command: chmod 770
/var/lib/pki/pki-tomcat/kra\nDEBUG: Command: chown 17:17
/var/lib/pki/pki-tomcat/kra\nINFO: Preparing pki-tomcat instance\nINFO:
Loading instance: pki-tomcat\nINFO: Loading global Tomcat config:
/etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config:
/usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config:
/etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config:
/etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config:
/var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem
registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading
instance registry:
/etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user:
pkiuser\nINFO: - group: pkiuser\nINFO: Creating
/etc/pki/pki-tomcat\nWARNING: Directory already exists:
/etc/pki/pki-tomcat\nINFO: Creating
/etc/pki/pki-tomcat/password.conf\nINFO: Reusing server NSS database
password\nINFO: Using specified internal database password\nINFO:
Reusing replication manager password\nINFO: Installing pki-tomcat
instance\nINFO: Creating KRA subsystem\nINFO: Creating
/var/log/pki/pki-tomcat/kra\nDEBUG: Command: mkdir
/var/log/pki/pki-tomcat/kra\nINFO: Creating
/var/log/pki/pki-tomcat/kra/archive\nDEBUG: Command: mkdir
/var/log/pki/pki-tomcat/kra/archive\nINFO: Creating
/var/log/pki/pki-tomcat/kra/signedAudit\nDEBUG: Command: mkdir
/var/log/pki/pki-tomcat/kra/signedAudit\nINFO: Creating
/etc/pki/pki-tomcat/kra\nDEBUG: Command: mkdir
/etc/pki/pki-tomcat/kra\nINFO: Creating
/etc/pki/pki-tomcat/kra/CS.cfg\nDEBUG: Command: cp
/usr/share/pki/kra/conf/CS.cfg /etc/pki/pki-tomcat/kra/CS.cfg\nINFO:
Creating /etc/pki/pki-tomcat/kra/registry.cfg\nINFO: Creating
/var/lib/pki/pki-tomcat/kra/conf\nDEBUG: Command: ln -s
/etc/pki/pki-tomcat/kra /var/lib/pki/pki-tomcat/kra/conf\nINFO: Creating
/var/lib/pki/pki-tomcat/kra/logs\nDEBUG: Command: ln -s
/var/log/pki/pki-tomcat/kra /var/lib/pki/pki-tomcat/kra/logs\nINFO:
Creating /var/lib/pki/pki-tomcat/kra/registry\nDEBUG: Command: ln -s
/etc/sysconfig/pki/tomcat/pki-tomcat
/var/lib/pki/pki-tomcat/kra/registry\nINFO: Loading instance:
pki-tomcat\nINFO: Loading global Tomcat config:
/etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config:
/usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config:
/etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config:
/etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config:
/var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem
registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading
subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Loading
instance registry:
/etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user:
pkiuser\nINFO: - group: pkiuser\nINFO: Getting transport cert info from
CS.cfg\nINFO: Getting storage cert info from CS.cfg\nINFO: Getting
sslserver cert info from CS.cfg\nINFO: Getting subsystem cert info from
CS.cfg\nINFO: Getting audit_signing cert info from CS.cfg\nINFO: Storing
subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Storing
registry config: /var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO:
Deploying /kra web application\nINFO: Loading instance:
pki-tomcat\nINFO: Loading global Tomcat config:
/etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config:
/usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config:
/etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config:
/etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config:
/var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem
registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading
subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Loading
subsystem registry: /var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO:
Loading instance registry:
/etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user:
pkiuser\nINFO: - group: pkiuser\nINFO: Creating
/var/lib/pki/pki-tomcat/kra/webapps\nDEBUG: Command: mkdir -p
/var/lib/pki/pki-tomcat/kra/webapps\nDEBUG: Command: chmod 770
/var/lib/pki/pki-tomcat/kra/webapps\nDEBUG: Command: chown 17:17
/var/lib/pki/pki-tomcat/kra/webapps\nINFO: Setting up ownerships,
permissions, and ACLs on /var/lib/pki/pki-tomcat/kra/webapps\nINFO:
Creating /etc/pki/pki-tomcat/Catalina/localhost/kra.xml\nINFO: Loading
instance: pki-tomcat\nINFO: Loading global Tomcat config:
/etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config:
/usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config:
/etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config:
/etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config:
/var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem
registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading
subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Loading
subsystem registry: /var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO:
Loading instance registry:
/etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user:
pkiuser\nINFO: - group: pkiuser\nINFO: Creating password file:
/etc/pki/pki-tomcat/pfile\nINFO: Updating
/etc/pki/pki-tomcat/password.conf\nDEBUG: Command: chmod 660
/etc/pki/pki-tomcat/password.conf\nDEBUG: Command: chown 17:17
/etc/pki/pki-tomcat/password.conf\nDEBUG: Command: ln -s
/var/lib/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/kra/alias\nDEBUG:
Command: pki -d /etc/pki/pki-tomcat/alias -C /etc/pki/pki-tomcat/pfile
pkcs12-import --pkcs12 /tmp/tmp3plm5h3l --password-file
/tmp/tmpm1sa32dg/password.txt --debug\nINFO: Certificates in PKCS #12
file:\nINFO: Java command: /usr/lib/jvm/jre-openjdk/bin/java -cp
/usr/share/pki/lib/*
-Djava.util.logging.config.file=/usr/share/pki/etc/logging.properties
com.netscape.cmstools.cli.MainCLI -d /etc/pki/pki-tomcat/alias -C
/etc/pki/pki-tomcat/pfile --debug pkcs12-cert-find --pkcs12
/tmp/tmp3plm5h3l --password-file /tmp/tmpm1sa32dg/password.txt
--debug\nINFO: Server URL:
https://ipa.example.com:8443\nINFO: Loading
NSS password from /etc/pki/pki-tomcat/pfile\nINFO: NSS database:
/etc/pki/pki-tomcat/alias\nINFO: Message format: null\nINFO: Command:
pkcs12-cert-find --pkcs12 /tmp/tmp3plm5h3l --password-file
/tmp/tmpm1sa32dg/password.txt --debug\nINFO: Module: pkcs12\nINFO:
Module: cert\nINFO: Module: find\nINFO: Initializing NSS\nINFO: Logging
into internal token\nINFO: Using internal token\nINFO: -
auditSigningCert cert-pki-kra\nINFO: - caSigningCert cert-pki-ca\nINFO:
- storageCert cert-pki-kra\nINFO: - subsystemCert cert-pki-ca\nINFO: -
transportCert cert-pki-kra\nINFO: Importing CA certificates:\nINFO: -
caSigningCert cert-pki-ca\nDEBUG: Command: certutil -L -d
/etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile -n caSigningCert
cert-pki-ca -a\nWARNING: Certificate already exists: caSigningCert
cert-pki-ca\nINFO: Importing user certificates:\nINFO: -
auditSigningCert cert-pki-kra\nINFO: - storageCert cert-pki-kra\nINFO: -
subsystemCert cert-pki-ca\nINFO: - transportCert cert-pki-kra\nINFO:
Java command: /usr/lib/jvm/jre-openjdk/bin/java -cp /usr/share/pki/lib/*
-Djava.util.logging.config.file=/usr/share/pki/etc/logging.properties
com.netscape.cmstools.cli.MainCLI -d /etc/pki/pki-tomcat/alias -C
/etc/pki/pki-tomcat/pfile --debug pkcs12-import --pkcs12
/tmp/tmp3plm5h3l --password-file /tmp/tmpm1sa32dg/password.txt --debug
auditSigningCert cert-pki-kra storageCert cert-pki-kra subsystemCert
cert-pki-ca transportCert cert-pki-kra\nINFO: Server URL:
https://ipa.example.com:8443\nINFO: Loading NSS password from
/etc/pki/pki-tomcat/pfile\nINFO: NSS database:
/etc/pki/pki-tomcat/alias\nINFO: Message format: null\nINFO: Command:
pkcs12-import --pkcs12 /tmp/tmp3plm5h3l --password-file
