[Pki-users] update-crypto-policies to FUTURE breaks install.

Thursday, 29 May 2025

On a fresh install of Alma Linux 9.6 I ran update-crypto-policies --set FUTURE then
rebooted my system.

I then attempted to install FreeIPA Server which failed due with the following message:
2025-05-29T12:26:11Z DEBUG The ipa-server-install command failed, exception: RuntimeError:
CA configuration failed.
2025-05-29T12:26:11Z ERROR CA configuration failed.
2025-05-29T12:26:11Z ERROR The ipa-server-install command failed. See
/var/log/ipaserver-install.log for more information

I looked further back in the logs to find:
INFO: Creating new temp SSL server cert for ipa1.man-gb.eajglobal.net
DEBUG: Command: pki -d /var/lib/pki/pki-tomcat/conf/alias -f
/var/lib/pki/pki-tomcat/conf/password.conf nss-cert-request --subject
cn=ipa1.man-gb.eajglobal.net,o=2025-05-29 13:25:36 --csr /tmp/tmpdvz_k8lc/sslserver.csr
--key-type RSA --key-size 2048 --hash SHA256 --debug
FINE: Initializing NSS
FINE: Logging into internal token
FINE: Using internal token
FINE: NSSDatabase: Creating RSA key
FINE: NSSDatabase: - size: 2048
FINE: CryptoUtil: Generating KRA key pair
FINE: CryptoUtil: - temporary: null
FINE: CryptoUtil: - sensitive: null
FINE: CryptoUtil: - extractable: null
FINE: CryptoUtil: generateRSAKeyPair with key usage 
FINE: CryptoUtil: generateRSAKeyPair with key usage mask 
FINE: CryptoUtil: - key size: 2048
WARNING: Ignored jss.crypto.Policy violation: unsafe RSA key size of 2048.
Policy.RSA_MINIMUM_KEY_SIZE dictates a minimum of 4096
FINE: NSSDatabase: Creating PKCS #10 request
FINE: NSSDatabase: - subjecct: cn=ipa1.man-gb.eajglobal.net,o=2025-05-29 13:25:36
FINE: NSSDatabase: - algorithm: SHA256withRSA
FINE: CryptoUtil: Creating PKCS #10 request
FINE: CryptoUtil: - algorithm: SHA256withRSA
java.security.InvalidKeyException: Token exception occurred: Unable to create signing
context: (-8011) Unknown error
	at
org.mozilla.jss.provider.java.security.JSSSignatureSpi.engineInitSign(JSSSignatureSpi.java:60)
	at java.base/java.security.Signature$Delegate.engineInitSign(Signature.java:1370)
	at java.base/java.security.Signature.initSign(Signature.java:635)
	at com.netscape.cmsutil.crypto.CryptoUtil.createPKCS10Request(CryptoUtil.java:1124)
	at org.dogtagpki.nss.NSSDatabase.createPKCS10Request(NSSDatabase.java:1109)
	at com.netscape.cmstools.nss.NSSCertRequestCLI.execute(NSSCertRequestCLI.java:152)
	at org.dogtagpki.cli.CommandCLI.execute(CommandCLI.java:58)
	at org.dogtagpki.cli.CLI.execute(CLI.java:353)
	at org.dogtagpki.cli.CLI.execute(CLI.java:353)
	at org.dogtagpki.cli.CLI.execute(CLI.java:353)
	at com.netscape.cmstools.cli.MainCLI.execute(MainCLI.java:680)
	at com.netscape.cmstools.cli.MainCLI.main(MainCLI.java:719)
Caused by: org.mozilla.jss.crypto.TokenException: Unable to create signing context:
(-8011) Unknown error
	at org.mozilla.jss.pkcs11.PK11Signature.initSigContext(Native Method)
	at org.mozilla.jss.pkcs11.PK11Signature.engineInitSign(PK11Signature.java:133)
	at org.mozilla.jss.crypto.Signature.initSign(Signature.java:56)
	at
org.mozilla.jss.provider.java.security.JSSSignatureSpi.engineInitSign(JSSSignatureSpi.java:56)
	... 11 more
ERROR: CalledProcessError: Command '['runuser', '-u',
'pkiuser', '--', 'pki', '-d',
'/var/lib/pki/pki-tomcat/conf/alias', '-f',
'/var/lib/pki/pki-tomcat/conf/password.conf', 'nss-cert-request',
'--subject', 'cn=ipa1.man-gb.eajglobal.net,o=2025-05-29 13:25:36',
'--csr', '/tmp/tmpdvz_k8lc/sslserver.csr', '--key-type',
'RSA', '--key-size', '2048', '--hash', 'SHA256',
'--debug']' returned non-zero exit status 255.