/tmp/tmpm1sa32dg/password.txt --debug "auditSigningCert cert-pki-kra"
"storageCert cert-pki-kra" "subsystemCert cert-pki-ca"
"transportCert
cert-pki-kra"\nINFO: Module: pkcs12\nINFO: Module: import\nINFO:
Initializing NSS\nINFO: Logging into internal token\nINFO: Using
internal token\nDEBUG: Command: certutil -M -d /etc/pki/pki-tomcat/alias
-f /etc/pki/pki-tomcat/pfile -n auditSigningCert cert-pki-kra -t
u,u,Pu\nDEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias\nDEBUG:
Result of CA certificate export: \nINFO: Removing
/etc/pki/pki-tomcat/pfile\nDEBUG: Command: rm -f
/etc/pki/pki-tomcat/pfile\nINFO: Getting transport cert info from
CS.cfg\nINFO: Getting storage cert info from CS.cfg\nINFO: Getting
sslserver cert info from CS.cfg\nINFO: Getting subsystem cert info from
CS.cfg\nINFO: Getting audit_signing cert info from CS.cfg\nINFO: Storing
subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Storing
registry config: /var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO:
Creating /root/.dogtag/pki-tomcat/kra\nDEBUG: Command: mkdir -p
/root/.dogtag/pki-tomcat/kra\nDEBUG: Command: chmod 755
/root/.dogtag/pki-tomcat/kra\nDEBUG: Command: chown 0:0
/root/.dogtag/pki-tomcat/kra\nINFO: Creating password file:
/root/.dogtag/pki-tomcat/kra/password.conf\nINFO: Updating
/root/.dogtag/pki-tomcat/kra/password.conf\nDEBUG: Command: chmod 660
/root/.dogtag/pki-tomcat/kra/password.conf\nDEBUG: Command: chown 0:0
/root/.dogtag/pki-tomcat/kra/password.conf\nINFO: Storing PKCS #12
password in /root/.dogtag/pki-tomcat/kra/pkcs12_password.conf\nINFO:
Updating /root/.dogtag/pki-tomcat/kra/pkcs12_password.conf\nDEBUG:
Command: chmod 660
/root/.dogtag/pki-tomcat/kra/pkcs12_password.conf\nDEBUG: Command: chown
17:17 /root/.dogtag/pki-tomcat/kra/pkcs12_password.conf\nWARNING:
Directory already exists: /var/lib/ipa/tmp-6ae9ficu\nDEBUG: Command:
certutil -N -d /var/lib/ipa/tmp-6ae9ficu -f
/root/.dogtag/pki-tomcat/kra/password.conf\nINFO: Creating SELinux
contexts\nINFO: Generating system keys\nINFO: Loading instance:
pki-tomcat\nINFO: Loading global Tomcat config:
/etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config:
/usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config:
/etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config:
/etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config:
/var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem
registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading
subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Loading
subsystem registry: /var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO:
Loading instance registry:
/etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user:
pkiuser\nINFO: - group: pkiuser\nINFO: Configuring subsystem\nINFO:
Loading instance: pki-tomcat\nINFO: Loading global Tomcat config:
/etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config:
/usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config:
/etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config:
/etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config:
/var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem
registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading
subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Loading
subsystem registry: /var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO:
Loading instance registry:
/etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user:
pkiuser\nINFO: - group: pkiuser\nDEBUG: Setting ephemeral requests to
true\nINFO: Storing subsystem config:
/var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Storing registry config:
/var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO: Importing sslserver
cert data from CA\nINFO: Importing subsystem cert data from CA\nINFO:
Importing sslserver request data from CA\nINFO: Importing subsystem
request data from CA\nINFO: Joining existing domain\nINFO: Getting
install token\nINFO: Using CA at
https://ipa.example.com:443\nINFO:
Storing subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO:
Storing registry config:
/var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO: Reusing replicated
database\nINFO: Initializing database\nDEBUG: Command: sudo -u pkiuser
/usr/lib/jvm/jre-openjdk/bin/java -classpath
/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/kra/webapps/kra/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*
-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory
-Dcatalina.base=/var/lib/pki/pki-tomcat
-Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs=
-Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI
kra-db-init --setup-schema --setup-db-manager --setup-vlv-indexes
--debug\nINFO: Loading /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO:
Initializing database ipaca for o=kra,o=ipaca\nINFO: Creating
com.netscape.cmsutil.password.PlainPasswordFile\nFINE:
PlainPasswordFile: Initializing PlainPasswordFile\nFINE: LdapAuthInfo:
init()\nFINE: LdapAuthInfo: init begins\nFINE: LdapAuthInfo: init
ends\nFINE: TCP Keep-Alive: true\nFINE: LdapAuthInfo: init: prompt is
internaldb\nFINE: LdapAuthInfo: init: try getting from memory
cache\nFINE: LdapAuthInfo: init: password not in memory\nFINE:
LdapAuthInfo: getPasswordFromStore: try to get it from password
store\nFINE: LdapAuthInfo: getPasswordFromStore: about to get from
passwored store: internaldb\nFINE: LdapAuthInfo: getPasswordFromStore:
password store available\nFINE: LdapAuthInfo: getPasswordFromStore:
password found for prompt in password store\nFINE: LdapAuthInfo:
password ok: store in memory cache\nFINE: LdapBoundConnection:
Connecting to ipa.example.com:636 with basic auth as cn=Directory
Manager\nFINE: ldapconn/PKISocketFactory.makeSSLSocket: begins\nFINE:
PKIClientSocketListener.handshakeCompleted: begins\nFINE: Handshake
completed:\nFINE: - client: 10.1.1.7\nFINE: - server: 10.1.1.7\nFINE: -
subject: SYSTEM\nFINE: SignedAuditLogger: event
CLIENT_ACCESS_SESSION_ESTABLISH\nFINE:
PKIClientSocketListener.handshakeCompleted:
CS_CLIENT_ACCESS_SESSION_ESTABLISH_SUCCESS\nFINE:
PKIClientSocketListener.handshakeCompleted: clientIP=10.1.1.7
serverIP=10.1.1.7 serverPort=636\nFINE: SSL handshake happened\nINFO:
Configuring directory\nINFO: Importing
/usr/share/pki/server/conf/database.ldif\nINFO: Creating
/var/lib/pki/pki-tomcat/temp/pki-import-549427834453303422.ldif\nINFO:
Modifying cn=config\nINFO: - replacing nsslapd-maxbersize:
209715200\nINFO: Enabling USN\nINFO: Importing
/usr/share/pki/server/conf/usn.ldif\nINFO: Creating
/var/lib/pki/pki-tomcat/temp/pki-import-784255222034676900.ldif\nINFO:
Modifying cn=USN,cn=plugins,cn=config\nINFO: - replacing
nsslapd-pluginenabled: on\nINFO: Setting up PKI schema\nINFO: Importing
/usr/share/pki/server/conf/schema.ldif\nINFO: Adding attributetypes: (
usertype-oid NAME \'usertype\' DESC \'Distinguish whether the user is
administrator, agent or subsystem.\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( userstate-oid NAME \'userstate\' DESC \'Distinguish
whether the user is administrator, agent or subsystem.\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
objectclasses: ( cmsuser-oid NAME \'cmsuser\' DESC \'CMS User\' SUP top
STRUCTURAL MUST usertype MAY userstate X-ORIGIN \'user defined\'
)\nINFO: Adding attributetypes: ( archivedBy-oid NAME \'archivedBy\'
DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: (
adminMessages-oid NAME \'adminMessages\' DESC \'CMS defined attribute\'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO:
Adding attributetypes: ( algorithm-oid NAME \'algorithm\' DESC \'CMS
defined attribute\'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( algorithmId-oid NAME