  File "/usr/lib/python3.9/site-packages/pki/server/pkispawn.py", line 594, in
main
    deployer.spawn()
  File "/usr/lib/python3.9/site-packages/pki/server/deployment/__init__.py",
line 5986, in spawn
    scriptlet.spawn(self)
  File
"/usr/lib/python3.9/site-packages/pki/server/deployment/scriptlets/configuration.py",
line 114, in spawn
    deployer.create_temp_sslserver_cert()
  File "/usr/lib/python3.9/site-packages/pki/server/deployment/__init__.py",
line 3403, in create_temp_sslserver_cert
    nssdb.create_request(
  File "/usr/lib/python3.9/site-packages/pki/nssdb.py", line 1009, in
create_request
    self.__create_request(
  File "/usr/lib/python3.9/site-packages/pki/nssdb.py", line 1608, in
__create_request
    self.run(cmd, check=True, runas=True)
  File "/usr/lib/python3.9/site-packages/pki/nssdb.py", line 332, in run
    result = subprocess.run(
  File "/usr/lib64/python3.9/subprocess.py", line 528, in run
    raise CalledProcessError(retcode, process.args,

2025-05-29T12:26:11Z CRITICAL Failed to configure CA instance
2025-05-29T12:26:11Z CRITICAL See the installation logs and the following
files/directories for more information:
2025-05-29T12:26:11Z CRITICAL   /var/log/pki/pki-tomcat

The only log file in /var/log/pki or it's sub directories that had any logs was
pki-ca-spawn, the logs are as follows:
2025-05-29 13:25:36 INFO: Connecting to LDAP server at
ldap://ipa1.man-gb.eajglobal.net:389
2025-05-29 13:25:36 INFO: Connecting to LDAP server at
ldap://ipa1.man-gb.eajglobal.net:389
2025-05-29 13:25:36 INFO: BEGIN spawning CA subsystem in pki-tomcat instance
2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat
2025-05-29 13:25:36 INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf
2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf
2025-05-29 13:25:36 INFO: Loading external certs from
/var/lib/pki/pki-tomcat/conf/external_certs.conf
2025-05-29 13:25:36 INFO: File does not exist:
/var/lib/pki/pki-tomcat/conf/external_certs.conf
2025-05-29 13:25:36 INFO: Reusing pkiuser group (GID: 17)
2025-05-29 13:25:36 INFO: Reusing pkiuser user (UID: 17)
2025-05-29 13:25:36 DEBUG: Retrieving UID for 'pkiuser'
2025-05-29 13:25:36 DEBUG: UID of 'pkiuser' is 17
2025-05-29 13:25:36 DEBUG: Retrieving GID for 'pkiuser'
2025-05-29 13:25:36 DEBUG: GID of 'pkiuser' is 17
2025-05-29 13:25:36 INFO: Initialization
2025-05-29 13:25:36 INFO: Setting up infrastructure
2025-05-29 13:25:36 INFO: Preparing pki-tomcat instance
2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat
2025-05-29 13:25:36 INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf
2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf
2025-05-29 13:25:36 INFO: Loading external certs from
/var/lib/pki/pki-tomcat/conf/external_certs.conf
2025-05-29 13:25:36 INFO: File does not exist:
/var/lib/pki/pki-tomcat/conf/external_certs.conf
2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat
2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat
2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/bin to /usr/share/tomcat/bin
2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/tomcat/bin
/var/lib/pki/pki-tomcat/bin
2025-05-29 13:25:36 INFO: Creating /etc/pki/pki-tomcat
2025-05-29 13:25:36 DEBUG: Command: mkdir /etc/pki/pki-tomcat
2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf to /etc/pki/pki-tomcat
2025-05-29 13:25:36 DEBUG: Command: ln -s /etc/pki/pki-tomcat
/var/lib/pki/pki-tomcat/conf
2025-05-29 13:25:36 INFO: Creating /var/log/pki/pki-tomcat
2025-05-29 13:25:36 DEBUG: Command: mkdir /var/log/pki/pki-tomcat
2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/logs to /var/log/pki/pki-tomcat
2025-05-29 13:25:36 DEBUG: Command: ln -s /var/log/pki/pki-tomcat
/var/lib/pki/pki-tomcat/logs
2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/lib to
/usr/share/pki/server/lib
2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/pki/server/lib
/var/lib/pki/pki-tomcat/lib
2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/common
2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/common
2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/common/lib to
/usr/share/pki/server/common/lib
2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/pki/server/common/lib
/var/lib/pki/pki-tomcat/common/lib
2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/temp
2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/temp
2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/work
2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/work
2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/certs
2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/certs
2025-05-29 13:25:36 INFO: Copying /etc/tomcat/server.xml to
/var/lib/pki/pki-tomcat/conf/server.xml
2025-05-29 13:25:36 DEBUG: Command: cp /etc/tomcat/server.xml
/var/lib/pki/pki-tomcat/conf/server.xml
2025-05-29 13:25:36 INFO: Removing LockOutRealm
2025-05-29 13:25:36 INFO: Removing UserDatabase
2025-05-29 13:25:36 INFO: Updating AccessLogValve
2025-05-29 13:25:36 INFO: Configuring Tomcat admin port
2025-05-29 13:25:36 INFO: Removing AprLifecycleListener
2025-05-29 13:25:36 INFO: Adding PKIListener
2025-05-29 13:25:36 INFO: Configuring HTTP connector
2025-05-29 13:25:36 INFO: Adding HTTPS connector
2025-05-29 13:25:36 INFO: Adding SSL host configuration
2025-05-29 13:25:36 INFO: Adding SSL certificate configuration
2025-05-29 13:25:36 INFO: Adding RewriteValve
2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/Catalina
2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/Catalina
2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/Catalina/localhost
2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/Catalina/localhost
2025-05-29 13:25:36 INFO: Linking
/var/lib/pki/pki-tomcat/conf/Catalina/localhost/rewrite.config to
/usr/share/pki/server/conf/Catalina/localhost/rewrite.config
2025-05-29 13:25:36 DEBUG: Command: ln -s
/usr/share/pki/server/conf/Catalina/localhost/rewrite.config
/var/lib/pki/pki-tomcat/conf/Catalina/localhost/rewrite.config
2025-05-29 13:25:36 INFO: Adding AJP connector for IPv4
2025-05-29 13:25:36 INFO: Adding AJP connector for IPv6
2025-05-29 13:25:36 INFO: Updating AccessLogValve
2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf/catalina.properties to
/usr/share/pki/server/conf/catalina.properties
2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/pki/server/conf/catalina.properties
/var/lib/pki/pki-tomcat/conf/catalina.properties
2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf/context.xml to
/etc/tomcat/context.xml
2025-05-29 13:25:36 DEBUG: Command: ln -s /etc/tomcat/context.xml
/var/lib/pki/pki-tomcat/conf/context.xml
2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf/logging.properties to
/usr/share/pki/server/conf/logging.properties
2025-05-29 13:25:36 DEBUG: Command: ln -s /usr/share/pki/server/conf/logging.properties
/var/lib/pki/pki-tomcat/conf/logging.properties
2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/conf/web.xml to
/etc/tomcat/web.xml
2025-05-29 13:25:36 DEBUG: Command: ln -s /etc/tomcat/web.xml
/var/lib/pki/pki-tomcat/conf/web.xml
2025-05-29 13:25:36 INFO: Using specified server NSS database password
2025-05-29 13:25:36 INFO: Using specified internal database password
2025-05-29 13:25:36 INFO: Generating random replication manager password
2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/password.conf
2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/alias
2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/alias
2025-05-29 13:25:36 INFO: Creating NSS database: /var/lib/pki/pki-tomcat/conf/alias
2025-05-29 13:25:36 DEBUG: Command: certutil -N -d /var/lib/pki/pki-tomcat/conf/alias -f
/tmp/tmp2c_5a4u2/internal_password.txt
2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/alias to
/var/lib/pki/pki-tomcat/conf/alias
2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/conf/alias
/var/lib/pki/pki-tomcat/alias
2025-05-29 13:25:36 INFO: Creating /etc/sysconfig/pki-tomcat
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf
/etc/sysconfig/pki-tomcat
2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/tomcat.conf
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf
/var/lib/pki/pki-tomcat/conf/tomcat.conf
2025-05-29 13:25:36 INFO: Deploying ROOT web application
2025-05-29 13:25:36 INFO: Creating
/var/lib/pki/pki-tomcat/conf/Catalina/localhost/ROOT.xml
2025-05-29 13:25:36 INFO: Deploying pki web application
2025-05-29 13:25:36 INFO: Creating
/var/lib/pki/pki-tomcat/conf/Catalina/localhost/pki.xml
2025-05-29 13:25:36 INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat
2025-05-29 13:25:36 DEBUG: Command: mkdir /etc/sysconfig/pki/tomcat/pki-tomcat
2025-05-29 13:25:36 INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/setup/pkidaemon_registry
/etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat
2025-05-29 13:25:36 INFO: Creating /etc/systemd/system/pki-tomcatd(a)pki-tomcat.service.d
2025-05-29 13:25:36 DEBUG: Command: mkdir
/etc/systemd/system/pki-tomcatd(a)pki-tomcat.service.d
2025-05-29 13:25:36 DEBUG: Command: systemctl daemon-reload
2025-05-29 13:25:36 INFO: Linking
/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd(a)pki-tomcat.service to
/lib/systemd/system/pki-tomcatd@.service
2025-05-29 13:25:36 DEBUG: Command: ln -s /lib/systemd/system/pki-tomcatd@.service
/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd(a)pki-tomcat.service
2025-05-29 13:25:36 INFO: Creating CA subsystem
2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/ca
2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca
2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/registry to
/etc/sysconfig/pki/tomcat/pki-tomcat
2025-05-29 13:25:36 DEBUG: Command: ln -s /etc/sysconfig/pki/tomcat/pki-tomcat
/var/lib/pki/pki-tomcat/ca/registry
2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/ca
2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/ca
2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/conf to
/var/lib/pki/pki-tomcat/conf/ca
2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/conf/ca
/var/lib/pki/pki-tomcat/ca/conf
2025-05-29 13:25:36 INFO: Storing subsystem config:
/var/lib/pki/pki-tomcat/conf/ca/CS.cfg
2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/registry.cfg to
/var/lib/pki/pki-tomcat/conf/ca/registry.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/registry.cfg
/var/lib/pki/pki-tomcat/conf/ca/registry.cfg
2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/logs/ca
2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/logs/ca
2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/logs to
/var/lib/pki/pki-tomcat/logs/ca
2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/logs/ca
/var/lib/pki/pki-tomcat/ca/logs
2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/logs/ca/archive
2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/logs/ca/archive
2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/logs/ca/signedAudit
2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/logs/ca/signedAudit
2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/alias to
/var/lib/pki/pki-tomcat/alias
2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/alias
/var/lib/pki/pki-tomcat/ca/alias
2025-05-29 13:25:36 INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca
2025-05-29 13:25:36 DEBUG: Command: mkdir /etc/sysconfig/pki/tomcat/pki-tomcat/ca
2025-05-29 13:25:36 INFO: Copying /usr/share/pki/server/etc/default.cfg to
/etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/server/etc/default.cfg
/etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg
2025-05-29 13:25:36 INFO: Creating /tmp/tmpmh3m7z49/CS.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/CS.cfg
/tmp/tmpmh3m7z49/CS.cfg
2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/emails to
/var/lib/pki/pki-tomcat/conf/ca/emails
2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/ca/emails
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJob
/var/lib/pki/pki-tomcat/conf/ca/emails/ExpiredUnpublishJob
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJobItem
/var/lib/pki/pki-tomcat/conf/ca/emails/ExpiredUnpublishJobItem
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA
/var/lib/pki/pki-tomcat/conf/ca/emails/certIssued_CA
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA.html
/var/lib/pki/pki-tomcat/conf/ca/emails/certIssued_CA.html
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA
/var/lib/pki/pki-tomcat/conf/ca/emails/certIssued_RA
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA.html
/var/lib/pki/pki-tomcat/conf/ca/emails/certIssued_RA.html
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certRequestRejected.html
/var/lib/pki/pki-tomcat/conf/ca/emails/certRequestRejected.html
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA
/var/lib/pki/pki-tomcat/conf/ca/emails/certRevoked_CA
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA.html
/var/lib/pki/pki-tomcat/conf/ca/emails/certRevoked_CA.html
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA
/var/lib/pki/pki-tomcat/conf/ca/emails/certRevoked_RA