\'algorithmId\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( signingAlgorithmId-oid NAME \'signingAlgorithmId\'
DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: (
autoRenew-oid NAME \'autoRenew\' DESC \'CMS defined attribute\'SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( certStatus-oid NAME \'certStatus\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( crlName-oid NAME \'crlName\'
DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( crlSize-oid
NAME \'crlSize\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( deltaSize-oid NAME \'deltaSize\' DESC \'CMS defined
attribute\'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( crlNumber-oid NAME
\'crlNumber\' DESC \'CMS defined attribute\'SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( deltaNumber-oid NAME \'deltaNumber\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( firstUnsaved-oid NAME
\'firstUnsaved\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( crlCache-oid NAME \'crlCache\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( revokedCerts-oid NAME
\'revokedCerts\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( unrevokedCerts-oid NAME \'unrevokedCerts\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( expiredCerts-oid NAME
\'expiredCerts\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( crlExtensions-oid NAME \'crlExtensions\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( dateOfArchival-oid NAME
\'dateOfArchival\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( dateOfRecovery-oid NAME \'dateOfRecovery\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( dateOfRevocation-oid NAME
\'dateOfRevocation\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( dateOfCreate-oid NAME \'dateOfCreate\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( dateOfModify-oid NAME
\'dateOfModify\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( duration-oid NAME \'duration\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( extension-oid NAME
\'extension\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( issuedBy-oid NAME \'issuedBy\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( issueInfo-oid NAME
\'issueInfo\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( issuerName-oid NAME \'issuerName\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( keySize-oid NAME \'keySize\'
DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( clientId-oid
NAME \'clientId\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( dataType-oid NAME \'dataType\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( status-oid NAME \'status\'
DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( keyState-oid
NAME \'keyState\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( metaInfo-oid NAME \'metaInfo\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( nextUpdate-oid NAME
\'nextUpdate\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( notAfter-oid NAME \'notAfter\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( notBefore-oid NAME
\'notBefore\' DESC \'CMS defined attribute\'SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( ownerName-oid NAME \'ownerName\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( password-oid NAME
\'password\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( p12Expiration-oid NAME \'p12Expiration\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( proofOfArchival-oid NAME
\'proofOfArchival\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( publicKeyData-oid NAME \'publicKeyData\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( publicKeyFormat-oid NAME
\'publicKeyFormat\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( privateKeyData-oid NAME \'privateKeyData\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( requestId-oid NAME
\'requestId\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( requestInfo-oid NAME \'requestInfo\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( requestState-oid NAME
\'requestState\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( requestResult-oid NAME \'requestResult\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( requestOwner-oid NAME
\'requestOwner\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( requestAgentGroup-oid NAME \'requestAgentGroup\' DESC
\'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN
\'user defined\' )\nINFO: Adding attributetypes: ( requestSourceId-oid
NAME \'requestSourceId\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( requestType-oid NAME \'requestType\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( requestFlag-oid NAME
\'requestFlag\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( requestError-oid NAME \'requestError\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( resourceACLS-oid NAME
\'resourceACLS\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( revInfo-oid NAME \'revInfo\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( revokedBy-oid NAME
\'revokedBy\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( revokedOn-oid NAME \'revokedOn\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( serialno-oid NAME
\'serialno\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( nextRange-oid NAME \'nextRange\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( publishingStatus-oid NAME
\'publishingStatus\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( beginRange-oid NAME \'beginRange\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( endRange-oid NAME
\'endRange\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( subjectName-oid NAME \'subjectName\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( sessionContext-oid NAME
\'sessionContext\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( thisUpdate-oid NAME \'thisUpdate\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( transId-oid NAME \'transId\'
DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: (
transStatus-oid NAME \'transStatus\' DESC \'CMS defined attribute\'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO:
Adding attributetypes: ( transName-oid NAME \'transName\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( transOps-oid NAME
\'transOps\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( userDN-oid NAME \'userDN\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( userMessages-oid NAME
\'userMessages\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( version-oid NAME \'version\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( Clone-oid NAME \'Clone\'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( DomainManager-oid NAME
\'DomainManager\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE
X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: (
SecurePort-oid NAME \'SecurePort\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: (
SecureAgentPort-oid NAME \'SecureAgentPort\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN \'user defined\'
)\nINFO: Adding attributetypes: ( SecureAdminPort-oid NAME
\'SecureAdminPort\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: (
SecureEEClientAuthPort-oid NAME \'SecureEEClientAuthPort\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN \'user defined\'
)\nINFO: Adding attributetypes: ( UnSecurePort-oid NAME
\'UnSecurePort\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: (
SubsystemName-oid NAME \'SubsystemName\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN \'user defined\'
)\nINFO: Adding attributetypes: ( cmsUserGroup-oid NAME \'cmsUserGroup\'
DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( realm-oid
NAME \'realm\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
objectclasses: ( CertACLS-oid NAME \'CertACLS\' DESC \'CMS defined
class\' SUP top STRUCTURAL MUST cn MAY resourceACLS X-ORIGIN \'user
defined\' )\nINFO: Adding objectclasses: ( repository-oid NAME
\'repository\' DESC \'CMS defined class\' SUP top STRUCTURAL MUST ou MAY
( serialno $ description $ nextRange $ publishingStatus ) X-ORIGIN
\'user defined\' )\nINFO: Adding objectclasses: ( request-oid NAME
\'request\' DESC \'CMS defined class\' SUP top STRUCTURAL MUST cn MAY (
requestId $ dateOfCreate $ dateOfModify $ requestState $ requestResult $
requestOwner $ requestAgentGroup $ requestSourceId $ requestType $
requestFlag $ requestError $ userMessages $ adminMessages $ realm )
X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: (
transaction-oid NAME \'transaction\' DESC \'CMS defined class\' SUP top
STRUCTURAL MUST cn MAY ( transId $ description $ transName $ transStatus
$ transOps ) X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: (
crlIssuingPointRecord-oid NAME \'crlIssuingPointRecord\' DESC \'CMS
defined class\' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $
dateOfModify $ crlNumber $ crlSize $ thisUpdate $ nextUpdate $
deltaNumber $ deltaSize $ firstUnsaved $ certificateRevocationList $
deltaRevocationList $ crlCache $ revokedCerts $ unrevokedCerts $
expiredCerts $ cACertificate ) X-ORIGIN \'user defined\' )\nINFO: Adding
objectclasses: ( certificateRecord-oid NAME \'certificateRecord\' DESC
\'CMS defined class\' SUP top STRUCTURAL MUST cn MAY ( serialno $
dateOfCreate $ dateOfModify $ certStatus $ autoRenew $ issueInfo $
metaInfo $ revInfo $ version $ duration $ notAfter $ notBefore $
algorithmId $ subjectName $ signingAlgorithmId $ userCertificate $
issuedBy $ revokedBy $ revokedOn $ extension $ publicKeyData $
issuerName ) X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: (
userDetails-oid NAME \'userDetails\' DESC \'CMS defined class\' SUP top
STRUCTURAL MUST userDN MAY ( dateOfCreate $ dateOfModify $ password $
p12Expiration ) X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses:
( keyRecord-oid NAME \'keyRecord\' DESC \'CMS defined class\' SUP top
STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $
keyState $ privateKeyData $ ownerName $ keySize $ metaInfo $
dateOfArchival $ dateOfRecovery $ algorithm $ publicKeyFormat $
publicKeyData $ archivedBy $ clientId $ dataType $ status $ realm )
X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: (
pkiSecurityDomain-oid NAME \'pkiSecurityDomain\' DESC \'CMS defined
class\' SUP top STRUCTURAL MUST ( ou $ name ) X-ORIGIN \'user defined\'
)\nINFO: Adding objectclasses: ( pkiSecurityGroup-oid NAME
\'pkiSecurityGroup\' DESC \'CMS defined class\' SUP top STRUCTURAL MUST
cn X-ORIGIN \'user defined\' )\nINFO: Adding objectclasses: (
pkiSubsystem-oid NAME \'pkiSubsystem\' DESC \'CMS defined class\' SUP
top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone )
MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort
$SecureEEClientAuthPort $ UnSecurePort ) X-ORIGIN \'user defined\'
)\nINFO: Adding objectclasses: ( pkiRange-oid NAME \'pkiRange\' DESC
\'CMS defined class\' SUP top STRUCTURAL MUST ( cn $ beginRange $
endRange $ Host $ SecurePort ) X-ORIGIN \'user defined\' )\nINFO: Adding
objectclasses: ( securityDomainSessionEntry-oid NAME
\'securityDomainSessionEntry\' DESC \'CMS defined class\' SUP top
STRUCTURAL MUST ( cn $ host $ uid $ cmsUserGroup $ dateOfCreate )
X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: (
dateOfCreate-oid NAME \'dateOfCreate\' DESC \'CMS defined attribute\'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO:
Adding attributetypes: ( dateOfModify-oid NAME \'dateOfModify\' DESC
\'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN
\'user defined\' )\nINFO: Adding attributetypes: ( modified-oid NAME
\'modified\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( tokenUserID-oid NAME \'tokenUserID\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( tokenStatus-oid NAME
\'tokenStatus\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( tokenAppletID-oid NAME \'tokenAppletID\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( keyInfo-oid NAME \'keyInfo\'
DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: (
numberOfResets-oid NAME \'numberOfResets\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( numberOfEnrollments-oid NAME
\'numberOfEnrollments\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( numberOfRenewals-oid NAME \'numberOfRenewals\' DESC
\'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN
\'user defined\' )\nINFO: Adding attributetypes: (
numberOfRecoveries-oid NAME \'numberOfRecoveries\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( allowPinReset-oid NAME
\'allowPinReset\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( extensions-oid NAME \'extensions\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( tokenOp-oid NAME \'tokenOp\'
DESC \'CMS defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: ( tokenID-oid
NAME \'tokenID\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( tokenMsg-oid NAME \'tokenMsg\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( tokenResult-oid NAME
\'tokenResult\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( tokenIP-oid NAME \'tokenIP\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( tokenPolicy-oid NAME
\'tokenPolicy\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( tokenIssuer-oid NAME \'tokenIssuer\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( tokenSubject-oid NAME
\'tokenSubject\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( tokenSerial-oid NAME \'tokenSerial\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( tokenOrigin-oid NAME
\'tokenOrigin\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( tokenType-oid NAME \'tokenType\' DESC \'CMS defined
attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( tokenKeyType-oid NAME
\'tokenKeyType\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( tokenReason-oid NAME \'tokenReason\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( tokenNotBefore-oid NAME
\'tokenNotBefore\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
attributetypes: ( tokenNotAfter-oid NAME \'tokenNotAfter\' DESC \'CMS
defined attribute\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( profileID-oid NAME
\'profileID\' DESC \'CMS defined attribute\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
objectclasses: ( tokenRecord-oid NAME \'tokenRecord\' DESC \'CMS defined
class\' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $
modified $ tokenReason $ tokenUserID $ tokenStatus $ tokenAppletID $
keyInfo $ tokenPolicy $ extensions $ numberOfResets $
numberOfEnrollments $ numberOfRenewals $ numberOfRecoveries $
userCertificate $ tokenType ) X-ORIGIN \'user defined\' )\nINFO: Adding
objectclasses: ( tokenActivity-oid NAME \'tokenActivity\' DESC \'CMS
defined class\' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $
dateOfModify $ tokenOp $ tokenIP $ tokenResult $ tokenID $ tokenUserID $
tokenMsg $ extensions $ tokenType ) X-ORIGIN \'user defined\' )\nINFO:
Adding objectclasses: ( tokenCert-oid NAME \'tokenCert\' DESC \'CMS
defined class\' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $
dateOfModify $ userCertificate $ tokenUserID $ tokenID $ tokenIssuer $
tokenOrigin $ tokenSubject $ tokenSerial $ tokenStatus $ tokenType $
tokenKeyType $ tokenNotBefore $ tokenNotAfter $ extensions ) X-ORIGIN
\'user defined\' )\nINFO: Adding objectclasses: ( tpsProfileID-oid NAME
\'tpsProfileID\' DESC \'CMS defined class\' SUP top AUXILIARY MAY (
profileID ) X-ORIGIN \'user-defined\' )\nINFO: Adding attributetypes: (