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA.html
/var/lib/pki/pki-tomcat/conf/ca/emails/certRevoked_RA.html
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/euJob1.html
/var/lib/pki/pki-tomcat/conf/ca/emails/euJob1.html
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/euJob1Item.html
/var/lib/pki/pki-tomcat/conf/ca/emails/euJob1Item.html
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/publishCerts.html
/var/lib/pki/pki-tomcat/conf/ca/emails/publishCerts.html
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/publishCertsItem.html
/var/lib/pki/pki-tomcat/conf/ca/emails/publishCertsItem.html
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA
/var/lib/pki/pki-tomcat/conf/ca/emails/reqInQueue_CA
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA.html
/var/lib/pki/pki-tomcat/conf/ca/emails/reqInQueue_CA.html
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA
/var/lib/pki/pki-tomcat/conf/ca/emails/reqInQueue_RA
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA.html
/var/lib/pki/pki-tomcat/conf/ca/emails/reqInQueue_RA.html
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/riq1Item.html
/var/lib/pki/pki-tomcat/conf/ca/emails/riq1Item.html
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/riq1Summary.html
/var/lib/pki/pki-tomcat/conf/ca/emails/riq1Summary.html
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1.txt
/var/lib/pki/pki-tomcat/conf/ca/emails/rnJob1.txt
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Item.txt
/var/lib/pki/pki-tomcat/conf/ca/emails/rnJob1Item.txt
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Summary.txt
/var/lib/pki/pki-tomcat/conf/ca/emails/rnJob1Summary.txt
2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/emails to
/var/lib/pki/pki-tomcat/conf/ca/emails
2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/conf/ca/emails
/var/lib/pki/pki-tomcat/ca/emails
2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/profiles to
/var/lib/pki/pki-tomcat/conf/ca/profiles
2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/ca/profiles
2025-05-29 13:25:36 DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/conf/ca/profiles/ca
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/DomainController.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/DomainController.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/ECAdminCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/ECAdminCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/acmeServerCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/acmeServerCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAdminCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caAdminCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caAgentFileSigning.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caAgentFileSigning.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentServerCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caAgentServerCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caAuditSigningCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caAuditSigningCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCACert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCACert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECUserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCECUserCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECserverCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCECserverCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caCMCECserverCertWithCRLDP.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCECserverCertWithCRLDP.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caCMCECsubsystemCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCECsubsystemCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCUserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCUserCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caCMCauditSigningCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCauditSigningCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCcaCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caCMCcaIssuanceProtectionCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCcaIssuanceProtectionCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caCMCkraStorageCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCkraStorageCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caCMCkraTransportCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCkraTransportCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCocspCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCocspCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCserverCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCserverCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caCMCserverCertWithCRLDP.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCserverCertWithCRLDP.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caCMCsubsystemCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCMCsubsystemCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caCrossSignedCACert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caCrossSignedCACert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caDirBasedDualCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDirBasedDualCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirPinUserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDirPinUserCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDirUserCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserRenewal.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDirUserRenewal.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDualCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualRAuserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caDualRAuserCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAdminCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECAdminCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caECAgentServerCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECAgentServerCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caECDirPinUserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECDirPinUserCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirUserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECDirUserCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDualCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECDualCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caECFullCMCUserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECFullCMCUserCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caECFullCMCUserSignedCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECFullCMCUserSignedCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caECInternalAuthServerCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECInternalAuthServerCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECServerCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caECServerCertWithCRLDP.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECServerCertWithCRLDP.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caECServerCertWithSCT.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECServerCertWithSCT.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caECSimpleCMCUserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECSimpleCMCUserCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSubsystemCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECSubsystemCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECUserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caECUserCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncECUserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caEncECUserCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncUserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caEncUserCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caFullCMCSharedTokenCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caFullCMCSharedTokenCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caFullCMCUserCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caFullCMCUserSignedCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caFullCMCUserSignedCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caIPAserviceCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInstallCACert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInstallCACert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caInternalAuthOCSPCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthOCSPCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caInternalAuthServerCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthServerCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caInternalAuthSubsystemCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthSubsystemCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caInternalAuthTransportCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caInternalAuthTransportCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caJarSigningCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caJarSigningCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caManualRenewal.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caManualRenewal.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOCSPCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caOCSPCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOtherCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caOtherCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRACert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRACert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRARouterCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRARouterCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAagentCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRAagentCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAserverCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRAserverCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRouterCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caRouterCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caSSLClientSelfRenewal.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSSLClientSelfRenewal.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caServerCertWithCRLDP.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerCertWithCRLDP.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caServerCertWithSCT.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerCertWithSCT.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caServerKeygen_DirUserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerKeygen_DirUserCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caServerKeygen_UserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caServerKeygen_UserCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSignedLogCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSignedLogCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caSigningECUserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSigningECUserCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningUserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSigningUserCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caSimpleCMCUserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSimpleCMCUserCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caStorageCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caStorageCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSubsystemCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caSubsystemCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTPSCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTPSCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caTokenMSLoginEnrollment.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenMSLoginEnrollment.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTransportCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caTransportCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUUIDdeviceCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caUUIDdeviceCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caUserCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp
/usr/share/pki/ca/profiles/ca/caUserSMIMEcapCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caUserSMIMEcapCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/estServiceCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/estServiceCert.cfg
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/AdminCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/AdminCert.cfg
2025-05-29 13:25:36 INFO: Linking /var/lib/pki/pki-tomcat/ca/profiles to
/var/lib/pki/pki-tomcat/conf/ca/profiles
2025-05-29 13:25:36 DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/conf/ca/profiles
/var/lib/pki/pki-tomcat/ca/profiles
2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/flatfile.txt to
/var/lib/pki/pki-tomcat/conf/ca/flatfile.txt
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/flatfile.txt