classId-oid NAME \'classId\' DESC \'Certificate profile class ID\'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO:
Adding attributetypes: ( certProfileConfig-oid NAME
\'certProfileConfig\' DESC \'Certificate profile configuration\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN \'user defined\' )\nINFO: Adding
objectclasses: ( certProfile-oid NAME \'certProfile\' DESC \'Certificate
profile\' SUP top STRUCTURAL MUST cn MAY ( classId $ certProfileConfig )
X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: (
authorityID-oid NAME \'authorityID\' DESC \'Authority ID\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN \'user defined\'
)\nINFO: Adding attributetypes: ( authorityKeyNickname-oid NAME
\'authorityKeyNickname\' DESC \'Authority key nickname\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN \'user-defined\'
)\nINFO: Adding attributetypes: ( authorityParentID-oid NAME
\'authorityParentID\' DESC \'Authority Parent ID\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN \'user defined\'
)\nINFO: Adding attributetypes: ( authorityEnabled-oid NAME
\'authorityEnabled\' DESC \'Authority Enabled\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN \'user defined\'
)\nINFO: Adding attributetypes: ( authorityDN-oid NAME \'authorityDN\'
DESC \'Authority DN\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE
X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: (
authoritySerial-oid NAME \'authoritySerial\' DESC \'Authority
certificate serial number\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE X-ORIGIN \'user defined\' )\nINFO: Adding attributetypes: (
authorityParentDN-oid NAME \'authorityParentDN\' DESC \'Authority Parent
DN\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN \'user
defined\' )\nINFO: Adding attributetypes: ( authorityKeyHost-oid NAME
\'authorityKeyHost\' DESC \'Authority Key Hosts\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN \'user defined\' )\nINFO: Adding
objectclasses: ( authority-oid NAME \'authority\' DESC \'Certificate
Authority\' SUP top STRUCTURAL MUST ( cn $ authorityID $
authorityKeyNickname $ authorityEnabled $ authorityDN ) MAY (
authoritySerial $ authorityParentID $ authorityParentDN $
authorityKeyHost $ description ) X-ORIGIN \'user defined\' )\nINFO:
Setting up ACME schema\nINFO: Importing
/usr/share/pki/acme/database/ldap/schema.ldif\nINFO: Adding
attributetypes: ( acmeExpires-oid NAME \'acmeExpires\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.24 EQUALITY generalizedTimeMatch ORDERING
generalizedTimeOrderingMatch SINGLE-VALUE )\nINFO: Adding
attributetypes: ( acmeValidatedAt-oid NAME \'acmeValidatedAt\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.24 EQUALITY generalizedTimeMatch ORDERING
generalizedTimeOrderingMatch SINGLE-VALUE )\nINFO: Adding
attributetypes: ( acmeStatus-oid NAME \'acmeStatus\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseIgnoreMatch SINGLE-VALUE
)\nINFO: Adding attributetypes: ( acmeError-oid NAME \'acmeError\'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )\nINFO: Adding
attributetypes: ( acmeNonceId-oid NAME \'acmeNonceId\' SUP name
SINGLE-VALUE )\nINFO: Adding attributetypes: ( acmeAccountId-oid NAME
\'acmeAccountId\' SUP name SINGLE-VALUE )\nINFO: Adding attributetypes:
( acmeAccountContact-oid NAME \'acmeAccountContact\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch )\nINFO: Adding attributetypes: (
acmeAccountKey-oid NAME \'acmeAccountKey\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )\nINFO: Adding
attributetypes: ( acmeOrderId-oid NAME \'acmeOrderId\' SUP name
SINGLE-VALUE )\nINFO: Adding attributetypes: ( acmeIdentifier-oid NAME
\'acmeIdentifier\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY
caseIgnoreMatch )\nINFO: Adding attributetypes: (
acmeAuthorizationId-oid NAME \'acmeAuthorizationId\' SUP name )\nINFO:
Adding attributetypes: ( acmeAuthorizationWildcard-oid NAME
\'acmeAuthorizationWildcard\' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
EQUALITY booleanMatch SINGLE-VALUE )\nINFO: Adding attributetypes: (
acmeChallengeId-oid NAME \'acmeChallengeId\' SUP name SINGLE-VALUE
)\nINFO: Adding attributetypes: ( acmeToken-oid NAME \'acmeToken\'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )\nINFO: Adding attributetypes: (
acmeCertificateId-oid NAME \'acmeCertificateId\' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseExactMatch SINGLE-VALUE
)\nINFO: Adding objectclasses: ( acmeNonce-oid NAME \'acmeNonce\'
STRUCTURAL MUST ( acmeNonceId $ acmeExpires ) )\nINFO: Adding
objectclasses: ( acmeAccount-oid NAME \'acmeAccount\' STRUCTURAL MUST (
acmeAccountId $ acmeAccountKey $ acmeStatus ) MAY acmeAccountContact
)\nINFO: Adding objectclasses: ( acmeOrder-oid NAME \'acmeOrder\'
STRUCTURAL MUST ( acmeOrderId $ acmeAccountId $ acmeStatus $
acmeIdentifier $ acmeAuthorizationId ) MAY ( acmeError $
acmeCertificateId $ acmeExpires ) )\nINFO: Adding objectclasses: (
acmeAuthorization-oid NAME \'acmeAuthorization\' STRUCTURAL MUST (
acmeAuthorizationId $ acmeAccountId $ acmeIdentifier $
acmeAuthorizationWildcard $ acmeStatus ) MAY acmeExpires )\nINFO: Adding
objectclasses: ( acmeChallenge-oid NAME \'acmeChallenge\' ABSTRACT MUST
( acmeChallengeId $ acmeAccountId $ acmeAuthorizationId $ acmeStatus )
MAY ( acmeValidatedAt $ acmeError ) )\nINFO: Adding objectclasses: (
acmeChallengeDns01-oid NAME \'acmeChallengeDns01\' SUP acmeChallenge
STRUCTURAL MUST acmeToken )\nINFO: Adding objectclasses: (
acmeChallengeHttp01-oid NAME \'acmeChallengeHttp01\' SUP acmeChallenge
STRUCTURAL MUST acmeToken )\nINFO: Adding objectclasses: (
acmeCertificate-oid NAME \'acmeCertificate\' STRUCTURAL MUST (
acmeCertificateId $ userCertificate ) MAY acmeExpires )\nINFO: Creating
indexes\nINFO: Importing /usr/share/pki/kra/conf/index.ldif\nINFO:
Creating
/var/lib/pki/pki-tomcat/temp/pki-import-25296192129415365.ldif\nINFO:
Adding cn=revokedby,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config\nWARNING: Unable to add cn=revokedby,cn=index,cn=ipaca,cn=ldbm
database, cn=plugins, cn=config: netscape.ldap.LDAPException: error
result (68); Already exists\nINFO: Adding
cn=issuedby,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config\nWARNING: Unable to add cn=issuedby,cn=index,cn=ipaca,cn=ldbm
database, cn=plugins, cn=config: netscape.ldap.LDAPException: error
result (68); Already exists\nINFO: Adding
cn=publicKeyData,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config\nWARNING: Unable to add
cn=publicKeyData,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config: netscape.ldap.LDAPException: error result (68); Already
exists\nINFO: Adding cn=clientId,cn=index,cn=ipaca,cn=ldbm database,
cn=plugins, cn=config\nWARNING: Unable to add
cn=clientId,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config:
netscape.ldap.LDAPException: error result (68); Already exists\nINFO:
Adding cn=dataType,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config\nWARNING: Unable to add cn=dataType,cn=index,cn=ipaca,cn=ldbm
database, cn=plugins, cn=config: netscape.ldap.LDAPException: error
result (68); Already exists\nINFO: Adding
cn=status,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config\nWARNING: Unable to add cn=status,cn=index,cn=ipaca,cn=ldbm
database, cn=plugins, cn=config: netscape.ldap.LDAPException: error
result (68); Already exists\nINFO: Adding
cn=description,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config\nWARNING: Unable to add
cn=description,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config: netscape.ldap.LDAPException: error result (68); Already
exists\nINFO: Adding cn=serialno,cn=index,cn=ipaca,cn=ldbm database,
cn=plugins, cn=config\nWARNING: Unable to add
cn=serialno,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config:
netscape.ldap.LDAPException: error result (68); Already exists\nINFO:
Adding cn=metaInfo,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config\nWARNING: Unable to add cn=metaInfo,cn=index,cn=ipaca,cn=ldbm
database, cn=plugins, cn=config: netscape.ldap.LDAPException: error
result (68); Already exists\nINFO: Adding
cn=certstatus,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config\nWARNING: Unable to add
cn=certstatus,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config:
netscape.ldap.LDAPException: error result (68); Already exists\nINFO:
Adding cn=requestid,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config\nWARNING: Unable to add cn=requestid,cn=index,cn=ipaca,cn=ldbm
database, cn=plugins, cn=config: netscape.ldap.LDAPException: error
result (68); Already exists\nINFO: Adding
cn=requesttype,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config\nWARNING: Unable to add
cn=requesttype,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config: netscape.ldap.LDAPException: error result (68); Already
exists\nINFO: Adding cn=requeststate,cn=index,cn=ipaca,cn=ldbm database,
cn=plugins, cn=config\nWARNING: Unable to add
cn=requeststate,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config: netscape.ldap.LDAPException: error result (68); Already
exists\nINFO: Adding cn=requestowner,cn=index,cn=ipaca,cn=ldbm database,
cn=plugins, cn=config\nWARNING: Unable to add
cn=requestowner,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config: netscape.ldap.LDAPException: error result (68); Already
exists\nINFO: Adding cn=notbefore,cn=index,cn=ipaca,cn=ldbm database,
cn=plugins, cn=config\nWARNING: Unable to add
cn=notbefore,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config:
netscape.ldap.LDAPException: error result (68); Already exists\nINFO:
Adding cn=notafter,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config\nWARNING: Unable to add cn=notafter,cn=index,cn=ipaca,cn=ldbm
database, cn=plugins, cn=config: netscape.ldap.LDAPException: error
result (68); Already exists\nINFO: Adding
cn=duration,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config\nWARNING: Unable to add cn=duration,cn=index,cn=ipaca,cn=ldbm
database, cn=plugins, cn=config: netscape.ldap.LDAPException: error
result (68); Already exists\nINFO: Adding
cn=dateOfCreate,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config\nWARNING: Unable to add
cn=dateOfCreate,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config: netscape.ldap.LDAPException: error result (68); Already
exists\nINFO: Adding cn=revokedOn,cn=index,cn=ipaca,cn=ldbm database,
cn=plugins, cn=config\nWARNING: Unable to add
cn=revokedOn,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config:
netscape.ldap.LDAPException: error result (68); Already exists\nINFO:
Adding cn=archivedBy,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config\nWARNING: Unable to add
cn=archivedBy,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config:
netscape.ldap.LDAPException: error result (68); Already exists\nINFO:
Adding cn=ownername,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config\nWARNING: Unable to add cn=ownername,cn=index,cn=ipaca,cn=ldbm
database, cn=plugins, cn=config: netscape.ldap.LDAPException: error
result (68); Already exists\nINFO: Adding
cn=subjectname,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config\nWARNING: Unable to add
cn=subjectname,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config: netscape.ldap.LDAPException: error result (68); Already
exists\nINFO: Adding cn=requestsourceid,cn=index,cn=ipaca,cn=ldbm
database, cn=plugins, cn=config\nWARNING: Unable to add
cn=requestsourceid,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config: netscape.ldap.LDAPException: error result (68); Already
exists\nINFO: Adding cn=revInfo,cn=index,cn=ipaca,cn=ldbm database,
cn=plugins, cn=config\nWARNING: Unable to add
cn=revInfo,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config:
netscape.ldap.LDAPException: error result (68); Already exists\nINFO:
Adding cn=extension,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config\nWARNING: Unable to add cn=extension,cn=index,cn=ipaca,cn=ldbm
database, cn=plugins, cn=config: netscape.ldap.LDAPException: error
result (68); Already exists\nINFO: Adding
cn=realm,cn=index,cn=ipaca,cn=ldbm database, cn=plugins,
cn=config\nINFO: Setting up database manager\nINFO: Importing
/usr/share/pki/server/conf/manager.ldif\nINFO: Creating
/var/lib/pki/pki-tomcat/temp/pki-import-3984013368624234966.ldif\nINFO:
Adding ou=csusers,cn=config\nWARNING: Unable to add
ou=csusers,cn=config: netscape.ldap.LDAPException: error result (68);
Already exists\nINFO: Modifying o=kra,o=ipaca\nINFO: - adding aci:
(targetattr = "*")(version 3.0; acl "cert manager access v2"; allow
(all) userdn =
"ldap:///uid=pkidbuser,ou=people,o=kra,o=ipaca";)\nWARNING: Unable to
modify o=kra,o=ipaca: netscape.ldap.LDAPException: error result (20);
Type or value exists\nINFO: Modifying cn=ldbm
database,cn=plugins,cn=config\nINFO: - adding aci: (targetattr =
"*")(version 3.0; acl "Cert Manager access for VLV searches"; allow
(read) userdn="ldap:///uid=pkidbuser,ou=people,o=kra,o=ipaca";)\nINFO:
Modifying cn=config\nINFO: - adding aci: (targetattr != "aci")(version
3.0; aci "cert manager read access"; allow (read, search, compare)
userdn = "ldap:///uid=pkidbuser,ou=people,o=kra,o=ipaca";)\nINFO:
Modifying ou=csusers,cn=config\nINFO: - adding aci: (targetattr !=
"aci")(version 3.0; aci "cert manager manage replication users";
allow
(all) userdn = "ldap:///uid=pkidbuser,ou=people,o=kra,o=ipaca";)\nINFO:
Modifying cn="o=kra,o=ipaca",cn=mapping tree,cn=config\nINFO: - adding
aci: (targetattr = "*")(version 3.0;acl "cert manager: Add Replication
Agreements";allow (add) userdn =
"ldap:///uid=pkidbuser,ou=people,o=kra,o=ipaca";)\nWARNING: Unable to
modify cn="o=kra,o=ipaca",cn=mapping tree,cn=config:
netscape.ldap.LDAPException: error result (32); No such object\nINFO:
Modifying cn="o=kra,o=ipaca",cn=mapping tree,cn=config\nINFO: - adding
aci: (targetattr =
"*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version
3.0; acl "cert manager: Modify Replication Agreements"; allow (read,
write, search) userdn =
"ldap:///uid=pkidbuser,ou=people,o=kra,o=ipaca";)\nWARNING: Unable to
modify cn="o=kra,o=ipaca",cn=mapping tree,cn=config:
netscape.ldap.LDAPException: error result (32); No such object\nINFO:
Modifying cn="o=kra,o=ipaca",cn=mapping tree,cn=config\nINFO: - adding
aci: (targetattr =
"*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version
3.0;acl "cert manager: Remove Replication Agreements";allow (delete)
userdn = "ldap:///uid=pkidbuser,ou=people,o=kra,o=ipaca";)\nWARNING:
Unable to modify cn="o=kra,o=ipaca",cn=mapping tree,cn=config:
netscape.ldap.LDAPException: error result (32); No such object\nINFO:
Modifying cn=tasks,cn=config\nINFO: - adding aci: (targetattr =
"*")(version 3.0; acl "cert manager: Run tasks after replica
re-initialization"; allow (add) userdn =
"ldap:///uid=pkidbuser,ou=people,o=kra,o=ipaca";)\nINFO: Creating VLV
indexes\nINFO: Importing /usr/share/pki/kra/conf/vlv.ldif\nINFO:
Creating
/var/lib/pki/pki-tomcat/temp/pki-import-1261970238527115258.ldif\nINFO:
Adding cn=allKeys-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins,
cn=config\nINFO: Adding cn=kraAll-pki-tomcat, cn=ipaca, cn=ldbm
database, cn=plugins, cn=config\nINFO: Adding cn=kraArchival-pki-tomcat,
cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding
cn=kraRecovery-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins,
cn=config\nINFO: Adding cn=kraCanceled-pki-tomcat, cn=ipaca, cn=ldbm
database, cn=plugins, cn=config\nINFO: Adding
cn=kraCanceledEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database,
cn=plugins, cn=config\nINFO: Adding cn=kraCanceledRecovery-pki-tomcat,
cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding
cn=kraRejected-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins,
cn=config\nINFO: Adding cn=kraRejectedEnrollment-pki-tomcat, cn=ipaca,
cn=ldbm database, cn=plugins, cn=config\nINFO: Adding
cn=kraRejectedRecovery-pki-tomcat, cn=ipaca, cn=ldbm database,
cn=plugins, cn=config\nINFO: Adding cn=kraComplete-pki-tomcat, cn=ipaca,
cn=ldbm database, cn=plugins, cn=config\nINFO: Adding
cn=kraCompleteEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database,
cn=plugins, cn=config\nINFO: Adding cn=kraCompleteRecovery-pki-tomcat,
cn=ipaca, cn=ldbm database, cn=plugins, cn=config\nINFO: Adding
cn=allKeys-pki-tomcatIndex, cn=allKeys-pki-tomcat, cn=ipaca, cn=ldbm
database, cn=plugins, cn=config\nINFO: Adding cn=kraAll-pki-tomcatIndex,
cn=kraAll-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins,
cn=config\nINFO: Adding cn=kraArchival-pki-tomcatIndex,
cn=kraArchival-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins,
cn=config\nINFO: Adding cn=kraRecovery-pki-tomcatIndex,
cn=kraRecovery-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins,
cn=config\nINFO: Adding cn=kraCanceled-pki-tomcatIndex,
cn=kraCanceled-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins,
cn=config\nINFO: Adding cn=kraCanceledEnrollment-pki-tomcatIndex,
cn=kraCanceledEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database,
cn=plugins, cn=config\nINFO: Adding
cn=kraCanceledRecovery-pki-tomcatIndex,
cn=kraCanceledRecovery-pki-tomcat, cn=ipaca, cn=ldbm database,
cn=plugins, cn=config\nINFO: Adding cn=kraRejected-pki-tomcatIndex,
cn=kraRejected-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins,
cn=config\nINFO: Adding cn=kraRejectedEnrollment-pki-tomcatIndex,
cn=kraRejectedEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database,
cn=plugins, cn=config\nINFO: Adding
cn=kraRejectedRecovery-pki-tomcatIndex,
cn=kraRejectedRecovery-pki-tomcat, cn=ipaca, cn=ldbm database,
cn=plugins, cn=config\nINFO: Adding cn=kraComplete-pki-tomcatIndex,
cn=kraComplete-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins,
cn=config\nINFO: Adding cn=kraCompleteEnrollment-pki-tomcatIndex,
cn=kraCompleteEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database,
cn=plugins, cn=config\nINFO: Adding
cn=kraCompleteRecovery-pki-tomcatIndex,
cn=kraCompleteRecovery-pki-tomcat, cn=ipaca, cn=ldbm database,
cn=plugins, cn=config\nINFO: Rebuilding VLV indexes\nINFO: Creating
/var/lib/pki/pki-tomcat/temp/pki-kra-reindex-8248341685647863582.ldif\nINFO:
Adding cn=index1160527115, cn=index, cn=tasks, cn=config\nINFO: Waiting
for task cn=index1160527115, cn=index, cn=tasks, cn=config (1s)\nINFO:
Getting cn=index1160527115, cn=index, cn=tasks, cn=config\nINFO: Task
cn=index1160527115, cn=index, cn=tasks, cn=config complete\nFINE:
PKIClientSocketListener.alertReceived: begins\nFINE: SSL alert
received:\nFINE: - reason: CLOSE_NOTIFY\nFINE: - client: 10.1.1.7\nFINE:
- server: 10.1.1.7\nFINE: - subject: SYSTEM\nFINE: SignedAuditLogger:
event CLIENT_ACCESS_SESSION_TERMINATED\nFINE:
PKIClientSocketListener.alertReceived:
CS_CLIENT_ACCESS_SESSION_TERMINATED\nFINE:
PKIClientSocketListener.alertReceived: clientIP=10.1.1.7
serverIP=10.1.1.7 serverPort=636 reason=CLOSE_NOTIFY\nFINE:
PKIClientSocketListener.alertSent: begins\nFINE:
PKIClientSocketListener.alertSent: got description:0\nFINE:
PKIClientSocketListener.alertSent: got reason:CLOSE_NOTIFY\nFINE:
PKIClientSocketListener.alertSent:
CS_CLIENT_ACCESS_SESSION_TERMINATED\nFINE:
PKIClientSocketListener.alertSent: clientIP=10.1.1.7 serverIP=10.1.1.7
serverPort=636 reason=CLOSE_NOTIFY\nFINE: SSL alert sent:\nFINE: -
reason: CLOSE_NOTIFY\nFINE: - client: 10.1.1.7\nFINE: - server:
10.1.1.7\nFINE: - subject: SYSTEM\nFINE: SignedAuditLogger: event
CLIENT_ACCESS_SESSION_TERMINATED\nFINE:
PKIClientSocketListener.alertSent:
CS_CLIENT_ACCESS_SESSION_ESTABLISH_FAILURE\nFINE:
PKIClientSocketListener.alertSent: clientIP=10.1.1.7 serverIP=10.1.1.7
serverPort=636 reason=CLOSE_NOTIFY\nINFO: Updating ranges for KRA
clone\nINFO: Updating request ID range\nDEBUG: Command: pki -d
/etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/password.conf -U
https://ipa2.example.com:443 kra-range-request request --session
7645071616159216931 --output-format json --debug\nINFO: Connecting to
https://ipa2.example.com:443\nINFO: HTTP request: GET /pki/rest/info
HTTP/1.1\nINFO: Accept: application/xml\nINFO: Host:
ipa2.example.com:443\nINFO: Connection: Keep-Alive\nINFO:
User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_272)\nINFO: Server
certificate: CN=ipa2.example.com,O=example.com\nINFO: HTTP response:
HTTP/1.1 404 Not Found\nINFO: Date: Sun, 29 Nov 2020 07:38:24
GMT\nINFO: Server: Apache/2.4.43 (Fedora) OpenSSL/1.1.1g
mod_wsgi/4.6.6 Python/3.7 mod_auth_gssapi/1.6.1\nINFO: Content-Length:
196\nINFO: Keep-Alive: timeout=30, max=100\nINFO: Connection:
Keep-Alive\nINFO: Content-Type: text/html;
charset=iso-8859-1\nWARNING: Unable to get server info: Not Found\nINFO:
Requesting request range\nINFO: HTTP request: POST
/kra/admin/kra/updateNumberRange HTTP/1.1\nINFO: Content-Type:
application/x-www-form-urlencoded\nINFO: Content-Length: 57\nINFO:
Host: ipa2.example.com:443\nINFO: Connection: Keep-Alive\nINFO:
User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_272)\nINFO: HTTP
response: HTTP/1.1 200 200\nINFO: Date: Sun, 29 Nov 2020 07:38:25
GMT\nINFO: Server: Apache/2.4.43 (Fedora) OpenSSL/1.1.1g
mod_wsgi/4.6.6 Python/3.7 mod_auth_gssapi/1.6.1\nINFO: Content-Type:
application/xml\nINFO: Content-Length: 165\nINFO: Keep-Alive:
timeout=30, max=99\nINFO: Connection: Keep-Alive\nFINE: Response:
<?xml version="1.0" encoding="UTF-8"
standalone="no"?><XMLResponse><Status>0</Status><beginNumber>99980001</beginNumber><endNumber>99990000</endNumber></XMLResponse>\nFINE:
Status: 0\nINFO: Begin: 99980001\nINFO: End: 99990000\nINFO: Updating
serial number range\nDEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -f
/etc/pki/pki-tomcat/password.conf -U
https://ipa2.example.com:443
kra-range-request serialNo --session 7645071616159216931 --output-format
json --debug\nINFO: Connecting to
https://ipa2.example.com:443\nINFO:
HTTP request: GET /pki/rest/info HTTP/1.1\nINFO: Accept:
application/xml\nINFO: Host: ipa2.example.com:443\nINFO: Connection:
Keep-Alive\nINFO: User-Agent: Apache-HttpClient/4.5.5
(Java/1.8.0_272)\nINFO: Server certificate:
CN=ipa2.example.com,O=example.com\nINFO: HTTP response: HTTP/1.1 404 Not
Found\nINFO: Date: Sun, 29 Nov 2020 07:38:28 GMT\nINFO: Server:
Apache/2.4.43 (Fedora) OpenSSL/1.1.1g mod_wsgi/4.6.6 Python/3.7
mod_auth_gssapi/1.6.1\nINFO: Content-Length: 196\nINFO: Keep-Alive:
timeout=30, max=100\nINFO: Connection: Keep-Alive\nINFO:
Content-Type: text/html; charset=iso-8859-1\nWARNING: Unable to get
server info: Not Found\nINFO: Requesting serialNo range\nINFO: HTTP
request: POST /kra/admin/kra/updateNumberRange HTTP/1.1\nINFO:
Content-Type: application/x-www-form-urlencoded\nINFO: Content-Length:
58\nINFO: Host: ipa2.example.com:443\nINFO: Connection:
Keep-Alive\nINFO: User-Agent: Apache-HttpClient/4.5.5
(Java/1.8.0_272)\nINFO: HTTP response: HTTP/1.1 200 200\nINFO: Date:
Sun, 29 Nov 2020 07:38:29 GMT\nINFO: Server: Apache/2.4.43 (Fedora)