/var/lib/pki/pki-tomcat/conf/ca/flatfile.txt
2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/rsaAdminCert.profile to
/var/lib/pki/pki-tomcat/conf/ca/adminCert.profile
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/rsaAdminCert.profile
/var/lib/pki/pki-tomcat/conf/ca/adminCert.profile
2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/caAuditSigningCert.profile to
/var/lib/pki/pki-tomcat/conf/ca/caAuditSigningCert.profile
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/caAuditSigningCert.profile
/var/lib/pki/pki-tomcat/conf/ca/caAuditSigningCert.profile
2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/caCert.profile to
/var/lib/pki/pki-tomcat/conf/ca/caCert.profile
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/caCert.profile
/var/lib/pki/pki-tomcat/conf/ca/caCert.profile
2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/caOCSPCert.profile to
/var/lib/pki/pki-tomcat/conf/ca/caOCSPCert.profile
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/caOCSPCert.profile
/var/lib/pki/pki-tomcat/conf/ca/caOCSPCert.profile
2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/rsaServerCert.profile to
/var/lib/pki/pki-tomcat/conf/ca/serverCert.profile
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/rsaServerCert.profile
/var/lib/pki/pki-tomcat/conf/ca/serverCert.profile
2025-05-29 13:25:36 INFO: Copying /usr/share/pki/ca/conf/rsaSubsystemCert.profile to
/var/lib/pki/pki-tomcat/conf/ca/subsystemCert.profile
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/rsaSubsystemCert.profile
/var/lib/pki/pki-tomcat/conf/ca/subsystemCert.profile
2025-05-29 13:25:36 INFO: Creating /var/lib/pki/pki-tomcat/conf/ca/proxy.conf
2025-05-29 13:25:36 DEBUG: Command: cp /usr/share/pki/ca/conf/proxy.conf
/var/lib/pki/pki-tomcat/conf/ca/proxy.conf
2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat
2025-05-29 13:25:36 INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf
2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf
2025-05-29 13:25:36 INFO: Loading instance Tomcat config:
/var/lib/pki/pki-tomcat/conf/tomcat.conf
2025-05-29 13:25:36 INFO: Loading password config:
/var/lib/pki/pki-tomcat/conf/password.conf
2025-05-29 13:25:36 INFO: Loading subsystem config:
/var/lib/pki/pki-tomcat/conf/ca/CS.cfg
2025-05-29 13:25:36 INFO: Loading subsystem registry:
/var/lib/pki/pki-tomcat/conf/ca/registry.cfg
2025-05-29 13:25:36 INFO: Loading instance registry:
/etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat
2025-05-29 13:25:36 DEBUG: - user: pkiuser
2025-05-29 13:25:36 DEBUG: - group: pkiuser
2025-05-29 13:25:36 INFO: Loading external certs from
/var/lib/pki/pki-tomcat/conf/external_certs.conf
2025-05-29 13:25:36 INFO: File does not exist:
/var/lib/pki/pki-tomcat/conf/external_certs.conf
2025-05-29 13:25:36 INFO: Enabling HTTP proxy
2025-05-29 13:25:36 INFO: Setting proxy.securePort to 443
2025-05-29 13:25:36 INFO: Setting proxy.unsecurePort to 80
2025-05-29 13:25:36 INFO: Setting subsystem.1.class to
com.netscape.cmscore.profile.LDAPProfileSubsystem
2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(signing)
2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(signing)
2025-05-29 13:25:36 INFO: Setting ca.signing.nickname to caSigningCert cert-pki-ca
2025-05-29 13:25:36 INFO: Setting ca.signing.tokenname to internal
2025-05-29 13:25:36 INFO: Setting ca.cert.signing.nickname to caSigningCert cert-pki-ca
2025-05-29 13:25:36 INFO: Setting ca.signing.defaultSigningAlgorithm to SHA256withRSA
2025-05-29 13:25:36 INFO: Setting ca.crl.MasterCRL.signingAlgorithm to SHA256withRSA
2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(ocsp_signing)
2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(ocsp_signing)
2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.nickname to ocspSigningCert cert-pki-ca
2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.tokenname to internal
2025-05-29 13:25:36 INFO: Setting ca.cert.ocsp_signing.nickname to ocspSigningCert
cert-pki-ca
2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.defaultSigningAlgorithm to
SHA256withRSA
2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(sslserver)
2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(sslserver)
2025-05-29 13:25:36 INFO: Setting ca.sslserver.nickname to Server-Cert cert-pki-ca
2025-05-29 13:25:36 INFO: Setting ca.sslserver.tokenname to internal
2025-05-29 13:25:36 INFO: Setting ca.cert.sslserver.nickname to Server-Cert cert-pki-ca
2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(subsystem)
2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(subsystem)
2025-05-29 13:25:36 INFO: Setting ca.subsystem.nickname to subsystemCert cert-pki-ca
2025-05-29 13:25:36 INFO: Setting ca.subsystem.tokenname to internal
2025-05-29 13:25:36 INFO: Setting ca.cert.subsystem.nickname to subsystemCert cert-pki-ca
2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(audit_signing)
2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(audit_signing)
2025-05-29 13:25:36 INFO: Setting ca.audit_signing.nickname to auditSigningCert
cert-pki-ca
2025-05-29 13:25:36 INFO: Setting ca.audit_signing.tokenname to internal
2025-05-29 13:25:36 INFO: Setting ca.cert.audit_signing.nickname to auditSigningCert
cert-pki-ca
2025-05-29 13:25:36 INFO: Setting ca.signing.certnickname to caSigningCert cert-pki-ca
2025-05-29 13:25:36 INFO: Setting ca.signing.cacertnickname to caSigningCert cert-pki-ca
2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.certnickname to ocspSigningCert
cert-pki-ca
2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.cacertnickname to ocspSigningCert
cert-pki-ca
2025-05-29 13:25:36 INFO: Setting log.instance.SignedAudit.signedAuditCertNickname to
auditSigningCert cert-pki-ca
2025-05-29 13:25:36 INFO: Injecting SAN: False
2025-05-29 13:25:36 INFO: SSL server cert SAN: 
2025-05-29 13:25:36 INFO: Storing subsystem config:
/var/lib/pki/pki-tomcat/conf/ca/CS.cfg
2025-05-29 13:25:36 INFO: Storing registry config:
/var/lib/pki/pki-tomcat/conf/ca/registry.cfg
2025-05-29 13:25:36 DEBUG: Command: mkdir /root/.dogtag
2025-05-29 13:25:36 DEBUG: Command: mkdir /root/.dogtag/pki-tomcat
2025-05-29 13:25:36 DEBUG: Command: mkdir /root/.dogtag/pki-tomcat/ca
2025-05-29 13:25:36 INFO: Creating password file:
/root/.dogtag/pki-tomcat/ca/password.conf
2025-05-29 13:25:36 INFO: Storing PKCS #12 password in
/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf
2025-05-29 13:25:36 DEBUG: Command: mkdir /root/.dogtag/pki-tomcat/ca/alias
2025-05-29 13:25:36 DEBUG: Command: certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f