OpenSSL/1.1.1g mod_wsgi/4.6.6 Python/3.7 mod_auth_gssapi/1.6.1\nINFO:
Content-Type: application/xml\nINFO: Content-Length: 167\nINFO:
Keep-Alive: timeout=30, max=99\nINFO: Connection: Keep-Alive\nFINE:
Response: <?xml version="1.0" encoding="UTF-8"
standalone="no"?><XMLResponse><Status>0</Status><beginNumber>11ffe0001</beginNumber><endNumber>11fff0000</endNumber></XMLResponse>\nFINE:
Status: 0\nINFO: Begin: 11ffe0001\nINFO: End: 11fff0000\nINFO: Updating
replica ID range\nDEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -f
/etc/pki/pki-tomcat/password.conf -U
https://ipa2.example.com:443
kra-range-request replicaId --session 7645071616159216931
--output-format json --debug\nINFO: Connecting to
https://ipa2.example.com:443\nINFO: HTTP request: GET /pki/rest/info
HTTP/1.1\nINFO: Accept: application/xml\nINFO: Host:
ipa2.example.com:443\nINFO: Connection: Keep-Alive\nINFO:
User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_272)\nINFO: Server
certificate: CN=ipa2.example.com,O=example.com\nINFO: HTTP response:
HTTP/1.1 404 Not Found\nINFO: Date: Sun, 29 Nov 2020 07:38:32
GMT\nINFO: Server: Apache/2.4.43 (Fedora) OpenSSL/1.1.1g
mod_wsgi/4.6.6 Python/3.7 mod_auth_gssapi/1.6.1\nINFO: Content-Length:
196\nINFO: Keep-Alive: timeout=30, max=100\nINFO: Connection:
Keep-Alive\nINFO: Content-Type: text/html;
charset=iso-8859-1\nWARNING: Unable to get server info: Not Found\nINFO:
Requesting replicaId range\nINFO: HTTP request: POST
/kra/admin/kra/updateNumberRange HTTP/1.1\nINFO: Content-Type:
application/x-www-form-urlencoded\nINFO: Content-Length: 59\nINFO:
Host: ipa2.example.com:443\nINFO: Connection: Keep-Alive\nINFO:
User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_272)\nINFO: HTTP
response: HTTP/1.1 200 200\nINFO: Date: Sun, 29 Nov 2020 07:38:32
GMT\nINFO: Server: Apache/2.4.43 (Fedora) OpenSSL/1.1.1g
mod_wsgi/4.6.6 Python/3.7 mod_auth_gssapi/1.6.1\nINFO: Content-Type:
application/xml\nINFO: Content-Length: 157\nINFO: Keep-Alive:
timeout=30, max=99\nINFO: Connection: Keep-Alive\nFINE: Response:
<?xml version="1.0" encoding="UTF-8"
standalone="no"?><XMLResponse><Status>0</Status><beginNumber>1285</beginNumber><endNumber>1289</endNumber></XMLResponse>\nFINE:
Status: 0\nINFO: Begin: 1285\nINFO: End: 1289\nINFO: Storing subsystem
config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Storing registry
config: /var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO: Updating
configuration for KRA clone\nINFO: Updating configuration\nDEBUG:
Command: pki -d /etc/pki/pki-tomcat/alias -f
/etc/pki/pki-tomcat/password.conf -U
https://ipa2.example.com:443
kra-config-export --names
internaldb.ldapauth.password,internaldb.replication.password,cloning.ca.type
--substores
internaldb,internaldb.ldapauth,internaldb.ldapconn,kra.transport,kra.storage,kra.subsystem,kra.audit_signing
--session 7645071616159216931 --output-format json --debug\nINFO:
Connecting to
https://ipa2.example.com:443\nINFO: HTTP request: GET
/pki/rest/info HTTP/1.1\nINFO: Accept: application/xml\nINFO: Host:
ipa2.example.com:443\nINFO: Connection: Keep-Alive\nINFO:
User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_272)\nINFO: Server
certificate: CN=ipa2.example.com,O=example.com\nINFO: HTTP response:
HTTP/1.1 404 Not Found\nINFO: Date: Sun, 29 Nov 2020 07:38:36
GMT\nINFO: Server: Apache/2.4.43 (Fedora) OpenSSL/1.1.1g
mod_wsgi/4.6.6 Python/3.7 mod_auth_gssapi/1.6.1\nINFO: Content-Length:
196\nINFO: Keep-Alive: timeout=30, max=100\nINFO: Connection:
Keep-Alive\nINFO: Content-Type: text/html;
charset=iso-8859-1\nWARNING: Unable to get server info: Not Found\nINFO:
Getting configuration properties\nINFO: HTTP request: POST
/kra/admin/kra/getConfigEntries HTTP/1.1\nINFO: Content-Type:
application/x-www-form-urlencoded\nINFO: Content-Length: 269\nINFO:
Host: ipa2.example.com:443\nINFO: Connection: Keep-Alive\nINFO:
User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_272)\nINFO: HTTP
response: HTTP/1.1 200 200\nINFO: Date: Sun, 29 Nov 2020 07:38:36
GMT\nINFO: Server: Apache/2.4.43 (Fedora) OpenSSL/1.1.1g
mod_wsgi/4.6.6 Python/3.7 mod_auth_gssapi/1.6.1\nINFO: Content-Type:
application/xml\nINFO: Content-Length: 10909\nINFO: Keep-Alive:
timeout=30, max=99\nINFO: Connection: Keep-Alive\nFINE: Status:
0\nINFO: Properties:\nINFO: - internaldb._000\nINFO: -
internaldb._001\nINFO: - internaldb._002\nINFO: -
internaldb.basedn\nINFO: - internaldb.database\nINFO: -
internaldb.maxConns\nINFO: - internaldb.minConns\nINFO: -
internaldb.ldapauth.authtype\nINFO: - internaldb.ldapauth.bindDN\nINFO:
- internaldb.ldapauth.bindPWPrompt\nINFO: -
internaldb.ldapauth.clientCertNickname\nINFO: -
internaldb.ldapconn.host\nINFO: - internaldb.ldapconn.port\nINFO: -
internaldb.ldapconn.secureConn\nINFO: - kra.transport.cert\nINFO: -
kra.transport.certreq\nINFO: - kra.transport.nickname\nINFO: -
kra.transport.tokenname\nINFO: - kra.storage.cert\nINFO: -
kra.storage.certreq\nINFO: - kra.storage.nickname\nINFO: -
kra.storage.tokenname\nINFO: - kra.subsystem.cert\nINFO: -
kra.subsystem.certreq\nINFO: - kra.subsystem.dn\nINFO: -
kra.subsystem.nickname\nINFO: - kra.subsystem.tokenname\nINFO: -
kra.audit_signing.cert\nINFO: - kra.audit_signing.certreq\nINFO: -
kra.audit_signing.nickname\nINFO: - kra.audit_signing.tokenname\nINFO: -
internaldb.replication.password\nINFO: - cloning.ca.type\nINFO: Storing
subsystem config: /var/lib/pki/pki-tomcat/kra/conf/CS.cfg\nINFO: Storing
registry config: /var/lib/pki/pki-tomcat/kra/conf/registry.cfg\nINFO:
Restarting server\nDEBUG: Command: systemctl restart
pki-tomcatd(a)pki-tomcat.service\nINFO: FIPS mode is not enabled\nINFO:
Subsystem status: running\nINFO: Configuring KRA subsystem\nINFO:
Setting up clone\nINFO: Creating clone setup
request\n/usr/lib/python3.6/site-packages/urllib3/connection.py:362:
SubjectAltNameWarning: Certificate for
ipa.example.com has no
`subjectAltName`, falling back to check for a `commonName` for now. This
feature is being removed by major browsers and deprecated by RFC 2818.
(See
https://github.com/shazow/urllib3/issues/497 for details.)\n
SubjectAltNameWarning\nINFO: Setting up database\nINFO: Creating
database setup request\nINFO: Getting sslserver cert info from
CS.cfg\nINFO: Getting sslserver cert info from NSS database\nDEBUG:
Command: certutil -L -d /etc/pki/pki-tomcat/alias -f
/tmp/tmpl_0lpu4u/password.txt -n Server-Cert cert-pki-ca -a\nDEBUG:
Command: certutil -L -d /etc/pki/pki-tomcat/alias -f
/tmp/tmpef27un35/password.txt\nINFO: Setting up transport
certificate\nINFO: transport certificate is already set up\nINFO:
Setting up storage certificate\nINFO: storage certificate is already set
up\nINFO: Setting up sslserver certificate\nINFO: sslserver certificate
is already set up\nINFO: Setting up subsystem certificate\nINFO:
subsystem certificate is already set up\nINFO: Setting up audit_signing
certificate\nINFO: audit_signing certificate is already set up\nINFO:
Backing up keys into
/etc/pki/pki-tomcat/alias/kra_backup_keys.p12\nDEBUG: Command:
pki-server subsystem-cert-export kra -i pki-tomcat --pkcs12-file
/etc/pki/pki-tomcat/alias/kra_backup_keys.p12 --pkcs12-password-file
/tmp/tmpdeq3qnpk/password.txt\nINFO: Setting up security domain\nINFO:
Creating security domain setup request\nINFO: Finalizing KRA
configuration\nINFO: Creating finalize config request\n')
See the installation logs and the following files/directories for more
information:
/var/log/pki/pki-tomcat
[error] RuntimeError: KRA configuration failed.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
KRA configuration failed.
The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
[root@ipa]~#