/root/.dogtag/pki-tomcat/ca/password.conf
2025-05-29 13:25:36 INFO: Creating SELinux contexts
2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/restorecon -R -v /var/lib/pki/pki-tomcat
2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/restorecon -R -v /var/log/pki
2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/restorecon -R -v /var/log/pki/pki-tomcat
2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/restorecon -R -v /etc/pki/pki-tomcat
2025-05-29 13:25:36 INFO: Generating system keys
2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat
2025-05-29 13:25:36 INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf
2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf
2025-05-29 13:25:36 INFO: Loading instance Tomcat config:
/var/lib/pki/pki-tomcat/conf/tomcat.conf
2025-05-29 13:25:36 INFO: Loading password config:
/var/lib/pki/pki-tomcat/conf/password.conf
2025-05-29 13:25:36 INFO: Loading subsystem config:
/var/lib/pki/pki-tomcat/conf/ca/CS.cfg
2025-05-29 13:25:36 INFO: Loading subsystem registry:
/var/lib/pki/pki-tomcat/conf/ca/registry.cfg
2025-05-29 13:25:36 INFO: Loading instance registry:
/etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat
2025-05-29 13:25:36 DEBUG: - user: pkiuser
2025-05-29 13:25:36 DEBUG: - group: pkiuser
2025-05-29 13:25:36 INFO: Loading external certs from
/var/lib/pki/pki-tomcat/conf/external_certs.conf
2025-05-29 13:25:36 INFO: File does not exist:
/var/lib/pki/pki-tomcat/conf/external_certs.conf
2025-05-29 13:25:36 INFO: Fapolicy folder not found. Rule configuration skipped
2025-05-29 13:25:36 INFO: Configuring subsystem
2025-05-29 13:25:36 INFO: Loading instance: pki-tomcat
2025-05-29 13:25:36 INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf
2025-05-29 13:25:36 INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf
2025-05-29 13:25:36 INFO: Loading instance Tomcat config:
/var/lib/pki/pki-tomcat/conf/tomcat.conf
2025-05-29 13:25:36 INFO: Loading password config:
/var/lib/pki/pki-tomcat/conf/password.conf
2025-05-29 13:25:36 INFO: Loading subsystem config:
/var/lib/pki/pki-tomcat/conf/ca/CS.cfg
2025-05-29 13:25:36 INFO: Loading subsystem registry:
/var/lib/pki/pki-tomcat/conf/ca/registry.cfg
2025-05-29 13:25:36 INFO: Loading instance registry:
/etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat
2025-05-29 13:25:36 DEBUG: - user: pkiuser
2025-05-29 13:25:36 DEBUG: - group: pkiuser
2025-05-29 13:25:36 INFO: Loading external certs from
/var/lib/pki/pki-tomcat/conf/external_certs.conf
2025-05-29 13:25:36 INFO: File does not exist:
/var/lib/pki/pki-tomcat/conf/external_certs.conf
2025-05-29 13:25:36 INFO: Setting internaldb.ldapconn.secureConn to false
2025-05-29 13:25:36 INFO: Setting internaldb.ldapconn.host to ipa1.man-gb.eajglobal.net
2025-05-29 13:25:36 INFO: Setting internaldb.ldapconn.port to 389
2025-05-29 13:25:36 INFO: Setting internaldb.ldapauth.bindDN to cn=Directory Manager
2025-05-29 13:25:36 INFO: Setting internaldb.basedn to o=ipaca
2025-05-29 13:25:36 INFO: Setting internaldb.database to ipaca
2025-05-29 13:25:36 INFO: Setting dbs.request.id.generator to legacy
2025-05-29 13:25:36 INFO: Setting dbs.beginRequestNumber to 1
2025-05-29 13:25:36 INFO: Setting dbs.endRequestNumber to 10000000
2025-05-29 13:25:36 INFO: Setting dbs.requestIncrement to 10000000
2025-05-29 13:25:36 INFO: Setting dbs.requestLowWaterMark to 2000000
2025-05-29 13:25:36 INFO: Setting dbs.requestCloneTransferNumber to 10000
2025-05-29 13:25:36 INFO: Setting dbs.beginRequestNumber to 1
2025-05-29 13:25:36 INFO: Setting dbs.endRequestNumber to 10000000
2025-05-29 13:25:36 INFO: Setting dbs.requestRangeDN to ou=requests,ou=ranges
2025-05-29 13:25:36 INFO: Setting dbs.cert.id.generator to legacy
2025-05-29 13:25:36 INFO: Setting dbs.beginSerialNumber to 1
2025-05-29 13:25:36 INFO: Setting dbs.endSerialNumber to 10000000
2025-05-29 13:25:36 INFO: Setting dbs.serialIncrement to 10000000
2025-05-29 13:25:36 INFO: Setting dbs.serialLowWaterMark to 2000000
2025-05-29 13:25:36 INFO: Setting dbs.serialCloneTransferNumber to 10000
2025-05-29 13:25:36 INFO: Setting dbs.randomSerialNumberCounter to 0
2025-05-29 13:25:36 INFO: Setting dbs.beginSerialNumber to 1
2025-05-29 13:25:36 INFO: Setting dbs.endSerialNumber to 10000000
2025-05-29 13:25:36 INFO: Setting dbs.serialRangeDN to ou=certificateRepository,ou=ranges
2025-05-29 13:25:36 INFO: Setting dbs.beginReplicaNumber to 1
2025-05-29 13:25:36 INFO: Setting dbs.endReplicaNumber to 100
2025-05-29 13:25:36 INFO: Setting ca.defaultOcspUri to http://ipa-ca.eajglobal.uk/ca/ocsp
2025-05-29 13:25:36 INFO: Storing subsystem config:
/var/lib/pki/pki-tomcat/conf/ca/CS.cfg
2025-05-29 13:25:36 INFO: Storing registry config:
/var/lib/pki/pki-tomcat/conf/ca/registry.cfg
2025-05-29 13:25:36 DEBUG: PKIDeployer.import_system_certs()
2025-05-29 13:25:36 DEBUG: import_system_cert
2025-05-29 13:25:36 DEBUG: import_system_cert
2025-05-29 13:25:36 DEBUG: import_system_cert
2025-05-29 13:25:36 DEBUG: import_system_cert
2025-05-29 13:25:36 DEBUG: import_system_cert
2025-05-29 13:25:36 INFO: Checking existing cert chain: caSigningCert External CA
2025-05-29 13:25:36 DEBUG: NSSDatabase.get_cert(caSigningCert External CA) begins
2025-05-29 13:25:36 DEBUG: Command: certutil -L -d /var/lib/pki/pki-tomcat/conf/alias -f
/tmp/tmpvynqogd4/password.txt -n caSigningCert External CA -a
2025-05-29 13:25:36 DEBUG: stdout: -1
2025-05-29 13:25:36 DEBUG: NSSDatabase: stderr:
certutil: Could not find cert: caSigningCert External CA
: PR_FILE_NOT_FOUND_ERROR: File not found

2025-05-29 13:25:36 DEBUG: Cert not found: caSigningCert External CA
2025-05-29 13:25:36 INFO: Updating system certs
2025-05-29 13:25:36 INFO: Setting ca.signing.cacertnickname to caSigningCert cert-pki-ca
2025-05-29 13:25:36 INFO: Setting ca.signing.defaultSigningAlgorithm to SHA256withRSA
2025-05-29 13:25:36 INFO: Setting ca.ocsp_signing.defaultSigningAlgorithm to
SHA256withRSA
2025-05-29 13:25:36 INFO: Setting ca.audit_signing.defaultSigningAlgorithm to
SHA256withRSA
2025-05-29 13:25:36 INFO: Storing subsystem config:
/var/lib/pki/pki-tomcat/conf/ca/CS.cfg
2025-05-29 13:25:36 INFO: Storing registry config:
/var/lib/pki/pki-tomcat/conf/ca/registry.cfg
2025-05-29 13:25:36 DEBUG: PKISubsystem.get_subsystem_cert(sslserver)
2025-05-29 13:25:36 DEBUG: PKISubsystem.get_cert_info(sslserver)
2025-05-29 13:25:36 DEBUG: PKISubsystem.get_nssdb_cert_info(sslserver)
2025-05-29 13:25:36 DEBUG: NSSDatabase.get_cert_info(Server-Cert cert-pki-ca) begins
2025-05-29 13:25:36 DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) begins
2025-05-29 13:25:36 DEBUG: Command: certutil -L -d /var/lib/pki/pki-tomcat/conf/alias -f
/tmp/tmpngg9k4eu/password.txt -n Server-Cert cert-pki-ca -a
2025-05-29 13:25:36 DEBUG: stdout: -1
2025-05-29 13:25:36 DEBUG: NSSDatabase: stderr:
certutil: Could not find cert: Server-Cert cert-pki-ca
: PR_FILE_NOT_FOUND_ERROR: File not found

2025-05-29 13:25:36 DEBUG: Cert not found: Server-Cert cert-pki-ca
2025-05-29 13:25:36 INFO: Updating /var/lib/pki/pki-tomcat/conf/serverCertNick.conf
2025-05-29 13:25:36 INFO: Updating serverCertNickFile in server.xml
2025-05-29 13:25:36 INFO: Creating new security domain
2025-05-29 13:25:36 INFO: Setting securitydomain.host to ipa1.man-gb.eajglobal.net
2025-05-29 13:25:36 INFO: Setting securitydomain.httpport to 8080
2025-05-29 13:25:36 INFO: Setting securitydomain.httpsadminport to 8443
2025-05-29 13:25:36 INFO: Storing subsystem config:
/var/lib/pki/pki-tomcat/conf/ca/CS.cfg
2025-05-29 13:25:36 INFO: Storing registry config:
/var/lib/pki/pki-tomcat/conf/ca/registry.cfg
2025-05-29 13:25:36 INFO: Removing existing database
2025-05-29 13:25:36 DEBUG: Command: /usr/sbin/runuser -u pkiuser --
/usr/lib/jvm/jre-17-openjdk/bin/java -classpath
/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*
-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory
-Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat
-Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false
org.dogtagpki.server.cli.PKIServerCLI ca-db-remove --force --debug
2025-05-29 13:25:38 INFO: Creating database
2025-05-29 13:25:38 DEBUG: Command: /usr/sbin/runuser -u pkiuser --
/usr/lib/jvm/jre-17-openjdk/bin/java -classpath
/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*
-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory
-Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat
-Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false
org.dogtagpki.server.cli.PKIServerCLI ca-db-create --debug
2025-05-29 13:25:40 INFO: Initializing database
2025-05-29 13:25:40 DEBUG: Command: /usr/sbin/runuser -u pkiuser --
/usr/lib/jvm/jre-17-openjdk/bin/java -classpath
/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*
-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory
-Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat
-Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false
org.dogtagpki.server.cli.PKIServerCLI ca-db-init --debug
2025-05-29 13:26:00 DEBUG: Command: /usr/sbin/runuser -u pkiuser --
/usr/lib/jvm/jre-17-openjdk/bin/java -classpath
/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*
-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory
-Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat
-Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false
org.dogtagpki.server.cli.PKIServerCLI ca-db-access-grant --debug
uid=pkidbuser,ou=people,o=ipaca
2025-05-29 13:26:01 DEBUG: Command: /usr/sbin/runuser -u pkiuser --
/usr/lib/jvm/jre-17-openjdk/bin/java -classpath
/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*
-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory
-Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat
-Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false
org.dogtagpki.server.cli.PKIServerCLI ca-db-index-add --debug
2025-05-29 13:26:03 DEBUG: Command: /usr/sbin/runuser -u pkiuser --
/usr/lib/jvm/jre-17-openjdk/bin/java -classpath
/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*
-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory
-Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat
-Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false
org.dogtagpki.server.cli.PKIServerCLI ca-db-vlv-add --debug
2025-05-29 13:26:05 DEBUG: Command: /usr/sbin/runuser -u pkiuser --
/usr/lib/jvm/jre-17-openjdk/bin/java -classpath
/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*
-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory
-Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat
-Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false
org.dogtagpki.server.cli.PKIServerCLI ca-db-vlv-reindex --debug
2025-05-29 13:26:07 DEBUG: Command: /usr/sbin/runuser -u pkiuser --
/usr/lib/jvm/jre-17-openjdk/bin/java -classpath
/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*
-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory
-Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat
-Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false
org.dogtagpki.server.cli.PKIServerCLI ca-profile-import --input-folder
/usr/share/pki/ca/profiles/ca --debug
2025-05-29 13:26:09 INFO: Loading subsystem config:
/var/lib/pki/pki-tomcat/conf/ca/CS.cfg
2025-05-29 13:26:09 INFO: Loading subsystem registry:
/var/lib/pki/pki-tomcat/conf/ca/registry.cfg
2025-05-29 13:26:09 INFO: Request ID generator: legacy
2025-05-29 13:26:09 INFO: Enabling CA subsystem
2025-05-29 13:26:09 INFO: Deploying ca web application
2025-05-29 13:26:09 INFO: Creating /var/lib/pki/pki-tomcat/conf/Catalina/localhost/ca.xml
2025-05-29 13:26:09 INFO: Creating temporary SSL server cert
2025-05-29 13:26:09 INFO: Updating /var/lib/pki/pki-tomcat/conf/serverCertNick.conf
2025-05-29 13:26:09 INFO: Updating serverCertNickFile in server.xml
2025-05-29 13:26:09 INFO: Checking existing temp SSL server cert: temp Server-Cert
cert-pki-ca
2025-05-29 13:26:09 DEBUG: NSSDatabase.get_cert(temp Server-Cert cert-pki-ca) begins
2025-05-29 13:26:09 DEBUG: Command: certutil -L -d /var/lib/pki/pki-tomcat/conf/alias -f
/tmp/tmp9l_1_dt_/password.txt -n temp Server-Cert cert-pki-ca -a
2025-05-29 13:26:09 DEBUG: stdout: -1
2025-05-29 13:26:09 DEBUG: NSSDatabase: stderr:
certutil: Could not find cert: temp Server-Cert cert-pki-ca
: PR_FILE_NOT_FOUND_ERROR: File not found

2025-05-29 13:26:09 DEBUG: Cert not found: temp Server-Cert cert-pki-ca
2025-05-29 13:26:09 INFO: Creating new temp SSL server cert for ipa1.man-gb.eajglobal.net
2025-05-29 13:26:09 DEBUG: Command: pki -d /var/lib/pki/pki-tomcat/conf/alias -f
/var/lib/pki/pki-tomcat/conf/password.conf nss-cert-request --subject
cn=ipa1.man-gb.eajglobal.net,o=2025-05-29 13:25:36 --csr /tmp/tmpdvz_k8lc/sslserver.csr
--key-type RSA --key-size 2048 --hash SHA256 --debug

Restoring a snapshot prior to freeipa-server-install and setting update-crypto-policies
--set DEFAULT and rebooting allows the install to run without issue.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

[Pki-users] update-crypto-policies to FUTURE breaks install.